Latest Apple Notarisation

Das Goravani goravanis at gmail.com
Tue Sep 28 18:01:09 UTC 2021 

Phil,

OK so you create a text file where each line is a code sign command.. and you get the paths from building a list of things inside Omnis.. 

And you change the privileges on that file as you specified

How do you get Terminal to run that file, now an executable.. 

Yeah, how do you run that file?

Sorry, probably really basic but anything outside of Omnis is not known to me. 

Das

> On Sep 28, 2021, at 1:02 PM, Phil (OmnisList) via omnisdev-en <omnisdev-en at lists.omnis-dev.com> wrote:
> 
> Hi Das,
> 
> sorry, the last con, was within Omnis...
> 
> its simply
> chmod 777 <your app>
> to change it.
> 
> Yes, just create a text file each line being a codesign command, or whatever...
> 
> regards
> Phil Potter
> Based in Chester in the UK.
> 
> On 28/09/2021 17:50, Das Goravani wrote:
>> Phil,
>> 
>> 
>> Are you saying this:
>> 
>> That you build a list of what’s in the executable using the code you provided
>> Then you add the code sign command to each line
>> And make a text file full of code sign commands with their paths
>> Then you make that text file into an executable
>> Then you run it in Terminal
>> 
>> Is that the flow of events and tasks?
>> 
>> So you are making a text file of commands where each has it’s path to a file in the executable?
>> 
>> And could you explain how this works:
>> 
>>> con('chmod 777 "',con(lcFilePath,'CodeSign.sh'),'"  ')
>> I don’t see how that makes it into an executable.. could you explain where this command goes, what it does?
>> 
>> I recognize chmod as changing privileges and 777 being what you are setting it to.. but overall I don’t get how a con() could change the text file to an application
>> 
>> Am I on the right track of understanding?
>> 
>> 
>> 
>> 
>>> On Sep 28, 2021, at 12:11 PM, Phil (OmnisList) via omnisdev-en <omnisdev-en at lists.omnis-dev.com> wrote:
>>> 
>>> Hi Das,
>>> 
>>> Its no more complicated than what you have already done, just without the deep,
>>> 
>>> So something like this for the lines of script:
>>> 
>>> xattr -rc "<Your App full pathname>.app"
>>> 
>>> For each file:
>>> codesign -o runtime --entitlements ~/Documents/Work/Standard_entitlements.plist --timestamp=http://timestamp.apple.com/ts01 --verbose --force -s "Developer ID <Your ID>"  "<each file in question>"
>>> 
>>> finally:
>>> codesign -o runtime --entitlements ~/Documents//Work/Executable_entitlements.plist --timestamp=http://timestamp.apple.com/ts01 --verbose --force -s "Developer ID <Your ID>"  "<executable file in question>"
>>> 
>>> ditto -c -k --sequesterRsrc --keepParent "<Your App full pathname>.app" "<Your App full pathname>.zip"
>>> 
>>> Most of these things you have mentioned you have done before...
>>> 
>>> So this is just a text file, with each line being a command, and a filetype of .sh
>>> so you may create a file called CodeSign.sh
>>> with the lines added above.
>>> 
>>> The only other thing you need to do is make this file executable:
>>> ie
>>> con('chmod 777 "',con(lcFilePath,'CodeSign.sh'),'"  ')
>>> 
>>> After which it will just run in terminal.
>>> 
>>> 
>>> As to Omnis code to build the full list:
>>> 
>>> So, if ilFileList  is an instance var...
>>> 
>>> ##### Method 'RefreshList' #####
>>> No.    Local Variable    Type    Subtype    Init.Val/Calc Description
>>> 1    llDirList    List
>>> No.    Method text
>>> 1
>>> 2    Do
>>> FileOps.$filelist(kFileOpsIncludeFiles+kFileOpsIncludeDirectories,icStartDir,kFileOpsInfoFullNa
>>> me+kFileOpsInfoIsDirectory) Returns llDirList
>>> 3
>>> 4    Do llDirList.$search($ref.isdirectory=kTrue,kTrue,kFalse,kTrue,kTrue)
>>> 5    Calculate ilFileList as llDirList
>>> 6    Do ilFileList.$remove(kListDeleteSelected)
>>> 7
>>> 8    Do llDirList.$remove(kListKeepSelected)
>>> 9    Do method ReEntry (llDirList)
>>> 10
>>> 11    Redraw (Refresh now) ilFileList
>>> ##### Method 'ReEntry' #####
>>> No.    Parameter    Type    Subtype    Init.Val/Calc    Description
>>> 1    plDirList    List
>>> No.    Local Variable    Type    Subtype    Init.Val/Calc Description
>>> 1    llDirList    List
>>> No.    Method text
>>> 1
>>> 2    For plDirList.$line from 1 to plDirList.$linecount step 1
>>> 3
>>> 4    Do
>>> FileOps.$filelist(kFileOpsIncludeFiles+kFileOpsIncludeDirectories,plDirList.fullname,kFileOpsInf
>>> oFullName+kFileOpsInfoIsDirectory) Returns llDirList
>>> 5
>>> 6    Do llDirList.$search($ref.isdirectory=kFalse,kTrue,kFalse,kTrue,kTrue)
>>> 7    Do ilFileList.$merge(llDirList,kTrue,kTrue)
>>> 8
>>> 9    Do llDirList.$remove(kListDeleteSelected)
>>> 10    If llDirList.$linecount>0
>>> 11    Do method ReEntry (llDirList)
>>> 12    End If
>>> 13    End For
>>> 
>>> 
>>> Hope that helps Das.
>>> 
>>> regards
>>> Phil Potter
>>> Based in Chester in the UK.
>>> 
>>> On 28/09/2021 16:06, Das Goravani wrote:
>>>> Phil, I remember you saying you do it that way..
