I’m trying to figure out a way to deliver a properly code-signed OS X app built using Xojo 2014R2.1 or R3 using ISO format disk image.
Recent Xojo versions include XojoFramework which is a Bundle:
For background info, see this thread: https://forum.xojo.com/12162-symbolic-links-inside-xojo-framework
the top level of the bundle includes two symlinks:
$ls -lR XojoFrameWork.framework/ lrwxr-xr-x 1 me 503 26 Dec 4 08:57 Resources -> Versions/Current/Resources drwxr-xr-x 4 me 503 136 Dec 10 09:35 Versions lrwxr-xr-x 1 me 503 30 Dec 4 08:57 XojoFramework -> Versions/Current/XojoFramework
My app is properly code-signed (using the --deep option) and passes validation checks while on the hard disk, and while copied to a DMG format disk image.
However, when the DMG is converted to ISO9660/joliet, it appears that the symlinks break.
Oddly, this doesn’t stop the app from running: I can double-click it from the ISO and it runs just fine.
However, this appears to confuse gatekeeper, and it considers the signature invalid:
codesign -v /Volumes/TestSignature/MyApp.app /Volumes/TestSignature/MyApp.app: code object is not signed at all In subcomponent: /Volumes/TestSignature/MyApp.app/Contents/Frameworks/XojoFramework.framework
This is a problem for me, as I want to use ISO as a delivery mechanism (why? complex & esoteric reasons of cross-platform compatibility - let’s assume for this thread that I have to use ISO).
Given this problem, I’m wondering if
- (A) I should probably “flatten” the XojoFramework.framework bundle to remove the symlinks?
- (B) Does Xojo Inc consider this a problem, and would they consider making this change to their linker?