How do I codesign an App?

classic Classic list List threaded Threaded
29 messages Options
12
Reply | Threaded
Open this post in threaded view
|

AW: How do I codesign an App?

Tiemo Hollmann TB
Well said

-----Ursprüngliche Nachricht-----
Von: use-livecode [mailto:[hidden email]] Im Auftrag
von Richard Gaskin
Gesendet: Mittwoch, 26. Oktober 2016 16:25
An: [hidden email]
Betreff: Re: How do I codesign an App?

Paul Dupuis wrote:

 > Isn't code signing platform specific? Meaning, don't you have to code  >
sign a OSX Standalone on OSX and code sign a Windows standalone on  >
Windows?
 >
 > I would eagerly second adding code signing to the IDE if it could be  >
done cross platform. I.e. if I develop under Windows, I could sign the  >
OSX and Windows standalones I build OR if I develop under OSX, I could  >
code sign BOTH the Windows and OSX standalones (with different  >
certificates of course)

 From time to time we need platform-specific features.  This could be merely
one more.

Ultimately there's one super-feature that determines the value of all other
features:  the line between "I want to make an app" and "I just shipped an
app!".  The shorter and less painful that line, the more value LiveCode has.

So when we evaluate possible features it can be helpful to think of them in
terms of pain point magnitude:  how many people find it frustrating to not
have it, and just how frustrating is it?

Code signing, and packaging for iOS, are horribly time-wasting, hair-pulling
activities that require a disproportionate amount of research and
experimentation to finally get them right.  They're serious bottlenecks to
professional deployment, among the biggest pain points we face.

These aren't failings of LiveCode, but they may well be opportunities for
LiveCode, to provide a level of usability for those tools currently absent
from the respective OS vendors.

After all, isn't that ultimately what LiveCode is all about, making it
easier to ship apps than by using OS-vendor-preferred solutions?

Even if it were necessary to implement those features in a way that could
only be used on certain platforms, I'd chip in for this.  I've seen too many
sad and frustrated posts from even experienced coders not to want to see
this pain point go away.

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: How do I codesign an App?

Wprothero
In reply to this post by Matthias Rebbe | M-R-D
Code signing is very frustrating and time-wasting. I second, third, and fourth all recommendations to make the app deployment process easier for both standalone systems and mobile. I disagree that it should only be in the commercial version, though. Indy users distribute apps too.

I'd chip in $$ if that was necessary, to get this added to the IDE.

Best,
Bill

William Prothero
http://es.earthednet.org

> On Oct 26, 2016, at 7:37 AM, Matthias Rebbe <[hidden email]> wrote:
>
> Like Trevor said, it is possible to codesign your  Windows apps using a virtual machine.
> I am doing it with a Parallles VM.
>
> But please be aware that you cannot use your Apple developer certificate. You will need to purchase a separate Code Signing Certificate.
>
> You can get a very cheap one (about 80$/year from KSoftware at http://www.ksoftware.com <http://www.ksoftware.com/> .
> KSoftware is a Commodo partner.
>
> KSoftware is offering a free signing app (KSign) for Windows which makes it very easy to codesign your Windows executables.
>
>
>
>
>> Am 26.10.2016 um 15:46 schrieb Graham Samuel <[hidden email]>:
>>
>> Just a quick question. I don’t have a real Windows machine in-house so I do my Windows work via Parallels on a Mac - for beta testing I can use other peoples’ physical PCs. As the whole certificate-obtaining process for Windows has to be carried out on one identifiable Windows machine, would there be any glitches if this was actually a virtual machine? I imagine not, but I’d like to be reassured just the same.
>>
>> TIA
>>
>> Graham
>>
>>> On 26 Oct 2016, at 15:22, Trevor DeVore <[hidden email]> wrote:
>>
>> […]
>>>
>>> I have some instructions for getting certificates and code signing here:
>>>
>>> http://revolution.screenstepslive.com/s/revolution/m/10695 <http://revolution.screenstepslive.com/s/revolution/m/10695>
>>>
>>> The Windows instructions should still work.
>> […]
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Http://es.earthednet.org
Reply | Threaded
Open this post in threaded view
|

Re: How do I codesign an App?

Richard Gaskin
William Prothero wrote:

 > Code signing is very frustrating and time-wasting. I second, third,
 > and fourth all recommendations to make the app deployment process
 > easier for both standalone systems and mobile. I disagree that it
 > should only be in the commercial version, though. Indy users
 > distribute apps too.

Ah, yes, I'd forgotten about the split feature sets.

For the record, for me to be motivated to chip in, anything that
facilitates iOS deployment must be in Indy as well as Business.

And for all other platforms where distribution is compatible with the
GPL, any community-funded enhancements need to also be in the Community
Edition.

The features proposed here are security features, and those making free
and open software have as much need for security as anyone else.

But for myself this applies to all community-funded features: no
Community Edition, no dice.

Fortunately, to date I believe all community-funded features have been
included in all three editions, Community, Indy, and Business.  I trust
that won't change, as it would only reduce the pool of potential
contributors, and further exacerbate the challenges of transforming into
a true open source project.

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: How do I codesign an App?

Wprothero
In reply to this post by Trevor DeVore
Trevor:
I tried your codesigning livecode app. First  I signed it with App Wrapper3, to make sure I had a good certificate. Then I tried it with your stack, using the same certificate:

I tried it using different certificate names, but basically the response was the same.

I got the response below:

chmod -R u+rw "/Users/prothero/Desktop/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8.app"

xattr -rc "/Users/prothero/Desktop/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8.app"

codesign --verbose --force -s "Developer ID Application: 3rd Party Mac Developer Application" "/Users/prothero/Desktop/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8.app/Contents/MacOS/Externals/revbrowser.bundle/Contents/MacOS/revbrowser"

codesign process failed: Developer ID Application: 3rd Party Mac Developer Application: no identity found

——————————————————

The App Wrapper installer gave me:
link to image:  https://www.dropbox.com/s/puiwpraqaewtu23/AppWrapperWindow.png?dl=0 <https://www.dropbox.com/s/puiwpraqaewtu23/AppWrapperWindow.png?dl=0>

Thanks for providing this stack. I hope this helps and if you need any other info, let me know.
.
Best,
Bill

> On Oct 26, 2016, at 5:39 AM, Trevor DeVore <[hidden email]> wrote:
>
> On Tue, Oct 25, 2016 at 9:51 PM, William Prothero <[hidden email]>
> wrote:
>
>> Trevor:
>> Thanks a bunch! I haven’t played with the GLX App Framework, but I will
>> and use that code. This is something that really needs to be in the IDE.
>> Its SUCH a common thing to do and can be so frustrating.
>>
>> The other problem I get into is having a bunch of certificates that don’t
>> work and I can’t seem to figure which one to use. I try them all, so…
>> Anyway, the signing code looks like a natural for the IDE.
>>
>
> Here is a gist with the code for a script-only stack that will codesign a
> LiveCode application:
>
> https://gist.github.com/trevordevore/3e91724c4573690b691510d2e2dcd2a7
>
> Save the text in the gist to a file named “signOSXApplication.livecode”
> then open the file in LiveCode (I tested in 8.1.1). Steps:
>
> 1) Click the Sign Application button
> 2) Select an application bundle that you built with LiveCode
> 3) Enter your certificate name. Just enter the part that is unique to you.
> For example, I enter “Blue Mango Learning Systems”. My keychain has entries
> like “Developer ID Application: Blue Mango Learning Systems” and “3rd Party
> Mac Developer Application: Blue Mango Learning Systems”. The code will add
> the appropriate prefix.
>
> The log field will show what is going on.
>
> I tested with a simple app built from LiveCode on macOS Sierra. Last week I
> had to add some additional code to the signing process to accommodate
> Sierra. If you run into problems on other platforms we may need to comment
> out the xattr call on line 60.
>
> Let me know how it goes.
>
> --
> Trevor DeVore
> ScreenSteps
> www.screensteps.com    -    www.clarify-it.com
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Http://es.earthednet.org
Reply | Threaded
Open this post in threaded view
|

Re: How do I codesign an App?

Wprothero
Trevor:
By the way, I have a bunch of certificates. A link to my keychain window is:
https://www.dropbox.com/s/hlfa9tqtfrm7tyw/KeyChainCertWindow.png?dl=0 <https://www.dropbox.com/s/hlfa9tqtfrm7tyw/KeyChainCertWindow.png?dl=0>

I tried “William Prothero” as the certificate identifier. I wonder if my big bunch of certificate, acquired over the years, is confusing your stack. The basic message I get is “no identity found”.

Part of my problem is that I build up a lot of deployment items, like certificates, provisioning profiles, etc, and lose track of which ones are ok and which ones are useless or obsolete.

