1. OS X Frameworks can not be code signed correctly:
Apple's framework code signing instructions explicitly state that it is necessary to sign the versioned bundle directory, as follows:
$admin> # This is the wrong way:
$admin> codesign -s my-signing-identity ../FooBarBaz.framework
$admin> # This is the right way:
$admin> codesign -s my-signing-identity ../FooBarBaz.framework/Versions/A
Under "Signing Frameworks" here:
Notice that "the right way" involves signing the versioned directory. That this is the correct way is discussed further here:
Right now, the bug is that if you try to sign a versioned Qt framework directory (e.g. QtCore.framework/Versions/4) then you will receive the error "bundle format unrecognized, invalid, or unsuitable". This is because the /4 directory does not contain the Resources/Info.plist as described in
It is also necessary for the Info.plist to have the correct CFBundleExecutable field. At the moment it doesn't (see QTBUG-32894).
2. The existing instructions for code signing a Qt framework bundle are incorrect:
The instructions given at the link below do not agree with Apple's instructions above. They suggest to sign the binary. But Apple says that the versioned bundle must be signed.
The current workaround is to restructure the frameworks to have the correct format (with Resources inside 4/ as discussed in
QTBUG-32895) and to manually edit the plist to have the correct CFBundleExecutable.