christophwille
commented
3 years ago The chmod +x only applies to existing /releases, not most current gh actions builds, correct?
Open praeclarum opened 3 years ago
christophwille
commented
3 years ago The chmod +x only applies to existing /releases, not most current gh actions builds, correct?
praeclarum
commented
3 years ago @christophwille I only tried the release and didn't look at all at the GH actions.
AraHaan
commented
3 years ago You can still notarize the application without distributing it in the App Store. Apple does not care tbh all it needs to be is in an pkg or dmg file.
I know this because the .NET SDK installers notarize them on official builds (even official preview SDK releases) and the .NET SDK runs fine despite not being in the App Store.
christophwille
commented
3 years ago Slight problem there - you need macOS, XCode and a dev account. Don't know if Jeffrey has any of that, I don't have the latter (and have zero intent of getting one).
AraHaan
commented
3 years ago let me test that theory with only Rider + the .NET 6 Preview 3 SDK + the command line tools package that is installed the first time you try to use commands like gcc, clang, git, etc.
Yep it looks like those command line tools come with the codesign tool and as such all of those 3 commands can be done without XCode and no dev account and pushed into an pkg file or an dmg file.
I even know how to add things to dmg files with ease so that is a non-issue.
However thanks for exposing the codesign command. I can add that to the distribution of my C++ program as well. On that I already properly make the bundle manually and everything else using a makefile and it wraps a command line program to create a new terminal tab / window using a bash script wrapper with execution flags set.
jeffreye
commented
3 years ago I do have an account (a couple years back). The more important thing is managing the key without exposing it to the public. I haven't explored any options in GitHub. @christophwille do you have any clue?
AraHaan
commented
3 years ago Tbh I see no point in spending 100$ per year and per update (or whatever it actually costs to use it) just to publish ILSpy to the Mac App Store when they can simple go to github releases, download an dmg file then drag the code signed ILSpy.app into the Applications folder similar to how even the jetbrains dmg images do already in a clean way.
Besides all the tools to sign them today is simply available almost out-of-box with the exception of those that requires the command line development tools (which can be installed without needing XCode installed which is about ~12GB in size and in my opinion too big and I think apple really should have split them into separate apps based on what users would actually want / choose to actually use). I think if Apple done it to begin with plus I think most devs do not use most of what is in that 12 GB of clutter installed for that "App".
christophwille
commented
3 years ago We discussed Windows signtool.exe approaches in https://github.com/icsharpcode/AvalonEdit/issues/283#issuecomment-845167823 (environment protected to master) Similar actions exist for notarizing (at least a quick search surfaced a few), and maybe also for codesign.
jeffreye
commented
2 years ago @praeclarum @AraHaan Please take a look at https://github.com/icsharpcode/AvaloniaILSpy/pull/98 I tried to create a DMG file using create-dmg, but it still has the same issue (quarantine is the only thing to fix tho).
chenmeng1996
commented
2 years ago xattr -rd com.apple.quarantine /Applications/ILSpy.app
it is work for me, thank you.
Axemasta
commented
1 year ago I ran into this issue with 7.2RC on a 2018 Intel Macbook Pro. Running the CLI allowed the app to launch correctly, thanks Frank you are a treasure ❤️
jwosty
commented
11 months ago Apparently an alternate workaround to re-signing the app is to just remove the signature, then it works:
codesign --remove ./ILSpy.appThe app apparently already has a signature (just an ad-hoc one):
$ codesign -dv ./ILSpy.app
Executable=/Applications/ILSpy.app/Contents/MacOS/ILSpy
Identifier=apphost-555549447a4355a3691f3dd6b38da9a2cacffc9c
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20400 size=1225 flags=0x2(adhoc) hashes=32+2 location=embedded
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=0 size=12Also, this is interesting:
$ spctl -vvv -a /Applications/ILSpy.app
/Applications/ILSpy.app: code has no resources but signature indicates they must be presentNot sure exactly what that means - maybe the app contents are being messed with after the signature is created?
It seems that the compressor you are using is removing the executable flag from the Mac binary. This makes the .app impossible to run.
Also, it doesn't seem like you are signing the package. Catalina+ versions of macOS quarantine your .app because of this.
There are three different solutions to this:
For those reading, here is how to fix the quarantine:
Here is how to fix the missing flag:
And here is how to re-sign the app: