Build Warning: "Binary is Code Signed"
1,409 views
Skip to first unread message
Bryan Jones
Feb 16, 2012, 1:23:21 PM2/16/12
to Growl Development
Hi all,
I have an app where I've just swapped in the 1.3.1 framework for the
older 1.2.x framework. I've followed the docs and created the
appropriate "copy files" build phase in my target. However, when I
build and run I'm now getting this warning:
"warning: skipping copy phase strip, binary is code signed: /Users/
bdkjones/Documents/Dev/Apps/CodeKit/CodeKit (Git)/Growl.framework/
Versions/A/Growl"
Note that Growl and Mist ARE working --- I see the notifications. But
I'd like to resolve this warning and I'm not sure how to go about
doing that. Can someone point me in the right direction?
-Bryan
I have an app where I've just swapped in the 1.3.1 framework for the
older 1.2.x framework. I've followed the docs and created the
appropriate "copy files" build phase in my target. However, when I
build and run I'm now getting this warning:
"warning: skipping copy phase strip, binary is code signed: /Users/
bdkjones/Documents/Dev/Apps/CodeKit/CodeKit (Git)/Growl.framework/
Versions/A/Growl"
Note that Growl and Mist ARE working --- I see the notifications. But
I'd like to resolve this warning and I'm not sure how to go about
doing that. Can someone point me in the right direction?
-Bryan
Christopher Forsythe
Feb 23, 2012, 4:01:07 PM2/23/12
to growl-de...@googlegroups.com
Check to see if your copy phase is trying to strip the framework. The framework has already been stripped as far as I remember, so that may be the culprit.
Chris
-Bryan
--
You received this message because you are subscribed to the Google Groups "Growl Development" group.
To post to this group, send email to growl-de...@googlegroups.com.
To unsubscribe from this group, send email to growl-developm...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/growl-development?hl=en.
Rudy
Feb 24, 2012, 11:27:25 AM2/24/12
to Growl Development
In this case you would want to turn off the "Strip Debug Symbols
During Copy" option in your Xcode target's build settings. Since the
framework has already been stripped and signed its warning you so that
you know its not going to attempt to strip the framework. It does
this because stripping the framework modifies the bundle and
invalidates the code signature.
The other option you have, if this binary is destined for the Mac App
Store, is to remove the code signature from the framework and allow it
to pass through the strip debug symbols during copy phase. Ultimately
then signing the framework out the other end of your build process
using your 3rd Party Developer Application certificate. Apple is only
using the code signature in this manner to verify that the person
submitting the binary is the person that they've previously exchanged
certificate signing requests for. The code signature is immediately
overwritten when they receive the binary and it never ships to the
user with the certificate they issue you.
That said, if you're targeting the end user with a Developer ID
certificate it would be the same situation, since the certificate
Chris signed the Growl framework with wasn't a Developer ID
certificate there is a good chance at this point that gatekeeper would
detect this and tell the user they can't run your binary under the
AppStore+KnownDeveloper option on Mountain Lion. Ultimately you're
the one shipping the framework(s) in your binary and that signature
that each gets wrapped in tells the user that you're taking ownership
of what you're shipping.
-rudy
During Copy" option in your Xcode target's build settings. Since the
framework has already been stripped and signed its warning you so that
you know its not going to attempt to strip the framework. It does
this because stripping the framework modifies the bundle and
invalidates the code signature.
The other option you have, if this binary is destined for the Mac App
Store, is to remove the code signature from the framework and allow it
to pass through the strip debug symbols during copy phase. Ultimately
then signing the framework out the other end of your build process
using your 3rd Party Developer Application certificate. Apple is only
using the code signature in this manner to verify that the person
submitting the binary is the person that they've previously exchanged
certificate signing requests for. The code signature is immediately
overwritten when they receive the binary and it never ships to the
user with the certificate they issue you.
That said, if you're targeting the end user with a Developer ID
certificate it would be the same situation, since the certificate
Chris signed the Growl framework with wasn't a Developer ID
certificate there is a good chance at this point that gatekeeper would
detect this and tell the user they can't run your binary under the
AppStore+KnownDeveloper option on Mountain Lion. Ultimately you're
the one shipping the framework(s) in your binary and that signature
that each gets wrapped in tells the user that you're taking ownership
of what you're shipping.
-rudy
Bryan Jones
Mar 22, 2012, 1:53:24 PM3/22/12
to Growl Development
Excellent. How do I strip the code signature from the framework so
that I can sign it myself?
that I can sign it myself?
Bill Bennett
Jul 25, 2013, 2:15:01 PM7/25/13
to growl-de...@googlegroups.com
Excellent answer to this question, Rudy...
Any interest in helping me through the same problem? I've got a binary app that I need to code sign. If you ever do a little pickup work, I could kick you a mini-project to help me release my app.
Reply all
Reply to author
Forward
0 new messages