How to code sign QT dmg on OsX?



  • Hi,

    I purchased a code signing certificate from COMODO and used it successfully to sign a Windows build of my QT app. However I cannot get the signing to work on OsX. (I'm using QT 5.7)

    Usually I compile in QT Creator, copy the .app to the Qt bin folder, then use macdeployqt with the -dmg option.

    To sign, I installed the PFX or P12 certificate file in the OsX KeyChain, then in macdeployqt I added the -codesign="My Cert Name" option. (I just copied the cert text name from the keychain.) Running with the -codesign option, I always get "Segmentation fault: 11".

    Any help would be most appreciated. Developing on OsX is somewhat voodoo to me.

    Thanks,
    Michael


  • Lifetime Qt Champion

    Hi,

    AFAIK, you get your certificates directly from Apple.

    See this

    Hope it helps



  • Thanks. Yep, I'm familiar with the Apple Developer ID route.

    However many code signing certificate vendors, including Comodo, talk about their certs being usable for development on Windows, OsX and other platforms. I'm looking for anyone who has tried using non-Apple certs to sign QT projects on OsX.

    @SGaist said in How to code sign QT dmg on OsX?:

    Hi,

    AFAIK, you get your certificates directly from Apple.

    See this

    Hope it helps



  • From the Apple developer pages:

    "Note: Apple uses the industry-standard form and format of code signing certificates. Therefore, if your company already has a third-party signing identity that you use to sign code on other systems, you can use it with the OS X codesign command. Similarly, if your company is a certificate issuing authority, contact your IT department to find out how to get a signing certificate issued by your company."

    https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html

    I'm not sure how to adapt these procedures for QT and QT Creator.

    Thx,
    Michael


  • Lifetime Qt Champion

    Well, I'm not sure macdeployqt handles that use case. However, you can still use Xcode in between to sign your application after having run macdeployqt to populate the bundle.



  • Thanks. Can you elaborate how?

    @SGaist said in How to code sign QT dmg on OsX?:

    Well, I'm not sure macdeployqt handles that use case. However, you can still use Xcode in between to sign your application after having run macdeployqt to populate the bundle.



  • First of all the Segmentation Fault ist not because of the signing stuff.

    I had the same issue.

    Try to get the macdeployqt source code form here and compile it on your own:
    http://code.qt.io/cgit/qt/qttools.git

    With the newest version of that tool everything works fine for me.

    Als make sure that "My Cert Name" is correct. (Copy it from your keychain. I think there must be a "Developer ID Application:" before).



  • Ok, thanks for the replies but it appears no one knows about signing with 3rd party certificates.

    I spent the weekend on this and so far I've found that Xcode's "codesign" tool appears to work on .app's with both Apple Developer generated certificates and external 3rd party code-signing certificates (like from Comodo) however.......

    The OsX gatekeeper does not acknowledge non-Apple code-signing certificates, when trying to run the app after uploading and re-downloading the signed .app from a website. When using non-Apple certificates, the GateKeeper still says, "This app is from an unknown developer" and won't run the app unless the security settings are changes to "run apps from anywhere."

    If the QT folks know of anything different, I'd love to know...


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.