macports-dev Digest, Vol 176, Issue 34

[filhol]

> From: Nathaniel W Griswold <nate at manicmind.earth>
> Subject: Re: codesigning and app permissions for programs that need filesystem access
> Date: 24 April 2021 at 17:49:22 CEST
> To: MacPorts Developers <macports-dev at lists.macports.org>
> I guess my intent in asking this was to ask: does macports ever ad-hoc codesign packages? Is there ever a case that is necessary? Googling didn’t yield much discussion about it.
> The reason i asked the question is because i couldn’t get the specific port i was using to work as it did before i upgraded it without a manual codesign.
> Thanks
> Nate

You wrote "i upgraded it without a manual codesign"
I am working on scientific apps that I codesign manually since I cannot build Xcode projects (e.g. no Xcode integration of Intel Fortran) .
These apps have multiple auxiliary binaries, embedded bundles and even use shared memory.

I found that codesiging is not always easy but is not to much of a problem. The next step is the notarization which is not too difficult.
Publishing to the App Store is much more challenging because of the sandbox. I succeeded for some and failed for others.
In fact Apple’s error messages often lack clarity, are often misleading or even wrong.

Stackoverflow is often helpful if you stick to Xcode, much less otherwise.
"RB App Checker Lite.app” was very helpful but it stopped working with Big Sur. Unfortunately enough, the developer won't upgrade the app due to personal problems. For those who want to manually sign applications, this is clearly a missing tool.
I recently tested “App wrapper.app” <https://ohanaware.com/appwrapper/ <https://ohanaware.com/appwrapper/>> and found it very helpful too. I have my own scripts for cleaning up bundles, codesigning, binary hardening, notarizing, sandboxing (pfffff !) which help me understand the detail of the process. However “App wrapper.app” helped me locate odd problems such as a file that had no LC_UUID.

All this requires a lot of terminal commands, parameters and whatsoever hard to memorise, thus I documented my findings in some messy pages:
https://www.ill.eu/about-the-ill/contacts/public-relations/afilhol/development <https://www.ill.eu/about-the-ill/contacts/public-relations/afilhol/development>

I wrote this just in case this may interest some other developpers.
In fact, the main difficulty is not having contact person with which you can share problems.

Alain

—————————————
Dr. Alain Filhol  (Computer scientist)
Institut Laue-Langevin
EPN Campus, CS 20156, 71 ave des Martyrs, F-38042 Grenoble cedex 9
<filhol at ill.eu>, Office: ILL19-206
Tel:+33 4.76.20.71.56, Fax: +33 4.76.20.76.48

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20210425/a8eb16dc/attachment.htm>