Loading...
 

Wineskin Support Forum Help

Forums » Wineskin Support Forum » How do I Codesign my Wineskin?

How do I Codesign my Wineskin?

Have checked, the forum here, but not sure where to start.

Now that I've got Wineskins in beta, getting close to release, want to make a start on code signing.

I'm totally new to Mac - and the code signing help is very complex, I don't know where to start.

Obviously with a Wineskin, I'm not going to be building a project in XCode.

So - how do I set about getting a certificate and signing my wineskin?

A google search turns up this and various other pages about code signing - but as someone who has never used XCode at all, it doesn't make any sense, started up XCode but don't see anything resembling the instructions here.

https://developer.apple.com/library/mac/documentation/IDEs/Conceptual/AppDistributionGuide/DistributingApplicationsOutside/DistributingApplicationsOutside.html(external link)

I can tell from some forum discussions that at least some developers here are signing their Wineskin apps but I've no idea how to do it myself.

Any hints about how to get started on this appreciated, thanks!



Get your signing identity working in Xcode justlike Apple says you need to.  It will have some to set up in Xcode and a cert to put in your Keychain.

When it comes down to signing the app though, you won't do that inside of Xcode.  Run Terminal and use the command line codesign command.

I have a signing identity with Apple, so I was able to download a cert and get stuff in Xcode easily... so easy I don't even remember how, it took a few seconds.  Links and directions were on the Mac Developer page for my account under certs.

Command line codesign is easy.  Just cd into the folder with the app that is ready to go (make a backup because you cannot 'unsign').  type in like.... codesign -s SomeEntityNamePossiblyInQuotes WineskinWrapperName.app

SomeEntityNamePossiblyInQuotes would be whatever your set up with as your cert in Xcode/Keychain.

just make sure you codesign it and then change nothing in it... go back to your previous backup that isnt codesigned to make changes and resign a new copy every time.



Okay thanks, I got my signing certificate now. Yes was easy to do once I knew where to go.

But now, trying to sign one of my apps I get  an error "unsealed contents present in the bundle root"

I deleted everything from it except Contents\info.plist and the Wineskin and got the same error message.

Then, I deleted everything from inside the Wineskin folder, still got the error.

So at that point all I have is Contents, with info.plist - and the Wineskin folder with nothing in it at all and get this message.

Then when I delete the empty Wineskin folder, then it is able to sign it.

Any idea what this means and can I do anything about it?

Thanks!

 

 



I have yet to even try to codesign with their new version for 10.9.5+ and 10.10 ... might be something specific to that they have changed.



Okay - yes that must be it then.

I'm using Mavericks 10.9.5. so needs "version 2" certificates

Details of their changes here (I think have to be logged in as developer to see it):

https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG205

I wondered if it might be a temporary work around to make a version 1 certificate for now by signing my app inside OSX Lion in a virtual machine - using a certificate generated from within the virtual machine - but it didn't work (error message: "Permission denied").

Anything else to try?

 

 

 



The problem using V1 signing, is that it doesn't work on 10.9.5+ and 10.10.0+



Oh okay, I think it must be these Gatekeeper changes in OSX 10.9.5 and later then.

- the Version 2.

https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG205 

I'm on 10.9.5. So I'd be generating Version 2 signatures.

Just as an experiment - had a go at signing with a certificate generated inside a Mountain Lion Virtual Box machine in hope it would work as a "Version 1" certificate at least. But it didn't let me do that, got a different "permission denied" message this time when I tried to sign the app.

Any other thoughts be sure to say, anything to try!

(NB - not sure, this may be a duplicated message, if so - do feel free to delete this one (or the previous one) - probably saying pretty much the same thing. 

 

 



Oh, okay, thanks. Any chance of an update some time in the future to make it possible to do v2 signing?

Or anything you can think of that I can explore to make it compatible?

If not I just have to tell users to use Ctrl + Open - while googling I found a few examples of program websites where they tell their users to do that since the version 2 update so it's not too unusual for the time being I suppose.



I'm bumping an old thread, but is there currently any way to codesign a Wineskin app bundle for 10.12 Sierra? The tightening Gatekeeper defaults make it increasingly difficult to distribute an unsigned app.

If I try

codesign -s "my company developer ID" --deep myapp.app

I get

myapp.app: bundle format unrecognized, invalid or unsuitable
In subcomponent: /Users/blah/blah/blah/myapp.app/Contents/Frameworks/bin/X11/locale/am_ET.UTF-8.

Pruning Contents/Frameworks doesn't seem to help.

 


Post new message

Attach file Maximum size: 10.00 Mb
Post new reply

Show posts: