I just did my first release of my app since 10.14.5 was released, and some of my OS X 10.14.5 users are reporting issues with some functions of my app. I need help figuring out exactly what I’ve done wrong.
Here are the gory details. Skip ahead for the TL;DR:
My build process looks something like this:
Xojo -> Build app
Drop built .app bundle onto AppWrapper, wrap the app.
Place wrapped .app bundle where it belongs for Packages.
Use Packages -> installer.pkg
Use DMGCanvs -> installer.dmg
Use AppWrapper to notarize the installer.dmg
This works well, and my app runs fine. HOWEVER: There are a few functions that my app relies on helper apps to perform. Most notably, to produce PDF reports out of HTML source files. I use phantomjs to perform this pdf creation… but my users on OS X 10.14.5 can no longer do so… phantomjs crashes as soon as it is launched. Investigating the user’s system logs reveals that Gatekeeper (or one of the other levels of OS X app security) is killing it as soon as it launches… presumably because it is not signed/notarized properly.
Until today, I had been including phantomjs in my /Resources folder with a CopyFiles build step in Xojo. In reading up on notarization though, it seems that Apple really wants helper apps like this to be put into the MacOS folder in the application bundle instead. So, I adjusted the copyFiles step to place the helper apps there instead of into Resources, and now AppWrapper reports that notarization always fails with the error: “The signature of the binary is invalid.”
Further reading indicates that anything that is executable should actually be in a folder named “Helpers” rather than “Resources” or “MacOS”, and everything has to be individually signed.
When I run codesign -vvv --deep --strict on the AppWrapper’d wrapped up version of my application bundle (with the helpers in “MacOS”) it reports that everything IS signed and happy. Similarly, if I run codesign -vvv --deep --strict on the final .dmg I submit for notarization, it also reports everything is hunky dory.
TL; DR: Where should I place helper applications for my Xojo app, and how do I get Apple to accept them in the notarization process so they will run properly when my app needs them?
Thanks!