How to sign a Qt app with a certificate in OSX?

xtingray

Hi,

After getting my Apple developer account, I am very interested in to sign my Qt apps using my official certificate. My requirement is to learn how to do it 100% from console. I want to provide my own installers outside the Apple store, that's it.

So, looking for documentation, I found this interesting link:
http://blog.qt.io/blog/2014/10/29/an-update-on-os-x-code-signing/

Following those instructions, I tried several commands and parameters, like this one:

codesign --force --verify --verbose --sign "Developer ID Application: <_my_ID_goes_here_>" -s mac_development.cer MyApp.app --deep

mac_development.cer: no identity found

But unfortunately, I couldn't avoid the error message "no identity found". :(

Now, assuming that finally I can sign my files. Do I have to sign the .dmg file too?

So, my finally question: is there any kind of official documentation about how to sign Qt apps from OSX? I feel myself like trying to solve a puzzle finding little pieces from different places and I don't want to find the solution by accident.

Any hint is very welcome. Thanks!

xtingray

After importing my certiificate into the KeyChange Access utility (as part of the login keychain), finally I found a line that seems to apparently work:

codesign --force --verify --verbose --sign "Developer ID Application: <_my_ID_goes_here_>" --keychain /Users/me/Library/Keychains/login.keychain MyApp.app --deep

I got this output:

MyApp.app: signed app bundle with Mach-O thin (x86_64) [com.mycompany.myapp]

I wonder if I am using the right certificate as it seems that I have created several.

As no .dmg file is generated, then I tried this line:

macdeployqt MyApp.app -codesign="Developer ID Application: <_my_ID_goes_here_>" -dmg

But then I got a lot of error messages like this one:

ERROR: "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/objdump: '/Users/xtingray/tupi/installer/Tupi.app/Contents/Frameworks/QtCore.framework/Versions/5/_CodeSignature/CodeResources': The file was not recognized as a valid object file\n

I will keep guessing.

SGaist

Hi,

IIRC, recent versions of macdeployqt have the -codesign option that automates that for you. You just have to pass the correct identity and you're good to go.

xtingray

As part of my research, I found this interesting post right here at Qt forums:
https://forum.qt.io/topic/60991/understanding-qt-and-mac-pkg-setups

I will try the procedure described there and let you know if it's still valid.