Do I need a different certificate for each application, or will one suffice for all OSX apps I build? Can I get rid of a bunch of them?

Best,
Bill

> On Oct 26, 2016, at 11:40 AM, William Prothero <[hidden email]> wrote:
>
> Trevor:
> I tried your codesigning livecode app. First  I signed it with App Wrapper3, to make sure I had a good certificate. Then I tried it with your stack, using the same certificate:
>
> I tried it using different certificate names, but basically the response was the same.
>
> I got the response below:
>
> chmod -R u+rw "/Users/prothero/Desktop/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8.app"
>
> xattr -rc "/Users/prothero/Desktop/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8.app"
>
> codesign --verbose --force -s "Developer ID Application: 3rd Party Mac Developer Application" "/Users/prothero/Desktop/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8/Plate Tectonics Explorer-V8.app/Contents/MacOS/Externals/revbrowser.bundle/Contents/MacOS/revbrowser"
>
> codesign process failed: Developer ID Application: 3rd Party Mac Developer Application: no identity found
>
> ——————————————————
>
> The App Wrapper installer gave me:
> link to image:  https://www.dropbox.com/s/puiwpraqaewtu23/AppWrapperWindow.png?dl=0 <https://www.dropbox.com/s/puiwpraqaewtu23/AppWrapperWindow.png?dl=0>
>
> Thanks for providing this stack. I hope this helps and if you need any other info, let me know.
> .
> Best,
> Bill
>
>> On Oct 26, 2016, at 5:39 AM, Trevor DeVore <[hidden email]> wrote:
>>
>> On Tue, Oct 25, 2016 at 9:51 PM, William Prothero <[hidden email]>
>> wrote:
>>
>>> Trevor:
>>> Thanks a bunch! I haven’t played with the GLX App Framework, but I will
>>> and use that code. This is something that really needs to be in the IDE.
>>> Its SUCH a common thing to do and can be so frustrating.
>>>
>>> The other problem I get into is having a bunch of certificates that don’t
>>> work and I can’t seem to figure which one to use. I try them all, so…
>>> Anyway, the signing code looks like a natural for the IDE.
>>>
>>
>> Here is a gist with the code for a script-only stack that will codesign a
>> LiveCode application:
>>
>> https://gist.github.com/trevordevore/3e91724c4573690b691510d2e2dcd2a7
>>
>> Save the text in the gist to a file named “signOSXApplication.livecode”
>> then open the file in LiveCode (I tested in 8.1.1). Steps:
>>
>> 1) Click the Sign Application button
>> 2) Select an application bundle that you built with LiveCode
>> 3) Enter your certificate name. Just enter the part that is unique to you.
>> For example, I enter “Blue Mango Learning Systems”. My keychain has entries
>> like “Developer ID Application: Blue Mango Learning Systems” and “3rd Party
>> Mac Developer Application: Blue Mango Learning Systems”. The code will add
>> the appropriate prefix.
>>
>> The log field will show what is going on.
>>
>> I tested with a simple app built from LiveCode on macOS Sierra. Last week I
>> had to add some additional code to the signing process to accommodate
>> Sierra. If you run into problems on other platforms we may need to comment
>> out the xattr call on line 60.
>>
>> Let me know how it goes.
>>
>> --
>> Trevor DeVore
>> ScreenSteps
>> www.screensteps.com    -    www.clarify-it.com
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Http://es.earthednet.org
Reply | Threaded
Open this post in threaded view
|

Re: How do I codesign an App?

J. Landman Gay
In reply to this post by Wprothero
On 10/26/16 1:40 PM, William Prothero wrote:

> I tried it using different certificate names, but basically the
> response was the same.
>
> I got the response below:
>
> chmod -R u+rw "/Users/prothero/Desktop/Plate Tectonics
> Explorer-V8/Plate Tectonics Explorer-V8/Plate Tectonics
> Explorer-V8.app"
>
> xattr -rc "/Users/prothero/Desktop/Plate Tectonics Explorer-V8/Plate
> Tectonics Explorer-V8/Plate Tectonics Explorer-V8.app"
>
> codesign --verbose --force -s "Developer ID Application: 3rd Party
> Mac Developer Application" "/Users/prothero/Desktop/Plate Tectonics
> Explorer-V8/Plate Tectonics Explorer-V8/Plate Tectonics
> Explorer-V8.app/Contents/MacOS/Externals/revbrowser.bundle/Contents/MacOS/revbrowser"
>
>  codesign process failed: Developer ID Application: 3rd Party Mac
> Developer Application: no identity found

You need to get a third party Mac developer certificate from the
developer portal. It's different from the App Store certificates you
probably already have.

--
Jacqueline Landman Gay         |     [hidden email]
HyperActive Software           |     http://www.hyperactivesw.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: How do I codesign an App?

J. Landman Gay
In reply to this post by Trevor DeVore
I've been code-signing third-party Mac and Windows apps for about two
years. Or rather, my client has, but I helped set it up.

We use AppWrapper for Mac and the kSign utility provided by
ksoftware.net along with their certificate. It has been a simple process
once everything is set up. Build the LC app for both platforms, use
AppWrapper on the Mac version and kSign on the Windows one. Both
utilities are pretty much a one-click event after setup.

Note you need to get the appropriate certificates. If you are
distributing a Mac app outside of the App Store, you need to acquire a
Third Party Developer certificate from the developer portal. For
in-store apps you'd use the regular certificates most of us have.

For Windows, you need to apply for and purchase a Windows Developer
certificate. This process can take a couple of weeks. KSoftware will
help you through it. You will need to provide identification, proof of
business status, and some other paperwork to proove who you are and that
you are a legitimate company or developer. They check your credentials,
and if you pass muster they issue the developer certificate. You use
that with their KSign executable to sign the Windows app.

--
Jacqueline Landman Gay         |     [hidden email]
HyperActive Software           |     http://www.hyperactivesw.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: How do I codesign an App?

Graham Samuel-4
In reply to this post by Richard Gaskin
Sorry if I gave the impression that I wanted to exclude any deployment options from the Community version: rather, I wanted to make sure that they would work with all three - Indy is only “Commercial for the smaller enterprise” in that it allows encrypted stacks, isn’t that right? So yes, we need all three.

Graham


> On 26 Oct 2016, at 17:07, Richard Gaskin <[hidden email]> wrote:
>
> William Prothero wrote:
>
> > Code signing is very frustrating and time-wasting. I second, third,
> > and fourth all recommendations to make the app deployment process
> > easier for both standalone systems and mobile. I disagree that it
> > should only be in the commercial version, though. Indy users
> > distribute apps too.
>
> Ah, yes, I'd forgotten about the split feature sets.
>
> For the record, for me to be motivated to chip in, anything that facilitates iOS deployment must be in Indy as well as Business.
>
> And for all other platforms where distribution is compatible with the GPL, any community-funded enhancements need to also be in the Community Edition.
>
> The features proposed here are security features, and those making free and open software have as much need for security as anyone else.
>
> But for myself this applies to all community-funded features: no Community Edition, no dice.
>
> Fortunately, to date I believe all community-funded features have been included in all three editions, Community, Indy, and Business.  I trust that won't change, as it would only reduce the pool of potential contributors, and further exacerbate the challenges of transforming into a true open source project.
>
> --
> Richard Gaskin
> Fourth World Systems
> Software Design and Development for the Desktop, Mobile, and the Web
> ____________________________________________________________________
> [hidden email]                http://www.FourthWorld.com
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: How do I codesign an App?

Wprothero
In reply to this post by J. Landman Gay
Thanks, Jacqueline:
All of the comments I got so far are very helpful.
Best,
Bill

> On Oct 26, 2016, at 12:24 PM, J. Landman Gay <[hidden email]> wrote:
>
> I've been code-signing third-party Mac and Windows apps for about two years. Or rather, my client has, but I helped set it up.
>
> We use AppWrapper for Mac and the kSign utility provided by ksoftware.net along with their certificate. It has been a simple process once everything is set up. Build the LC app for both platforms, use AppWrapper on the Mac version and kSign on the Windows one. Both utilities are pretty much a one-click event after setup.
>
> Note you need to get the appropriate certificates. If you are distributing a Mac app outside of the App Store, you need to acquire a Third Party Developer certificate from the developer portal. For in-store apps you'd use the regular certificates most of us have.
>
> For Windows, you need to apply for and purchase a Windows Developer certificate. This process can take a couple of weeks. KSoftware will help you through it. You will need to provide identification, proof of business status, and some other paperwork to proove who you are and that you are a legitimate company or developer. They check your credentials, and if you pass muster they issue the developer certificate. You use that with their KSign executable to sign the Windows app.
>
> --
> Jacqueline Landman Gay         |     [hidden email]
> HyperActive Software           |     http://www.hyperactivesw.com
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Http://es.earthednet.org
12