-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug] MacOS Codesign doesn't handle frameworks #7690
Comments
FROM APPLE When embedding frameworks there are two important things to note: You must copy the framework in a way that preserves symlinks. I often see problems where folks copy a framework using cp -r, which expands the symlinks, which effectively breaks the code. I generally recommend copying code with ditto. The notary service requires that all code be signed with a valid Developer ID, so it’s possible to build an app from components signed by different developers. My general advice, however, is that you re-sign any nested code with your Developer ID. Sign each code item separately, from the inside out. |
Also from Apple: Consider Deep Harmful Wondering if we should remove the --deep command from the bundler? My guess is this may break sidecar? Maybe we need to manually sign sidecar separately? |
The deep flag was the main thing I had in mind when I said that the whole signing implementation is messed up on discord. |
agreed... yeah maybe on the MacOS bundler, we need to have a configuration parameter where you can specify "binaries to sign" |
(tauri-apps#7774) Co-authored-by: Lucas Nogueira <lucas@tauri.app>
Describe the bug
I'm developing an application on MacOS that uses a 3rd Party Framework that I package with my application. When code signing and then distributing the app, I get crash reports on boot regarding the Framework and it having discrepancies in the team id
During my testing and research today, I found that Apple recommends signing included frameworks along with your app itself. So I tried this on the
.app
file, first signing the internal Framework and then signing the overall App itself and it cleared up the issue.I'm guessing this is something that needs to be added to the bundler?
Reproduction
No response
Expected behavior
No response
Platform and versions
Stack trace
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: