Tag: developer

Starting from Mac os 10.8 apple applications requires certificate. Without that certificate (or without additional system tweaks described here on our product support page: http://support.orm-designer.com/5/macos-mountain-lion-10-8-unidentified-developer ) user will se following message:

"OrmDesigner2" can't be opened because it is from an unidentified developer.

Solution

To solve this error message it’s necessary to do following steps:

1. Register in Apple developer program and pay $99 per year
2. Download and install developer certificate
3. Sign whole application
4. Test it!

1) Register on Developer.apple.com

You need to create registration here: https://developer.apple.com/. It’s necessary to fill info about contact person and company. After that, your registration will be reviewed by apple team and if everything will be OK, your registration will be approved.

2) Use Apple site to generate certificates

Open https://developer.apple.com/account/overview.action ,choose Certificates,  Click Add. Than select certificate parameters suitable for your need. In my case it was Mac Development and  Developer ID.

Now you need to install this certificate to your developer machine. Simply double-click on certificate and let system to import it. You can check that certificate is imported in Go->Utilities->Keychain Access->login. Now search for “Developer ID Application: XXXX”

Note: In my case when I transfer certificate to several developer machines I need to migrate also other Apple certificates. Without that my certificate wasn’t a valid.

3) Sign your application

Now you need to sign your application including all plugins and frameworks inside app bundle. After you sing your app, you can’t do any changes in the bundle. So as first run your deploy as usual and as last step do app singing.

For ORM Designer sign script looks like this:

#go to deploy directory
cd $StarkDeploy.directory$/deploy

#sign app
codesign --force --verify --verbose --sign "Developer ID Application: Inventic s.r.o." ./OrmDesigner2.app

#sign all *.dylib files
find OrmDesigner2.app -name *.dylib | xargs -I $ codesign --force --verify --verbose --sign "Developer ID Application: Inventic s.r.o." $

#sign all Qt* frameworks
find OrmDesigner2.app -name Qt* -type f | xargs -I $ codesign --force --verify --verbose --sign "Developer ID Application: Inventic s.r.o." $

4) Test it!

As last step it’s necessary to test that sign process was successful. As first you can try following command line to validate  it:

codesign -vvv -d OrmDesigner2.app

#RESULT:
Executable=/OrmDesigner2/DeployFiles/macos64/deploy/OrmDesigner2.app/Contents/MacOS/OrmDesigner2
Identifier=com.orm-designer.OrmDesigner2
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=174478 flags=0x0(none) hashes=8717+3 location=embedded
Hash type=sha1 size=20
CDHash=5a491e16f7dcca15b44af4XXXX1a2d2dcc786518
Signature size=4237
Authority=Developer ID Application: Inventic s.r.o. (6BYV46LH6T)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=6 Jun 2013 23:16:08
Info.plist entries=10
Sealed Resources rules=4 files=27
Internal requirements count=1 size=212

Now when you checked that App is correctly signed, it’s time to try it on clean computer where no security policy changes was made. Upload your app and execute it.

If you don’t see annoying screen “Can’t execute application from unidentified developer”, you win ;-).

External links

• http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/
• http://lynxline.com/submiting-to-mac-app-store/
• http://comments.gmane.org/gmane.comp.lib.qt.user/637

How to transfer certificate: 

• http://apple.stackexchange.com/questions/57059/how-do-i-transfer-my-ios-developer-profile-to-another-computer

How to import:

• https://support.quovadisglobal.com/KB/a59/how-do-i-install-a-digital-certificate-onto-apple-mac-os-x.aspx and http://www.utexas.edu/its/help/user-certs/818

Apple links

• codesign man page
• codesign info