Signing an App that includes Java fails

Solution 1:

code signing

The friendly manual on code signing says to sign the sub-component first, then try again with your app itself:

• https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG305

codesign says my code is unsigned when I try to sign it.

Make sure all nested code is already signed and its signature is valid. Xcode will take care of this for you if you let it handle your code signing tasks.

It goes on to say let Xcode handle all the signing, which may or may not be helpful since you are already choosing to sign things from the command line.

--deep

To sign all nested code in one go, add the --deep argument to codesign:

codesign --deep -s "Developer ID Application: My Company" /Development/MyApp.app

shell script

Another way of doing the same is to create a shell script that checks the signature state of the nested code, and signs if it is missing. This way you may get more control on what you are signing within the bundle.

Example:

A bash-script called sign-unsigned.sh that checks one entry in the bundle and signs it if it is not already signed could be done like this:

#!/bin/bash
if codesign --verify $1 ; then 
   exit; 
else
   codesign --sign "$2" $1;
fi

Put the sign-unsigned.sh in /Development and do this on the command line:

cd /Development/MyApp.app/
find . -exec ../sign-unsigned.sh {} "Developer ID Application: My Company" \;
codesign --sign "Developer ID Application: My Company" ../MyApp.app