Copy link to clipboard
Copied
Has anybody put together a tutorial on publishing a Flex/AIR application for distribution as an OSX desktop app, either through Mac App Store or just using the Developer ID certificate?
In my time as a Flex developer, I've seen some things documented well and some that you had to dig for, but finding clear instructions on this is really difficult! I would have thought publishing your Flex/AIR app as a stand-alone (captive runtime) application either through the Mac App Store or to users directly (signing with an Apple Developer ID certificate) would be something many people are trying to do. But most of the helpful posts out there are dated or incomplete as well as being specifically targeted towards iOS. Furthermore, each time the AIR SDK changes it seems many of the past posts are no longer valid at some step.
Big thanks for anybody who can provide pointers or suggestions!
I have it working!!! Woooohoooo!
DHL83's correspondence with Apple and reference to the Electron thread on Apple's Developer support site provided me with some ideas for googling whether entitlements could be added for apps produced by 3rd party tools such as the Flex SDK. After a lot of trial-and-error, I worked out what entitlements are required.
Here are the steps in addition to the signing script I posted above:
1. You need to create an Entitlements file which will look like this:
<?xml vers
...Copy link to clipboard
Copied
I am having some real annoying issues that I think is related to codesigning. The icon just bounces in the dock, then quits. This is what my os x system tells me.
10/13/15 1:34:29.815 PM CoreServicesUIAgent[18086]: Error -60005 creating authorization
10/13/15 1:34:35.885 PM lsd[441]: LaunchServices: Could not store lsd-identifiers file at /private/var/db/lsd/com.apple.lsdschemes.plist
10/13/15 1:35:08.718 PM com.apple.backupd[792]: Bulk setting Spotlight attributes failed.
10/13/15 1:36:26.211 PM lsd[441]: LaunchServices: Could not store lsd-identifiers file at /private/var/db/lsd/com.apple.lsdschemes.plist
10/13/15 1:36:26.240 PM CoreServicesUIAgent[18086]: Error -60005 creating authorization
10/13/15 1:36:37.946 PM CoreServicesUIAgent[18086]: Cannot load Interface Builder file '/System/Library/Frameworks/AppKit.framework/Resources/English.lproj/NSAlertPanel.nib'
10/13/15 1:36:37.946 PM com.apple.xpc.launchd[1]: (com.apple.xpc.launchd.oneshot.0x10000016.TrafikteoriLaerer[18110]) Service exited due to signal: Killed: 9
Has anyone experienced this or have an idea what this could be?
Copy link to clipboard
Copied
I am trying to code sign my air for mac app (sdk 23/24) and have researched and found several threads, none of which appear to work. This is for general distribution, not for the Mac Store. I have tried the following:
rm -rf APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/Adobe\ AIR.vch
rm -rf APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/adobecp.plugin
rm -rf APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/adobecp.vch
rm -rf APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/AdobeCP15.plugin
rm -rf APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/WebKit.dylib
rm -rf APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/Flash\ Player.plugin
rm -rf APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/AdobeCP15.plugin
which all seems to work, followed by:
codesign -f -v -s “Developer ID Application: Developer" APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/Current/Adobe\ AIR_64\ Helper
codesign -f -v -s “Developer ID Application: Developer" APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/Current/Adobe\ AIR_64
codesign -f -v -s “Developer ID Application: Developer" APP.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/Current/Adobe\ AIR
codesign -f -v -s “Developer ID Application: Developer" APP.app/Contents/MacOS/App
codesign -f -v -s “Developer ID Application: Developer" APP.app
which all seems to work, indicating each step is signed.
If I start the signed App.app directly (double click) it opens and runs no problems. However if I put it into a dmg, take the dmg and put it on a server, download back onto the same computer, mount the dmg and try to run App.app, it says it is damaged and should be put in the trash. I have done this several times.
On the signed App.app, when I run spctl -a App.app, I get: App.app: nested code is modified or invalid.
