Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: OSX anyone code-sign but not sandbox? Do-able? Worth it?


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 6 - Last Post: Dec 13, 2014 12:48 PM Last Post By: Jerome Shidel
Grant Beattie

Posts: 77
Registered: 11/29/01
OSX anyone code-sign but not sandbox? Do-able? Worth it?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 4, 2014 9:54 AM
I'm sure I have bored everyone in this thread with my trials and tribulations (read: failures) of getting a substantial Firemonkey Delphi or C++ desktop application to correctly codesign and sandbox. Anyway, does anyone opt out of the App Store and distribute software themselves with code-signing? I'm wondering if that makes the download/gatekeeper experience a little better for the end-user (and I imagine it depends on the OS X version). It would be nice to at least be an "identified" developer since the app is going to be downloaded from the internet.
Michael Leahy

Posts: 239
Registered: 5/9/07
Re: OSX anyone code-sign but not sandbox? Do-able? Worth it?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 4, 2014 10:33 AM   in response to: Grant Beattie in response to: Grant Beattie
Grant Beattie wrote:
I'm sure I have bored everyone in this thread with my trials and tribulations (read: failures) of getting a substantial Firemonkey Delphi or C++ desktop application to correctly codesign and sandbox. Anyway, does anyone opt out of the App Store and distribute software themselves with code-signing? I'm wondering if that makes the download/gatekeeper experience a little better for the end-user (and I imagine it depends on the OS X version). It would be nice to at least be an "identified" developer since the app is going to be downloaded from the internet.

I may be headed in that direction. I'll be selling the same software directly for Windows.
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: OSX anyone code-sign but not sandbox? Do-able? Worth it?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 4, 2014 11:35 AM   in response to: Michael Leahy in response to: Michael Leahy
Michael Leahy wrote:
I may be headed in that direction. I'll be selling the same software directly for Windows.

That's my plan too. I thought I was done until I tried out the sandboxing (pandoraboxing) thing. I wonder if there is something out there like PackageMaker that still works with recent OS X that will allow for something other than an APP or ZIP to be provided to the end user? I guess the old PackageMaker won't target anything recent OS wise.

How far along are you? I finished the Windows Firemonkey version (actually it's C++) and added in the changes for OSX Moutain Lion and Mavericks (so far). A few things might be a little unconventional for the die hard Mac user due to the appl heritage, but not too many I hope.
Sebastian Zierer

Posts: 182
Registered: 4/3/00
Re: OSX anyone code-sign but not sandbox? Do-able? Worth it?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 5, 2014 12:54 AM   in response to: Grant Beattie in response to: Grant Beattie
Grant Beattie wrote:
I wonder if there is something out there like PackageMaker that still works with recent OS X that will allow for something other than an APP or ZIP to be provided to the end user?* I guess the old PackageMaker won't target anything recent OS wise.

We use Packages for this:
http://s.sudre.free.fr/Software/Packages/about.html

The other option is creating a *.dmg file using "Disk Utility".
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: OSX anyone code-sign but not sandbox? Do-able? Worth it?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 5, 2014 8:59 AM   in response to: Sebastian Zierer in response to: Sebastian Zierer
Sebastian Zierer wrote:
We use Packages for this:
http://s.sudre.free.fr/Software/Packages/about.html

The other option is creating a *.dmg file using "Disk Utility".

Thanks I will look at that. I did find that it's possible to codesign and package on the commandline of the Mac. It gives you a vanilla Package but there might be some command line options to modify the "productbuild" messages to the user, not sure. Here is what I did on Mavericks 10.9.5 with XCode 6.1 (I'm using XE7):

codesign --verbose --force --verify --deep --sign "Developer ID Application: MY COMPANY (##########)" MyApplication.app
 
productbuild --component "MyApplication.app" /Applications --sign "Developer ID Installer: MY COMPANY (##########)" --product 
 "MyApplication.app/Contents/info.plist" MyApplication.pkg


In the above case I copied my app bundle to the desktop and changed to that directory so that I didn't have to type in any paths on the command line. Batch files I know, scripts not so much (yet).

Also there is another utility called "pkgbuild" but I don't know if this performs the same function as "productbuild" or not. I'm not big on DMG. Seems unnecessary (to me) for installing an app to mount a drive.

It should be noted that Mountain Lion requires a different process.

Edited by: Grant Beattie on Dec 8, 2014 12:11 PM to fix the code-sign ID which was wrongly recommended by Embarcadero examples. It should be the "Developer ID Application" not the "Mac Developer".
Jerome Shidel

Posts: 2
Registered: 2/2/00
Re: OSX anyone code-sign but not sandbox? Do-able? Worth it?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 13, 2014 12:48 PM   in response to: Grant Beattie in response to: Grant Beattie
Hey, I've been looking at how to get this to work for a while.

THANKS!

Fyi, Appears to work on Yosemite as well.

Grant Beattie wrote:
Sebastian Zierer wrote:
We use Packages for this:
http://s.sudre.free.fr/Software/Packages/about.html

The other option is creating a *.dmg file using "Disk Utility".

Thanks I will look at that. I did find that it's possible to codesign and package on the commandline of the Mac. It gives you a vanilla Package but there might be some command line options to modify the "productbuild" messages to the user, not sure. Here is what I did on Mavericks 10.9.5 with XCode 6.1 (I'm using XE7):

codesign --verbose --force --verify --deep --sign "Developer ID Application: MY COMPANY (##########)" MyApplication.app
 
productbuild --component "MyApplication.app" /Applications --sign "Developer ID Installer: MY COMPANY (##########)" --product 
 "MyApplication.app/Contents/info.plist" MyApplication.pkg


In the above case I copied my app bundle to the desktop and changed to that directory so that I didn't have to type in any paths on the command line. Batch files I know, scripts not so much (yet).

Also there is another utility called "pkgbuild" but I don't know if this performs the same function as "productbuild" or not. I'm not big on DMG. Seems unnecessary (to me) for installing an app to mount a drive.

It should be noted that Mountain Lion requires a different process.

Edited by: Grant Beattie on Dec 8, 2014 12:11 PM to fix the code-sign ID which was wrongly recommended by Embarcadero examples. It should be the "Developer ID Application" not the "Mac Developer".
Michael Leahy

Posts: 239
Registered: 5/9/07
Re: OSX anyone code-sign but not sandbox? Do-able? Worth it?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 5, 2014 8:58 AM   in response to: Grant Beattie in response to: Grant Beattie
Grant Beattie wrote:
Michael Leahy wrote:
I may be headed in that direction. I'll be selling the same software directly for Windows.

That's my plan too. I thought I was done until I tried out the sandboxing (pandoraboxing) thing. I wonder if there is something out there like PackageMaker that still works with recent OS X that will allow for something other than an APP or ZIP to be provided to the end user? I guess the old PackageMaker won't target anything recent OS wise.

How far along are you? I finished the Windows Firemonkey version (actually it's C++) and added in the changes for OSX Moutain Lion and Mavericks (so far). A few things might be a little unconventional for the die hard Mac user due to the appl heritage, but not too many I hope.

I'm pretty far along. I'm hoping for a beta in the next three weeks.

I still have not delved into what all goes into making it ready for distribution either via the web or the app store.
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02