This is regarding my recently released xojotool command line app.
I’m trying to make it easier for people to update and install the tool on macOS by utilising Homebrew.
I did this a couple of years ago for another command line app I released (Roo) and it worked perfectly. What has happened in the interval is Apple’s code signing nightmare.
I’m using @Sam_Rowlands awesome App Wrapper (version 4.4.1) to sign the built xojotool
app and the associated xojotool Libs
folder contents. This spits out a ZIP file which I rename and upload to GitHub. This is the file that users on the forum have been downloading and using. As far as I can tell - the app is running for them with no errors.
The issue I’m having is that something funky is happening with code signing and Homebrew. I have a Homebrew formula (the instructions that tell Homebrew how to install your app) that essentially says “copy the xojotool
binary and the xojotool Libs
folder to the path”. This is virtually exactly the same formula I used for Roo (which worked perfectly).
What is happening is that Homebrew installs xojotool
to the right place but when I run it I get this cryptic error:
To my untrained eye it is moaning about my certificate. How come this isn’t happening on user’s systems if they install the tool manually?
/usr/lib/rbframework.dylib?
I’ll do a deep dive with the App Wrapper signed package tomorrow to make sure that App Wrapper is signing all the binaries and architectures.
But this error is weird, is it possible that homebrew is trying to coalesce dylibs and replacing the one with the packge, with another version?
Xojo didn’t include versions number in a known format (nor would Xojo share the format with me when I asked), App Wrapper does try to include something obtainable when the package is created using a build script.
Thanks Sam.
I don’t think Homebrew is doing anything other than moving the files around.
The zip file that Homebrew downloads is structured as follows:
macos
- xojotool
- xojotool Libs
- InternetEncodings.dylib
- MBS_Main_Registration_Plugin_20743.dylib
- MBS_Tools_RegEx_Plugin_20743.dylib
- MBS_Util_Main_Plugin_20743.dylib
- rbframework.dylib
- XML.dylib
Homebrew appears to copy xojotool
to /opt/homebrew/Cellar/xojotool/1.0.4/bin/xojotool
and xojotool Libs
to /opt/homebrew/Cellar/xojotool/1.0.4/bin/xojotool Libs
.
The only other thing worth mentioning is when I wrap the application with AppWrapper and check it first I get these warnings:
But I do not think you need to codesign (even adhoc) when compile stuff with Homebrew.
I compile several stuff with Homebrew and never needed to codesign anything.
Edit: I checked several compiled apps (for example RAR Archiver) and it’s not codesigned.
BTW running macOS12 on M1 Pro
1 Like
How is security check for homebrew-issued apps done?
It would seem that I was over complicating things. You are correct - if I use an unsigned binary Homebrew works perfectly. Weird.
1 Like