That Code Signing Utility.. update

Das Goravani goravanis at gmail.com
Fri Oct 1 15:19:57 UTC 2021 

Dear $all,

If you are interested in that Notarization related Code Signing Utility that I said I was making..

The update is that I’m stuck due to circumstances beyond my control.

The utility is done, but it doesn’t work ultimately, due to these facts:

It signs everything in the Omnis bundle. That is not OK. So when you go to issue the last command to sign the app itself you are given and error. 

To get rid of this error is not easy. I need from Omnis a document giving either the file paths or folder names, where only code is stored within Omnis, so we can sign ONLY code and not other things. That is the problem. If you sign other things it creates the error. 

This is true under BigSur and Xcode 12, for me.

Now Phil Potter says he can do the same thing and not get an error. But unless I can replicate that I can’t proceed.

What is happening to me is in line with what Apple says. They say you can’t sign everything, or you will get the error, and indeed I am getting it. 

Apple wants Apps to store code ONLY in certain folders within the bundle. These folders are signed with a simple signing command. But other odd folders are not. For that you need manual signing, according to Apple, and not the —deep command we have been using under Omnis’s recommendation. Apple wants you to not use the —deep command. 

So I have appealed to Omnis for a list of folders or files that can be signed. If I get that then I can finish the utility most likely.

For now, the way to sign and notarize is by using Catalina, making a virtual machine and using Xcode 11. Both Catalina and Xcode 11 can still be downloaded off the web. If you have trouble finding them let me know and I will provide links for you.

That’s the situation.

I have recommended to Omnis that they provide the document mentioned, or put a signing script generator as an add on in Omnis, where you put your signing credentials and it creates the script you need to sign with, in other words, they do what I have done. 

Thanks

Das Goravani

More information about the omnisdev-en mailing list