Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: How to build Mac App with code-signing and sandboxing?


This question is answered. Helpful answers available: 1. Correct answers available: 1.


Permlink Replies: 19 - Last Post: Jan 13, 2015 3:56 PM Last Post By: Grant Beattie
Grant Beattie

Posts: 77
Registered: 11/29/01
How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 4, 2014 11:21 AM
OS X SDK 10.9.5 (or 10.9.2)
XCode 6.1

I feel like I'm banging my head against the wall. I have a firemonkey desktop app that builds and runs fine on Win32 debug/release and OSX "normal"
debug/release. Not so much the Store. For Mavericks there are a few things my app would benefit from by being code-signed.
I don't care about the Apple Store per se. I can distribute myself. I just want some of the features and convenience for my end user

Here is one example of what the code signing adds (stolen from another thread): http://i.imgur.com/omQVPrd.png

Notice that the top list is empty and Cover View is not available in the dialog. This is the unsigned app. The signed app appears on the bottom.

I tried compiling with the certificate names in the XE7 Provisioning Mac Developer Profile and 3rd Party Installer Profile and I get an error as shown
in the next message in this thread.

Are there any RECENT tutorials say with XE7 and Mavericks and current or recent XCode that show how to build a desktop app for the store, even if
we aren't going to use The Store? Or is this some FM bug?

Edited by: Grant Beattie on Nov 6, 2014 1:33 PM
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 4, 2014 1:32 PM   in response to: Grant Beattie in response to: Grant Beattie
Well I've added a Mac App ID, a Device to XCode 6.1 and created some provisioning profiles. No improvement. Here is the error:

[PAClient Error] Error: E0264 Unable to execute '"/usr/bin/codesign" --en "/Users/genovation/PAServer/scratch-dir/GBeattie-XE7_Production_iMac/MacroMasterCPxx.app
/Contents/Entitlements.plist" --deep -s "Mac Developer: Grant Beattie (##########)" -f "/Users/genovation/PAServer/scratch-dir/GBeattie-XE7_Production_iMac
/MacroMasterCPxx.app"' (Error 1)
 
[PAClient Error] Error: E0264 /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate: file not in an order that can be
 processed (local relocation entries out of place): /Users/genovation/PAServer/scratch-dir/GBeattie-XE7_Production_iMac/MacroMasterCPxx.app/Contents/MacOS/bplfmx210.de
 
[PAClient Error] Error: E0264 /Users/genovation/PAServer/scratch-dir/GBeattie-XE7_Production_iMac/MacroMasterCPxx.app: the codesign_allocate helper tool cannot be found
 or used
 
[PAClient Error] Error: E0264 In subcomponent: /Users/genovation/PAServer/scratch-dir/GBeattie-XE7_Production_iMac/MacroMasterCPxx.app/Contents/MacOS/bplfmx210.de
 


And this is the command it tried to execute:

+ paclient command line for "XE7_Production_iMac"
  c:\program files (x86)\embarcadero\studio\15.0\bin\paclient.exe -u8 --codesign="MacroMasterCPxx.app,'Mac Developer: Grant Beattie 
  (##########)',Contents/Entitlements.plist"  XE7_Production_iMac 


I don't have an Entitlements.plist that I can find on my PC. I have my appname.entitlements and my appname.plist though. I assume by looking at the Deployment information that it means OSX32\Release\Entitlements.plist and it's contents are:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
		<key>com.apple.security.app-sandbox</key>
	<true/>
	<key>com.apple.security.files.user-selected.read-write</key>
	<true/>
 
</dict>
</plist>
Douglas Rudd

Posts: 314
Registered: 5/16/97
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 5, 2014 4:30 PM   in response to: Grant Beattie in response to: Grant Beattie
One of your error messages says it cant sign the file inside your app: "MacroMasterCPxx.app/Contents/MacOS/bplfmx210.de"

Where is that file coming from? Why is in your app? Normally that would never be there.
If you look inside your app folder on the mac, is it there?
Is this a brand new one button test app?

