Qt
  1. Qt
  2. QTBUG-32896

OS X Frameworks can not be code signed correctly, existing instructions are incorrect

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: P1: Critical P1: Critical
    • Resolution: Done
    • Affects Version/s: 4.8.5, 5.2.0
    • Fix Version/s: None
    • Component/s: Build System
    • Environment:

      Xcode 4.6.1, OS X 10.7.5

      Description

      1. OS X Frameworks can not be code signed correctly:

      Apple's framework code signing instructions explicitly state that it is necessary to sign the versioned bundle directory, as follows:

      $admin> # This is the wrong way:
      $admin> codesign -s my-signing-identity ../FooBarBaz.framework
      $admin> # This is the right way:
      $admin> codesign -s my-signing-identity ../FooBarBaz.framework/Versions/A

      Under "Signing Frameworks" here:
      http://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-SUBSECTION9

      Notice that "the right way" involves signing the versioned directory. That this is the correct way is discussed further here:
      http://stackoverflow.com/questions/7697508/how-do-you-codesign-framework-bundles-for-the-mac-app-store

      Right now, the bug is that if you try to sign a versioned Qt framework directory (e.g. QtCore.framework/Versions/4) then you will receive the error "bundle format unrecognized, invalid, or unsuitable". This is because the /4 directory does not contain the Resources/Info.plist as described in QTBUG-32895

      It is also necessary for the Info.plist to have the correct CFBundleExecutable field. At the moment it doesn't (see QTBUG-32894).

      2. The existing instructions for code signing a Qt framework bundle are incorrect:

      The instructions given at the link below do not agree with Apple's instructions above. They suggest to sign the binary. But Apple says that the versioned bundle must be signed.

      http://blog.qt.digia.com/blog/2012/04/03/how-to-publish-qt-applications-in-the-mac-app-store-2/

      The current workaround is to restructure the frameworks to have the correct format (with Resources inside 4/ as discussed in QTBUG-32895) and to manually edit the plist to have the correct CFBundleExecutable.

        Issue Links

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

          Show
          Morten Sørvig added a comment - Qt 4.8 patch set: https://codereview.qt-project.org/95572 https://codereview.qt-project.org/95573 https://codereview.qt-project.org/95574 https://codereview.qt-project.org/95575 https://codereview.qt-project.org/95576
          Hide
          eric villa added a comment - - edited

          just tried the patch set on 5.3.1 … In the Distribution phase to App Store… getting the message ERROR ITMS-9000 The application bundle contains a tool or framework my app.app/Contents/Frameworks/QTCore.framework that is missing the bundle identifier in its info.plist file

          same message for the different qt frameworks

          NOTE: Adding manually a bundle identifier in the info.plist file makes it go through

          Show
          eric villa added a comment - - edited just tried the patch set on 5.3.1 … In the Distribution phase to App Store… getting the message ERROR ITMS-9000 The application bundle contains a tool or framework my app.app/Contents/Frameworks/QTCore.framework that is missing the bundle identifier in its info.plist file same message for the different qt frameworks NOTE: Adding manually a bundle identifier in the info.plist file makes it go through
          Hide
          Jake Petroules added a comment -

          Like I said a couple posts up, we need to set a few more Info.plist properties. Should we move the name format for CFBundleIdentifier to the mailing list?

          Show
          Jake Petroules added a comment - Like I said a couple posts up, we need to set a few more Info.plist properties. Should we move the name format for CFBundleIdentifier to the mailing list?
          Hide
          eric villa added a comment -

          i would add what you recommended… It seems they are reinforcing the checks with each version of the uploader...

          Show
          eric villa added a comment - i would add what you recommended… It seems they are reinforcing the checks with each version of the uploader...
          Hide
          Regis Duflaut added a comment -

          Hi,

          Same issue with the latest 5.5rc Qt snapshot, Xcode 6.3.2 and OSX 10.10.3
          It is not possible to sign any application, I guess this issue is quite tricky to solve.

          Show
          Regis Duflaut added a comment - Hi, Same issue with the latest 5.5rc Qt snapshot, Xcode 6.3.2 and OSX 10.10.3 It is not possible to sign any application, I guess this issue is quite tricky to solve.

            People

            • Assignee:
              Morten Sørvig
              Reporter:
              Ross Bencina
            • Votes:
              34 Vote for this issue
              Watchers:
              45 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: