GNOME Bugzilla – Bug 771860
Apple release code sign error.
Last modified: 2018-11-03 10:21:19 UTC
Created attachment 336138 [details] entitlements for codesign GStreamer version : 1.6.4(using cerbero universal build) build platform : mac osx 10.11 el capitan For Official App store from Apple release, I inputted the code sign in Terminal and these are the result below. I succeed the code sign and upload was also successful but with GStreamer framework, there is always code sign error. TestCase 1. - Directory Tree : MyApp.app /Contents /Frameworks /My.Framework - Terminal input codesign command : codesign -f --deep -s '3rd Party Mac Developer Application: My Developer ID' --entitlements "MyApp.entitlements" "MyApp.app" - result : codesign Ok TestCase 2. - Directory Tree : MyApp.app /Contents /Frameworks /My.Framework /GStreamer.Framework - Terminal input codesign command : codesign -f --deep -s '3rd Party Mac Developer Application: My Developer ID' --entitlements "MyApp.entitlements" "MyApp.app" - Codesign Error Message : unsealed contents present in the root directory of an embedded framework In subcomponent: MyPath/MayApp.app/Contents/Frameworks/GStreamer.framework TestCase3. - Directory Tree : GStreamer.framework(Only GStreamer) - Terminal input codesign command : codesign -f --deep -s '3rd Party Mac Developer Application: My Developer ID' --entitlements "MyApp.entitlements" "GStreamer.framework/Versions/1.0" - result : codesign Succes TestCase4. TestCase1 to copy the GStreamer was codesign in TestCase3 to MyApp.app/Contents/Frameworks, I saw the upload test to AppLoader create a pkg file. - AppLoader Upload Error : ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.myplayer.osx.pkg/Payload/MyApp.app/Contents/Frameworks/GStreamer.framework/Versions/1.0/libexec/gstreamer-1.0/gst-plugin-scanner", "com.myplayer.osx.pkg/Payload/MyApp.app/Contents/Frameworks/GStreamer.framework/Versions/1.0/libexec/gstreamer-1.0/gst-ptp-helper" )] Refer to App Sandbox page at https://developer.apple.com/devcenter/mac/app-sandbox/ for more information on sandboxing your app." ERROR ITMS-90260: "Bad Bundle Executable. You must include a valid CFBundleExecutable key in the nested bundle osx-framework [com.myplayer.osx.pkg/Payload/MyApp.app/Contents/Frameworks/GStreamer.framework] property list file." ERROR ITMS-90261: "Bad CFBundleExecutable. Cannot find executable file that matches the value of CFBundleExecutable in the nested bundle osx-framework [com.myplayer.osx.pkg/Payload/MyApp.app/Contents/Frameworks/GStreamer.framework] property list file." Other versions(1.4.5, 1.6.4, 1.9.2) tested, but it was all the same. I would like to release the Apple Appstore to resolve this problem. Please help me.
This probably helps to understand the issue, also the links included there https://stackoverflow.com/questions/25950544/codesign-what-are-unsealed-contents It seems like there are two problems here though a) the unsealed contents (whatever they are, what is wrong in the GStreamer.framework root directory?) b) "App sandbox not enabled" for gst-plugin-scanner and gst-ptp-helper
*** Bug 772035 has been marked as a duplicate of this bug. ***
(In reply to Sebastian Dröge (slomo) from comment #2) > *** Bug 772035 has been marked as a duplicate of this bug. *** Hi Sebastian, Bug 771860 is actually that I posted. Bug 771860 was about that I couldn't apply codesign and it was sorted out with the help. Bug 772035 is more related to this. when I applied sandbox and codesign on gst-plugin-scanner and gst-ptp-helper,gst_init doesnt work.
They are actually the same (group of) issue(s), and neither of them are solved yet (except for you locally). As such this should be tracked in a single bug until more research was done and it seems like completely independent issues. How exactly did you solve part of it for you? Can you describe the steps?
Postponing, we should consider fixing this for 1.10.1 then... if someone looks into it.
Hi, I know what the unsealed contents problem is. In generated framework's Version/ directory, Current is a symlink to '../Version/1.0' rather than just '1.0' which does not seem to work with the codesign tool. Furthermore, I had to change these settings in Info.plist <key>CFBundleName</key> <string>GStreamer</string> <key>CFBundleExecutable</key> <string>GStreamer</string> In order to avoid the 'codesign --deep' issue. (You're not supposed to use --deep in this context according to various things I read on the Internet). I've hacked a few other things to get this all working in my development environment, but I think they are unrelated bugs.
I pushed 2 commits to cerbero master that might make this better: commit ae2fff2dcc4995d2bf34a1938e6433cee1a25592 Author: Jan Schmidt <jan@centricular.com> Date: Fri Apr 21 17:25:05 2017 +1000 OSX/iOS: Make framework bundles more descriptive Make the framework name for osx and iOS be 'GStreamer' instead of 'osx-framework' and create different filenames for osx and ios framework builds so the ios one builds as 'ios-framework' instead of both being 'osx-framework' Make the human-readable framework CFBundlePackageGetInfoString contain a useful description with the version of the framework https://bugzilla.gnome.org/show_bug.cgi?id=771860 commit 8802888e2538b90f15ced65e59fab352f43468a2 Author: Jan Schmidt <jan@centricular.com> Date: Fri Apr 21 17:16:29 2017 +1000 OSX/iOS bundle: Make the Current version link be directly to 1.0 Don't point to ../Versions/1.0 but instead directly to the directory. This should fix problems with the codesign tool complaining about unsealed contents https://bugzilla.gnome.org/show_bug.cgi?id=771860
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/gstreamer/cerbero/issues/36.