Edit: ok, maybe that's a C++ thing. I have only worked in Delphi.
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 6, 2014 7:14 AM   in response to: Douglas Rudd in response to: Douglas Rudd
Douglas Rudd wrote:
One of your error messages says it cant sign the file inside your app: "MacroMasterCPxx.app/Contents/MacOS/bplfmx210.de"

Where is that file coming from? Why is in your app? Normally that would never be there.
If you look inside your app folder on the mac, is it there?
Is this a brand new one button test app?

Edit: ok, maybe that's a C++ thing. I have only worked in Delphi.

Same deal on Delphi. Same app as before. If I build for "Normal" debug or release there are no issues, but I get the "reduced" Open Dialog box functionality
discussed in other threads. So now I'm trying to build for the store to get the code signing/sandboxing benefits.

The file is in the Contents/MacOS part of the bundle. I think there are 3 language file for each dylib (that I don't need or use). You can't remove them from the deployment.
But anyway, even if they weren't there, as soon as the dylib was checked we'd get the same failure.

My guess, based on some searches, is that Mavericks expects all the sub components of a bundle to be signed too, and the Embarcadero redist files are
not signed. I checked the dylibs using RB App Checker Lite (easier than the command line) and none of them are signed. The language files .de, .ja, .fr I don't have the technology to check.

Another theory indicates I may be able to sign on 10.8.5 but I haven't looked at that yet because I'd have to move my certificates to another machine.

Edited by: Grant Beattie on Nov 6, 2014 2:25 PM
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 5, 2014 10:25 AM   in response to: Grant Beattie in response to: Grant Beattie
Found this:

"Currently, a Mac OS X dynamic library (dylib) created by Embarcadero's Firemonkey product cannot be signed with Apple's codesign tool, due to a nonstandard ordering of data. This is an Xcode C++ command line tool that attempts to fix the ordering so that codesign will work. Zlib/libpng public license."

https://bitbucket.org/jwwalker/fixfiremonkeydylib

---

I'm not creating a dylib, just an app, but the situation sounds familiar.
Douglas Rudd

Posts: 314
Registered: 5/16/97
Re: How to build Mac App with code-signing and sandboxing?
Helpful
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 6, 2014 10:37 AM   in response to: Grant Beattie in response to: Grant Beattie

Did this utility fix the problem?
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 6, 2014 10:47 AM   in response to: Douglas Rudd in response to: Douglas Rudd
Douglas Rudd wrote:

Did this utility fix the problem?

My "understanding" is that he was writing a dylib and he had to reorder the internals. I can't see how we could apply that to an EMB dylib that already exists. He also hints that you might not be able to sign an EMB dylib on a Mac (or at least a 10.9 Mac). I have not yet verified that as I'm just learning this stuff.

I did try to codesign my testapp myself on the Mac command line and with the --deep (kludge) got the same errors. It's curious that your Project5.app has fewer EMB components in it than mine, as the dylibs are placed automatically by XE7.

I might see if I can code sign the EMB stuff myself on the Mac and then codesign my bundle after the fact. This is perhaps beyond my knowledge at this point but I can't sit around twiddling my thumbs either and my searches are getting fewer and fewer useful leads.

See also this http://stackoverflow.com/questions/25878926/signing-firemonkey-generated-dylib-on-mac-os-x

Sooo, ... I'm wondering how you were able to sign/sandbox that Project5 test app we looked at a while back in order to get the OpenDialog to work correctly? I might be able to duplicate that environment and get moving for now.

Edited by: Grant Beattie on Nov 6, 2014 3:59 PM
Brian Hamilton ...