I have also tried the above without the initial rm commands, leaving the bundle intact prior to signing, and just using the 5 codesign commands - get the same results: nested code is modified or invalid. Note that I first compile the app using a self signed certificate, then apply the above to the resultant app.
Any help appreciated, I must be missing a step somewhere?
Copy link to clipboard
Copied
Just in case anyone still has trouble with this for hosting your installer other than on the Mac App Store, here is my bash script that creates a .pkg installer for MacOS and it downloads without any warnings from any browser (tested with Safari, Chrome, Firefox and Brave), and it installs without warnings, and the installed app launches without warnings.
It also fixes the icons that as of AIR 31 are still wrong for MacOS, and it updates Info.plist with version. This app package contains 10 ANEs as well.
# !/bin/bash
VERSION=$1
USAGE="Usage: build.sh app_version_string (n.n.n)"
if [ "$VERSION" == "" ]; then
echo "app_version_string is required"
echo ${USAGE}
exit 1
fi
INFO_PLIST="$APP_DIR/out/your-app.app/Contents/Info.plist"
cd $APP_DIR
# copy icons file over the one built by AIR which is still packaged incorrectly as of AIR SDK 31
cp -f ./packaging/Icon.icns ./out/your-app.app/Contents/Resources/Icon.icns
rm -f "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib"
rm -f "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Adobe AIR.vch"
/usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString ${VERSION}" "${INFO_PLIST}"
/usr/libexec/PlistBuddy -c "Set :CFBundleGetInfoString ${VERSION}, © 2018 Your Company, Inc. All rights reserved." "${INFO_PLIST}"
/usr/libexec/PlistBuddy -c "Add :LSApplicationCategoryType string public.app-category.business " "${INFO_PLIST}"
codesign -f -v -s "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR_64"
codesign -f -v -s "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR"
codesign -f -v -s "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework"
codesign -f -v -s "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app"
productbuild --component ./out/your-app.app /Applications "./packaging/mac/your-app.pkg" --sign "Developer ID Installer: Your Company, Inc. (YOUR_TEAM_ID)" --identifier "your-app" --version "${VERSION}"
Copy link to clipboard
Copied
Huge thanks to everyone for contributions to this thread and especially to ejthomas95746 for providing the script.
A few extra pointers for anyone doing this process:
1. As of AIR 31 or 32, there is an additional file to sign which is Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/A2712Enabler
I'm not sure if it's necessary but it is easy enough to sign.
2. For future-proofing, Apple now likes all apps to be Notarized (and will require it for all apps from MacOS 10.15). Details of how to do it are here: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizi...
For this to happen and for it not to fail, it's necessary to sign the A2712Enabler file and your MyApp.app file in a different way so that it includes a 'hardened runtime'. The updated codesign commands are
codesign --force --options runtime --deep --sign "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app/Contents/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/A2712Enabler""
codesign --force --options runtime --deep --sign "Developer ID Application: Your Company, Inc. (YOUR_TEAM_ID)" "./out/your-app.app"
Notarization is then performed as per the document linked above. You have to create an App-specific password on your iTunes Connect account to do that.
The document also contains details of how to find errors which is very important if the process fails.
3. Finally, you staple the notarization to the app, although there's no reference required, just this command:
xcrun stapler staple "./packaging/mac/your-app.pkg"
4. One other note: It's quite acceptable to use the .air file built and signed on a Windows dev machine as the input to 'adt -package -target bundle' to create the MacOS Captive Runtime version (this saves us time in our build process). I also found the app 'iCreate icons' to be a really simple way to generate the .icns file required for Mac from the Windows png icons we already had.
Hope this helps someone as much as everyone's previous answers helped me. Thanks all!
Copy link to clipboard
Copied
Thanks for this re-cycle. I'm struggling a bit with the signing part. All actions are successfully completed, but after doing the last signing of the .app, using the --options runtime --deep, the app crashes during startup with a message of "Code Signature Invalid":
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes: 0x0000000000000032, 0x0000086b6eb84f30
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x2
Here are my steps:
1. Export app as "Captive Runtime Bundle (.app)" in IntelliJ IDEA
2. Run the following commands:
rm -f MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/WebKit.dylib
rm -f MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/Adobe\ AIR.vch
/usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString 2.0.2" /Users/me/Desktop/MyAIRApp.app/Contents/Info.plist
/usr/libexec/PlistBuddy -c "Set :CFBundleGetInfoString 2.0.2, © 2019 MyCompany, Inc. All rights reserved." /Users/me/Desktop/MyAIRApp.app/Contents/Info.plist
/usr/libexec/PlistBuddy -c "Add :LSApplicationCategoryType string public.app-category.business" /Users/me/Desktop/MyAIRApp.app/Contents/Info.plist
codesign -f -v -s "Developer ID Application: MyCompany, Inc" MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/Current/Adobe\ AIR_64
codesign -f -v -s "Developer ID Application: MyCompany, Inc" MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/Current/Adobe\ AIR
codesign --force --options runtime --deep --sign "Developer ID Application: MyCompany, Inc" MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/Versions/1.0/Resources/A2712Enabler
codesign -f -v -s "Developer ID Application: MyCompany, Inc" MyAIRApp.app/Contents/Frameworks/Adobe\ AIR.framework/
codesign --force --options runtime --deep --sign "Developer ID Application: MyCompany, Inc" MyAIRApp.app
After this, if I run the app, I get the error above. I won't get the error if I sign A2712Enabler and MyAIRApp.app without --options runtime, but then notarization fails.
Any clue to why the --options runtime gives this Code Signature Invalid crash/error?
I'm using MacOS 10.14.5 and Adobe AIR 31. Air bundle packaged in IntelliJ 2019.1
Copy link to clipboard
Copied
I'm not sure what's causing the error but I have two guesses:
1. My process is a little different to yours. I export an unsigned .airi from Flash Builder 4.7. I then (on Windows, though it shouldn't matter) use ADT to create an unsigned .air:
adt -package -target bundle MyApp MyApp.air
[I then sign that on Windows using Signtool but I think I use the unsigned version for Mac]
Next, I move that .air file to Mac OS and create the .app (again, unsigned):
adt -package -target bundle MyApp.app MyApp.air
I then copy the .icns file into the package:
cp -f MyApp.icns Contents/Resources/Icon.icns
and finally run the script to remove Webkit and DRM and to sign the .app and its various components.
2. My second guess would be to check and double-check your certificates since that's what the error is stating. Also, have you followed the instructions in the Notarization link to get the full error message link when it fails?
The full format of the certificate IDs should include the letters and numbers in brackets: e.g "Developer ID Application: Company Name, Inc (AB1CD2E3FG)"
After completing all of the above, I create an installer .pkg file, signing that .pkg with my Developer ID Installer certificate from Apple (NOT the Developer ID Application one), which with xCode installed is:
productbuild --component MyApp.app /Applications "MyApp.pkg" --sign "Developer ID Installer: My Company, Inc" --identifier "AppName" --version "1.0.0"
That signed .pkg is what I submit to Apple for notarisation.
Good luck - we're all just guessing here thanks to Adobe's lack of documentation about the details of publishing AIR apps to Macs in the various possible formats!
Copy link to clipboard
Copied
Thanks a lot for the quick reply, re-cycle. I've got bootcamp with Win10 installed on my mac, so I'll try to reproduce your steps (except I'll be exporting from IntelliJ IDEA instead of Flash Builder).
May I ask if you use AIR 31 or 32?
Also, do your do any more modifications to your Info.plist except the ones you mentioned in your post?
If I'm successful, I'll summarize all my steps here.
Copy link to clipboard
Copied
Using AIR 32 and no further modifications to Info.plist.
I'm also using Win10 on bootcamp on a MacBook Pro in my process.
[As an aside, when signing on Windows, I first tried using one of the latest MacMinis but couldn't get the USB signing token to work under windows, which I'm guessing is down to the T2 chip in the MacMini. Signing tokens also don't work under virtualisation with VMWare Fusion or Parallels. Works fine on Win 10 running as bootcamp on an older MacBook Pro though. Not relevant to the Mac discussion but may be useful to someone who is using Bootcamp to run Windows to sign a captive runtime .exe AIR app.]
Good luck!
Copy link to clipboard
Copied
Unfortunately, I couldn't get past the first step, creating an unsigned .air from exported .airi
On Windows using PowerShell:
.\adt -package -target bundle "C:\Users\MyUserName\Desktop\MyApp.air" "C:\MyUserName\Desktop\MyApp.airi"
I get the result:
An AIRI file was specified without signing arguments. AIRI files must be signed to be processed further.
I can't find anything on Google related to "unsigned .air" file..
Copy link to clipboard
Copied
Been hammering this problem for a few hours now, without any luck.
My steps are:
When applying the last step (10) something is changed so that when I try to run the app it crashes with the Problem Report attached below. I am able to successfully notarize this app, but that doesn't help if the app crashes 😞
- AIR 31
- IntelliJ 2019.1
- macOS 10.14.5
Crashed Thread: | 0 Dispatch queue: com.apple.main-thread |
Exception Type: | EXC_BAD_ACCESS (Code Signature Invalid) |
Exception Codes: | 0x0000000000000032, 0x00002441987edf30 |
Exception Note: | EXC_CORPSE_NOTIFY |
Termination Reason: | Namespace CODESIGNING, Code 0x2 |
kernel messages:
VM Regions Near 0x2441987edf30:
Memory Tag 240 | 00002441987d9000-00002441987de000 [ 20K] rw-/rwx SM=S/A | |
--> Memory Tag 240 | 00002441987de000-00002441987ee000 [ 64K] r-x/rwx SM=COW | |
VM_ALLOCATE |
Copy link to clipboard
Copied
I presume you've tried those last steps varying the command line arguments to see if it works if you miss something out?
Just checking also that the certificate you are using is the one that you got from Apple labelled 'Developer ID Application', not Apple Development, Mac Development or iOS Development.
Also, do you have the latest version of Xcode installed?
Other than that, I'm really not sure. However, since it sounds like an issue which is caused by Xcode signing with an Apple certificate, you should be able to contact Apple Developer technical support since you can prove the app runs before codesign alters it.
Copy link to clipboard
Copied
I've tried varying the command line arguments of the last step. The app runs fine up to step 10.
If I run step 10 without using "--options runtime", it will run fine, but will be rejected by apple with one error: ("The executable does not have the hardened runtime enabled.") during notarization.
Running step 10 with "--options runtime" creates an app that I can successfully get notarized, but that crashes when executed on my mac.
I just updated my Mac from High Sierra to Mojave 10.14.5 (18F132). Xcode is Version 10.2.1 (10E1001). I am using certificate "Developer ID Application: Preseria AS (N111ABCD9E)"
I tried the procedure on the simplest AIR app possible, but with the same error:
<?xml version="1.0"?>
<s:WindowedApplication xmlns:fx="http://ns.adobe.com/mxml/2009" xmlns:s="library://ns.adobe.com/flex/spark">
<fx:Script><![CDATA[
import mx.controls.Alert;
]]></fx:Script>
<s:Button click="Alert.show('Hello, world')" label="Say Hello"/>
</s:WindowedApplication>
Copy link to clipboard
Copied
Have you tried cutting IntelliJ IDEA out of the process? You can compile from the command line using the AIR SDK.
Other than that, I suggest Apple Developer Support.
Copy link to clipboard
Copied
I've contacted Apple Support.
I've tried packaging an .airi file from IntelliJ and signing it manually to get an .air bundle, but not the first step of "swc to .airi" from command line, no. That is something I could try, if I figure out the correct arguments.
I do have a Flash Builder 4.7 key somewhere, so I could try to install and import the project to FB before exporting it. Also I guess I could try some more combinations of first creating the .air file on Windows and then bring it over to MacOS.
re-cycle, you mentioned creating an unsigned .air from an .airi file. How is that possible? Using the adt tool it seems you must sign it to get a .air, or is it something I'm missing?
By the way, thanks for all the help re-cycle. It's much appreciated. I've been checking codementor.io and upwork for expertise, as I'm happy to pay for guidance, but not many people have experience with this kind of stuff. If you, or anyone else who sees this, want to jump on a video call with screen sharing (TeamViewer) and help out, let me know. I'll gladly pay for it.
PS: I just found a recent thread on as3lang.org with a couple interesting links. Will see if I can find some new information there. Will share if I get any closer to a properly signed app that passes notarization. : https://discuss.as3lang.org/t/air-for-desktop-publishing-to-the-mac-app-store-is-it-possible/1850
Copy link to clipboard
Copied
Thanks for this helpful thread. It has helped me get an Adobe AIR 31 app successfully through the notarization process. But now I am at the same point as DHL83. After stapling the approved app, I get the same error when starting the app:
Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes: 0x0000000000000032, 0x00002930cc582f30
Exception Note: EXC_CORPSE_NOTIFY
My app is a captive runtime application built by command line on the Mac using mxmlc and adt.
I found this article
https://successfulsoftware.net/2018/11/16/how-to-notarize-your-software-on-macos/
it says to try the following command to verify the stapling:
spctl -a -v "test.app"
It shows:
test.app: accepted
source=Notarized Developer ID
Which should indicate success. I'll let you know if I find out anything more.
Copy link to clipboard
Copied
Sorry for the radio silence - have been away with my family and ignoring email.
The bad news: I'm now getting that error on Mac OS X too for the notarized app:
Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes: 0x0000000000000032, 0x00001199ab481f30
Exception Note: EXC_CORPSE_NOTIFY
The reason I hadn't picked this up before is because I was creating the notarized app on my new Mac Mini running 10.14.5 Mojave but then downloading and testing the install of the app on my older MacBook Pro 10.13.6 High Sierra (which I'm keeping behind an OS X version so I can still run Flash Builder 4.7). The notarised app installs and works perfectly on High Sierra and the crash only occurs on Mojave in my environment. DHL83 - I wonder if that would be useful additional information for Apple Support? Have you heard back from them?
[Apologies for not picking this up before - I was just so pleased to get the app installing before I went on vacation that I posted here without fully testing on Mojave.]
This is a fairly critical issue for our business, so I'll continue working on it. Would love to hear from anyone who has ideas for further tests or can make progress with this.
Copy link to clipboard
Copied
Just some quick additional information: this doesn't seem to be restricted to AIR: there are users of other platforms reporting the same issue (without solutions yet...)
e.g.
Unity: https://stackoverflow.com/questions/56246948/how-to-tell-why-osx-code-signature-is-invalid
Electron apps: macOS Hardened runtime, notarization, code signing: app crashes and doesn't work at all · Issue #398...
This leads me to believe that it's an issue which Apple have introduced in the way Notarization checks are done. If so, will they care enough about the Unity/AIR/Electron platforms to solve this before they release MacOS 10.15 Catalina?
Copy link to clipboard
Copied
I've been on a short week-long vacation myself. Catching up on some emails now. I got a standard response from Apple that I'll share below. In short, I need to provide them with some more information, screenshots, etc, although there's nothing new to tell them apart from the information I've already submitted.
I'll post back here when I get a follow-up reply from Apple. Oh, and I'll mention in my reply to Apple that this is a problem also for Unity and Electron platforms.
The message I got from Apple:
Hello Dag,
My name is Laura, and I'm an Advisor from Apple Developer Program Support. Thank you so much for getting in contact about you issue with code signing.
This document should help you resolve most code signing errors. If you need additional assistance, review the Apple Developer Forums for threads on a variety of code signing issues.