>>>> 
>>>> Yeah, it’s true WHEN will Apple outlaw notarizing under older OS’s.. ie Catalina.. I imagine it will be awhile.. for the problem they say with deep is that “it causes problems” they mean in signing itself.. it inserts things.. but if it notarizes, then what’s the problem?  They will come up with some reason to outlaw it, most likely.
>>>> 
>>>> Could you share if not the Omnis code the concept step by step to build a list of files within Omnis?
>>>> 
>>>> Then, could you share the script that signs them.. some of us don’t know how to write scripts at all. I don’t.
>>>> 
>>>> I also don’t know how to call a script from within Omnis which we have to do using your scheme.
>>>> 
>>>> Your way is what they are recommending we do now to be on the latest OS and Xcode. Basically we are to go in and sign the code manually as you are doing.. rather than using the deep command with our signing in Terminal.
>>>> 
>>>> So what are the details of how you do this.. please share at least the script that does the signing.. I think most of us can figure out how to build a list of files inside the Omnis tree.. though I would appreciate help knowing WHAT to sign.. or as you say do overkill and sign it all
>>>> 
>>>> Script and any input on building the list.. please.. Thanks..
>>>> 
>>>> Das Goravani
>>>> 
>>>>> On Sep 28, 2021, at 5:17 AM, Phil (OmnisList) via omnisdev-en <omnisdev-en at lists.omnis-dev.com> wrote:
>>>>> 
>>>>> Hi Das,
>>>>> 
>>>>> I haven't recently tried notarizing, but I always codesigned each and every file individually, not using a deep command...
>>>>> 
>>>>> I used an omnis lib to recursively find files in the app, and then in reverse order, created a script to codesign every file with standard entitlements, and then finalised with an executable entitlement on, in your case, the 'omnis' executable.
>>>>> 
>>>>> It also finalises with using Ditto to create ad zip file which is the file uploaded for notarization.
>>>>> 
>>>>> I originally did this when I did not know what needed codesigning, and it seems to continue to work, even though its probably overkill.
>>>>> 
>>>>> This worked fine on Big Sur using xcode 12.5.1
>>>>> 
>>>>> Ok, just retried this, and yes, it notarized just fine.
>>>>> 
>>>>> regards
>>>>> Phil Potter
>>>>> Based in Chester in the UK.
>>>>> 
>>>>> On 27/09/2021 19:17, Das Goravani wrote:
>>>>>> URGENT:  One can NO LONGER NOTARIZE using the Omnis Inc. tech note on Notarization, as of BigSur and Xcode 12. The alternative being presented by Apple is exceedingly complex and requires advanced knowledge of building apps and Mac scripting. This issue needs to be immediately worked on by Omnis Inc. and a solution presented to us developers as soon as possible. Some of us have older VM’s that we can sign on but some do not have those. As of BigSur and Monterey and going forward WE ARE STUCK.
>>>>>> 
>>>>>> My post to Apple Developer Forums that got answered by an Engineer
>>>>>> 
>>>>>> https://developer.apple.com/forums/thread/687480?answerId=684248022#684248022 <https://developer.apple.com/forums/thread/687480?answerId=684248022#684248022>
>>>>>> 
>>>>>> 
>>>>>> Article on Manually Signing an App (very complex, requires knowledge of scripting, Omnis needs to do this for us)
>>>>>> 
>>>>>> https://developer.apple.com/forums/thread/130855 <https://developer.apple.com/forums/thread/130855>
>>>>>> 
>>>>>> 
>>>>>> I could NOT follow this myself. I don’t know scripting and I don’t know App structural words and concepts.
>>>>>> 
>>>>>> If I did not have a Catalina VM and Xcode 11 to sign with I would be STUCK.
>>>>>> 
>>>>>> I imagine others are STUCK.
>>>>>> 
>>>>>> This is URGENT and I think OMNIS needs to handle this again.
>>>>>> _____________________________________________________________
>>>>>> Manage your list subscriptions at http://lists.omnis-dev.com
>>>>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
>>>>> _____________________________________________________________
>>>>> Manage your list subscriptions at http://lists.omnis-dev.com
>>>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
>>>> _____________________________________________________________
>>>> Manage your list subscriptions at http://lists.omnis-dev.com
>>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
>>> _____________________________________________________________
>>> Manage your list subscriptions at http://lists.omnis-dev.com
>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
>> _____________________________________________________________
>> Manage your list subscriptions at http://lists.omnis-dev.com
>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
> 
> _____________________________________________________________
> Manage your list subscriptions at http://lists.omnis-dev.com
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com

More information about the omnisdev-en mailing list