Posts: 556
Registered: 10/14/04
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 6, 2014 6:25 PM   in response to: Grant Beattie in response to: Grant Beattie
Sooo, ... I'm wondering how you were able to sign/sandbox that Project5 test app we looked at a while back in order to get the OpenDialog to work correctly? I might be able to duplicate that environment and get moving for now.
there is permission settings in the IDE you can set for files /open/ etc..so maybe that is the key
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 7, 2014 6:39 AM   in response to: Brian Hamilton ... in response to: Brian Hamilton ...
Brian Hamilton wrote:
Sooo, ... I'm wondering how you were able to sign/sandbox that Project5 test app we looked at a while back in order to get the OpenDialog to work correctly? I might be able to duplicate that environment and get moving for now.
there is permission settings in the IDE you can set for files /open/ etc..so maybe that is the key

Yes thanks I have tried a couple of things in the Project -> Opttions -> Entitlements. Mainly the file open and open/save dialog permissions.
Douglas Rudd

Posts: 314
Registered: 5/16/97
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 7, 2014 1:29 AM   in response to: Grant Beattie in response to: Grant Beattie
Here is working delphi signed test XE7 app with opendialog:
http://i-logic.com/temp/Project8.pkg

You can do a verify with this in Mac terminal:
sudo codesign --verify -vvvv "/Applications/Project8.app"

But this wont help you because you are using C++.
I have RadStudio so I started up my C++builder in XE6 and ran into the same problem as you. (local relocation entries out of place): etc.
(I have XE7 C++builder too but not installed)

In case you don't know, you have all those bplfmx200.de, bplfmx200.fr, etc files in there because you have "Link with runtime packages" checked in configuration. Maybe that is default for C++. Without that checked, there is only a couple of .dylib in there. But it doesn't matter because it still doesn't work.

Apparently you are the first person in the world to attempt to make a C++builder OSX app.

I notice the C++ compile has "--deep" on the codesign command and the Delphi compile doesn't. Maybe the delphi libcgunwind.1.0.dylib is already signed.
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 7, 2014 6:54 AM   in response to: Douglas Rudd in response to: Douglas Rudd
Douglas Rudd wrote:
Here is working delphi signed test XE7 app with opendialog:
http://i-logic.com/temp/Project8.pkg

You can do a verify with this in Mac terminal:
sudo codesign --verify -vvvv "/Applications/Project8.app"

But this wont help you because you are using C++.

Thanks for that. I will look at it. At least I can find out what works and what does not on my setup here. Any chance you can post the source or .app too?

I have RadStudio so I started up my C++builder in XE6 and ran into the same problem as you. (local relocation entries out of place): etc.
(I have XE7 C++builder too but not installed)

In case you don't know, you have all those bplfmx200.de, bplfmx200.fr, etc files in there because you have "Link with runtime packages" checked in configuration. Maybe that is default for C++. Without that checked, there is only a couple of .dylib in there. But it doesn't matter because it still doesn't work.

Yeah this is in fact REQUIRED for OS X as I discovered here:
https://forums.embarcadero.com/thread.jspa?threadID=108911
"So the issue doesn't have anything to do with dialog boxes perse and that is merely a red herring. The issue is we don't support static linking on OSX."

BTW, I get all those files using Delphi XE7. I can try later with XE6.

But anyway I'm sure some of those items are languages, and with apologies to other parts of the world, I am only targeting English so thought I could dispense with the non- .dylib files and sign the dylibs myself. But I don't think I can remove them as those components are not removable (I can supply a link if needed). Maybe by hand by deleting them from the bundle but that seems far-fetched.

Apparently you are the first person in the world to attempt to make a C++builder OSX app.

I notice the C++ compile has "--deep" on the codesign command and the Delphi compile doesn't. Maybe the delphi libcgunwind.1.0.dylib is already signed.

Yes my forehead is flat from banging it on a wall. I'm no an expert developer so I allow myself some wrong turns.I wll look at that dylib for my own education. And FWIW the --deep is a kludge of sorts as there is the potential for failure at the users Mac. Can't recall the source of that but I can look it up.

So I was thinking this was just a Mavericks issue. That's where my certificates are. I was also thinking I could sign on Mountain Lion if I could figure out how to move my certificates there.

So should I try and figure out how to file a bug with EMB?

Edited by: Grant Beattie on Nov 7, 2014 7:30 AM
Douglas Rudd

Posts: 314
Registered: 5/16/97
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 7, 2014 11:43 AM   in response to: Grant Beattie in response to: Grant Beattie
The source code wont help you - there is nothing there except:
procedure TForm8.Button1Click(Sender: TObject);
begin
  OpenDialog1.Execute;
end;

I uploaded the pkg file because for some reason the .app wouldn't download right from the server.
In the Mac, go to the link with Safari and it will download it and you can install it. After installation you can inspect the .app.

I have the feeling that this from jwwalker may be the only answer, but he doesn't provide any executable and I don't know how to compile it. I would think C++ guys out there would know how to compile it.
https://bitbucket.org/jwwalker/fixfiremonkeydylib
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 7, 2014 12:38 PM   in response to: Douglas Rudd in response to: Douglas Rudd
OK, I confirmed that Delphi works OK. I made a new XE6 Delphi one-button-dialog-box app and as you reported the language files are NOT there, just the libcgunwind.1.0.dylib.

I guess you can't code sign for Mavericks using XE6 from the IDE. Then on my first try to code sign on the Mac itself (Mavericks 10.9.5) I get the entitlements.plist file in the wrong place error. As in this situation:

http://qc.embarcadero.com/wc/qcmain.aspx?d=127441

If I use --deep, the error goes away. How this is the correct resolution is beyond me. I guess you can't apply the --deep from within the XE6 IDE without the workaround discussed elsewhere ... hence the reason to sign on the Mac.

This was for my own education as I hadn't been through the whole process and found that at least for XE6 you need to do the signing and packaging on the Mac. I will try Delphi on XE7 again for my own education before returning to C++Builder. I captured my command lines here for anyone else that's a newbie like me.

codesign -v --entitlements XE6DelphiTest.app/Contents/entitlements.plist --deep -s "Mac Developer: Grant Beattie (##########)" XE6DelphiTest.app
 
productbuild --component "XE6DelphiTest.app" /Applications --sign "Developer ID Installer: MYCOMPANY INC (##########)" --product "XE6DelphiTest.app/Contents/info.plist" XE6DelphiTest.pkg


The package file can then be uploaded to the web/cloud/ether and downloaded and installed on Mavericks with no issues. I can open a dialog box (!!!) and it correctly shows the files in the list view on first try and cover view works!

It's curious that Mac doesn't let you pick a folder when you click the PKG. I found that I had to move the PKG to the Applications folder before I double clicked it in order for the app to be installed in the Applications folder. Is this normal?
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 7, 2014 2:50 PM   in response to: Douglas Rudd in response to: Douglas Rudd
Douglas Rudd wrote:

In case you don't know, you have all those bplfmx200.de, bplfmx200.fr, etc files in there because you have "Link with runtime packages" checked in configuration. Maybe that is default for C++. Without that checked, there is only a couple of .dylib in there. But it doesn't matter because it still doesn't work.

Apparently you are the first person in the world to attempt to make a C++builder OSX app.

I notice the C++ compile has "--deep" on the codesign command and the Delphi compile doesn't. Maybe the delphi libcgunwind.1.0.dylib is already signed.

Well, a short followup on this. I built an XE6 CPP example and indeed it can't be signed in the IDE or on the Mac.

I tried setting all the runtime library checkboxes to false, even though that causes other app execution related problems, and the dylib list is trimmed significantly. None of the language files are deployed. Only bplfmx200.dylib, bplrtl200.dylib and libcgunwind.1.0.dylib. Again the error is that the bpl*.dylib "file not in an order that cannot be processed (local relocation entries out of place)". So as you say it's the Embarcadero dylib internals that seem to be to blame.

So that takes me back to one possible action route... move my code signing to an older machine.

XE7 Delphi codesigns and packages OK on Mavericks. The dialog box works correctly.

Edited by: Grant Beattie on Nov 7, 2014 3:10 PM
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 7, 2014 3:35 PM   in response to: Grant Beattie in response to: Grant Beattie
CPPBuilder XE7 with runtime packages turned off builds a bundle with only the libcgunwind.1.0.dylib in the Contents/MacOS folder. It also successfully code signs and packages. The dialog box works properly.

I don't know if it matters, but the target is Mavericks 10.9.5 and the SDK is 10.9.2. XCode is 6.1

From previous experience there will be problems linking this way, [Note 1] but for now at least it builds. I did it from the IDE but here are the command lines:

paclient command line for "XE7_Production_iMac"
c:\program files (x86)\embarcadero\studio\15.0\bin\paclient.exe -u8 --Clean="XE7CppTest.app,F:\Grant3\CBuilderXE7\XE7CppTest\XE7CppTest.@emb.tmp"
-u8 --Clean="XE7CppTest.app.dSYM,F:\Grant3\CBuilderXE7\XE7CppTest\XE7CppTest.@emb.tmp" XE7_Production_iMac

paclient command line for "XE7_Production_iMac"
c:\program files (x86)\embarcadero\studio\15.0\bin\paclient.exe -u8 --put="c:\program files
(x86)\embarcadero\studio\15.0\Redist\osx32\libcgunwind.1.0.dylib,XE7CppTest.app\Contents\MacOS\,1,libcgunwind.1.0.dylib" XE7_Production_iMac

paclient command line for "XE7_Production_iMac"
c:\program files (x86)\embarcadero\studio\15.0\bin\paclient.exe -u8 --put=".\OSX32\Release\XE7CppTest,XE7CppTest.app\Contents\MacOS\,1,XE7CppTest"
XE7_Production_iMac

paclient command line for "XE7_Production_iMac"
c:\program files (x86)\embarcadero\studio\15.0\bin\paclient.exe -u8
--put=".\OSX32\Release\XE7CppTest.info.plist,XE7CppTest.app\Contents\,1,Info.plist" XE7_Production_iMac

paclient command line for "XE7_Production_iMac"
c:\program files (x86)\embarcadero\studio\15.0\bin\paclient.exe -u8
--put=".\OSX32\Release\XE7CppTest.entitlements,XE7CppTest.app\Contents\,1,Entitlements.plist" XE7_Production_iMac

paclient command line for "XE7_Production_iMac"
c:\program files (x86)\embarcadero\studio\15.0\bin\paclient.exe -u8
--put="XE7CppTest_Icns2.icns,XE7CppTest.app\Contents\Resources\,1,XE7CppTest.icns" XE7_Production_iMac

paclient command line for "XE7_Production_iMac"
c:\program files (x86)\embarcadero\studio\15.0\bin\paclient.exe -u8 --codesign="XE7CppTest.app,'Mac Developer: Grant Beattie
(##########)',Contents/Entitlements.plist" XE7_Production_iMac

paclient command line for "XE7_Production_iMac"
c:\program files (x86)\embarcadero\studio\15.0\bin\paclient.exe -u8 --productbuild="XE7CppTest.app,/Applications,XE7CppTest.pkg,'MYCOMPANY
INC (##########)'" XE7_Production_iMac

Note 1: The first problem I ran into when Link with runtime packages false is that if you use a MessageDlg() then the program hangs. I can explain this more later and we should test this on Delphi too.

Edited by: Grant Beattie on Nov 7, 2014 3:45 PM
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 7, 2014 4:07 PM   in response to: Grant Beattie in response to: Grant Beattie
Boom! With runtime packages turned off (false) MessageDlg blows up Delphi too.

Change your code to look like this by adding a second button:

procedure TForm1.Button1Click(Sender: TObject);
begin
   OpenDialog1.Execute();
end;
 
procedure TForm1.Button2Click(Sender: TObject);
begin
   MessageDlg('This is a message to you.', TMsgDlgType.mtError, mbOKCancel, 0);
end;


Codesign it, etc if you like. The OpenDialog works great. When you click Button2 for the MessageDlg then the program hangs and must be force quit.

If this was the ONLY issue I could make my own form to replace all my dialogs, but I imagine there are other things lurking too.
Douglas Rudd

Posts: 314
Registered: 5/16/97
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 8, 2014 2:17 AM   in response to: Grant Beattie in response to: Grant Beattie
Boom! With runtime packages turned off (false) MessageDlg blows up Delphi too.
No. Both buttons work fine on mine on a signed Delphi OSX app..

On a signed Delphi XE7 OSX app I haven't noticed any problems with any other features either. And I have made several. I don't know about C++, but in Delphi the normal way is to always have runtime packages turned off.

The only known problem is that you cant codesign some dylibs.
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 8, 2014 7:32 AM   in response to: Douglas Rudd in response to: Douglas Rudd
SUCCESS!

I can't say I haven't shot myself in the foot, but yes it is possible to update the various dylibs such that they can be code-signed, etc on a Mavericks Mac (and execute properly). In my case my application is written using C++Builder XE7 but the same nonsense should be applicable for other combinations.

SO... I grabbed the XCode utility from JWWalker at https://bitbucket.org/jwwalker/fixfiremonkeydylib/downloads. I'm not a Mac developer so it took me a while to sort out a few things and be able to "fix" the dylibs. The utility does not come built so you have to build it yourself. The most obvious issue is to modify proj.xcconfig to compile on my Mavericks platform. James Walker was building FixFiremonkeyDylib on Macosx10.7 amd I'm using macosx10.9. I don't use XCode for anything else so a few other things popped up that I had to learn.

THEN... I had to open up one of my app bundles and copy all the dylibs in question over to a folder where I could "fix" them. In my case I had to fix bplfmx210.dylib, bplfmx210.de, bplfmx210.fr, bplfmx210.ja, bplrtl210.dylib, bplrtl210.de, bplrtl210.fr, bplrtl210.ja, libcgcrtl.dylib, and libcgstl.dylib. The only one I did not have to fix was libcgunwind.1.0.dylib and I don't know why it doesn't need to be fixed and the others do. I would love to lose the .fr, .ja and .de files too if I could.

OK ... then I needed to get them on the PC side so that they could be deployed over to the Mac for code-signing, etc. The only way I could figure out how to do that was to make a backup copy on my PC of the above named files, located in C:\Program Files (x86)\Embarcadero\Studio\15.0\Redist\osx32. This will vary by version but you can see it named on your Deployment settings. Then I copied the files I fixed on the Mac into this directory.

I had to build with Link with Dynamic RTL = true (in two places in C++ Builder) and in my case set the Entitlement List item Read/write access to files selected with the Open or Save Dialog = true.

From then I could build, deploy, whatever and so far it seems to work (fingers crossed). I need to regression test my app to know for sure.

Thanks to all the people that helped here and elsewhere in making some forward progress with Mavericks. Looking forward to Yosemite (not!). I will report any other issues as they come up. Hopefully no show-stoppers.

Edited by: Grant Beattie on Nov 10, 2014 1:14 PM
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 11, 2014 8:23 AM   in response to: Grant Beattie in response to: Grant Beattie
As noted code signing the dylibs can be done using JWWalkers utility. It's not going to fly with the App Store though (I suspect). My objective was to make the installation procedure as clean as possible when downloading the application from the internet. Also without sandboxing the Open Dialog is goofed up.
Grant Beattie

Posts: 77
Registered: 11/29/01
Re: How to build Mac App with code-signing and sandboxing?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jan 13, 2015 3:51 PM   in response to: Grant Beattie in response to: Grant Beattie
Grant Beattie wrote:
As noted code signing the dylibs can be done using JWWalkers utility. It's not going to fly with the App Store though (I suspect). My objective was to make the installation procedure as clean as possible when downloading the application from the internet. Also without sandboxing the Open Dialog is goofed up.

That was my finding as well. You can code-sign (using someone ELSE's utility) but the App Store is not possible... sandboxing issues galore. They should remove App Store from the IDE and marketing as it's bordering on false advertising. And yes the Dialogs are messed up. My feeling is that EMB is forging ahead with new features (and new bugs too no doubt), while the core is left to rot. There is no one home in QC.

Edited by: Grant Beattie on Jan 13, 2015 3:54 PM
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02