I built a universal binary and one of my users couldn’t use it - she said there was a message something like the file was corrupt. This is a non-technical user with an older Mac - I don’t know how old. I built an Intel binary and it worked fine.
The question: Do older versions of MacOS not understand the universal binary?
Most of my users are on Windows, and I’m really a novice with Mac. So I appreciate any information or advice. Thanks.
Could have been user error. But I can also see how older OS wouldn’t know what to do with more recent binaries. I remember the days of PPC and Intel - wasn’t sure the current universal is the same. Thanks!
Start there. ARM code absolutely requires a signature to run, even in debug - the IDE does this quietly for us. I suspect this is why an intel-only build worked for you, but that confuses me since you’re asking about older macOS and this would be a Big Sur / ARM issue.
Does that mean a xojo compiled app loaded on another M1 machine from a stick needs to be signed? If so that is very bad for “citizen developers” doing things for inhouse use at work!
Since you mentioned Linux … a bit off topic here … but I’m also working on getting the app working properly on Linux. Seems to be some Linux improvements in 2021R1.1 but also some regressions. I’ll do feedback reports as I have time to verify them.
I am confused about code signing. You mention that the IDE signs the app for us, while others in other dialogues have said that I need to get AppWrapper to sign my apps. Can you please explain what the IDE does, and does not do, in terms of code signing?
When you are using an M1 Mac and you debug-run, Xojo will build a native version to debug. As all ARM code needs to be signed to run, the IDE will ad-hoc codesign the debug build so that it can run. It is important to note that this is only for debug, AppWrapper is still the best way to code sign, notarize, and pack a release build with your distribution signature.
As I understand it, you are unable to ad-hoc code sign a build to run on another machine. You will need to sign with a developer certificate from Apple to distribute.
Why is that, in fact?
While I recognise there are a lot of options that one may want to configure (where AppWrapper is really nice), I can also imagine someone wanting to sign a built app exactly like a debug one (so the Xojo IDE may propose to also sign built app).
And, if the user has no Apple account at all, how does the IDE sign (and run) a debug app? Using Xojo’s own account?
If identity is the single letter “-” (dash), ad-hoc signing is performed. Ad-hoc signing does not use an identity at all, and identifies exactly one instance of code. Significant restrictions apply to the use of ad-hoc signed code; consult documentation before using this.
Here’s a more in-depth explanation of how this all works
So yes they’re good on other machines, but they don’t provide any proof that they haven’t been tampered with.