Codesign CLI tools in app bundle with Mavericks
Question
I've had an app submission rejected from the Mac App Store with the vague feedback that it's incorrectly sandboxed. The app includes a couple of command-line helper tools bundled with it. While I've asked Apple for more details, I've also run across the more stringent requirements for code-signing (all executable code in the app bundle must be code-signed).
It was my understanding that using codesign --deep would recursively walk my app bundle and sign all Mach-O executables with the same set of entitlements, so I thought this would take care of the CLI tools.
However, when I attempt to verify the signature on one of the CLI tools, I get this output:
MyApp.app/Contents/lib/helper/helpertool: code object is not signed at all.
So I'm a bit confused, especially when the app bundle itself passes verification:
codesign --deep --verify --verbose=4 MyApp.app: valid on disk,satisfies its Designated Requirement.
Can anyone suggest to me what I may be doing wrong here--why the CLI tools don't appear to be signed/sandboxed? Is there anything else I am missing here? (I build my app using a shell script rather than Xcode, but that shouldn't make a difference as far as I can tell.)
1 answers
solution1
1 2013-12-21 04:27:47
These links answered the question for me:
Mac OS app, sandbox with command line tool?
How to sandbox a command line tool?
Very cool.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.