1. You are signed into Xcode using the developer Apple ID associated with the app (Accounts pane in Xcode Preferences).
2. The bundle ID set in the Xcode project matches the bundle ID chosen in the App Store Connect app record.
If you continue to receive a code sign error, please provide responses to each of the following questions, so that we can make sure that your error is not related to an internal issue:
1. Is your Mac used to develop for multiple development teams?
2. Are you signing an iOS, tvOS, or macOS app?
3. If you are attempting to sign an iOS app, which type of deployment have you selected (Ad-hoc, Enterprise, or App Store)?
Also provide the screenshots of the following:
1. The error message you receive.
2. The Xcode project General pane.
3. The Xcode project Custom iOS Target Properties section located on the Info pane.
4. Your Provisioning Profile details as shown in Xcode Preferences on the Accounts pane after clicking the View Details button.
5. The Provisioning Profile details as shown in the Certificates, Identifiers & Profiles portal.
After we receive this information, I'll follow up with you when we have an update.
Should you have further queries, please do not hesitate to reply to this email or contact us through our support site. Your case number is 100854096929.
Have a lovely day.
Kind regards,
Laura
Apple Inc.
Copy link to clipboard
Copied
I was referenced to Apple Developer Forums by Laura from Apple Inc. There I found several posts from people with the exact same issue: electron mac build crashing on startup (signed ... |Apple Developer Forums
Copy link to clipboard
Copied
Ah, so we're helpless unless someone at Adobe who wrote the code for the ADT tool will help us by talking directly to Apple. Actionscript has always been Just In Time compiled as far as I know and if Apple are saying that's the reason for the notarization failing then it's a problem at the very core of the AIR runtime which Apple have introduced by requiring notarization.
Does anyone have a clue about how to get an Adobe engineer to look at this? I'm guessing it would need someone from a large company who have a big support contract with Adobe to have enough clout for them to sit up and take notice... ;-(
DHL83 - thanks very much for reporting back with this.
Anyone have any other ideas about how to work around this?
Copy link to clipboard
Copied
Since Harman will be taking over the support and development of the AIR platform I've shot them an email explaining the problem and referencing this thread. (Adobe.Support@harman.com) / Harman - Adobe Partnership - HARMAN
Copy link to clipboard
Copied
I have it working!!! Woooohoooo!
DHL83's correspondence with Apple and reference to the Electron thread on Apple's Developer support site provided me with some ideas for googling whether entitlements could be added for apps produced by 3rd party tools such as the Flex SDK. After a lot of trial-and-error, I worked out what entitlements are required.
Here are the steps in addition to the signing script I posted above:
1. You need to create an Entitlements file which will look like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
</dict>
</plist>
Thismust be created in XCode otherwise get an error about blobs not being correct:
HomeDirXCodePropertyList.plist: unrecognized blob type (accepting blindly)
HomeDirXCodePropertyList.plist: invalid length in entitlement blob
To create in XCode, do this:
In XCode, File->New->File...
Choose MacOS tab -> Resource -> Property List
Right click on the document -> Property List Type -> Entitlements File
Add Row using + button.
Select Allow Execution of JIT-compiled code and select Boolean value YES
Add Row using + button
Select Allow Unsigned Executable Memory and select Boolean value YES
Save the file (I called it entitlements.plist) and reference it in the .app signing line.
2. Change the script you use for signing the .app to reference this file:
codesign --force --options runtime --deep --sign "Developer ID Application: My Company, Inc (AB1CD2E3FG)" --entitlements "/Users/username/Documents/entitlements.plist" "/Users/username/Documents/out/MyApp.app"
Check that you don't get any errors from the entitlements file.
3. Use product build in the script as before (no changes) to create the .pkg
4. As before, submit the app for Notarization, then staple once it completes successfully.
My testing has been as follows:
1. Delete the .app files from my machine.
2. Upload the .pkg file to a web server.
3. Download it and install on 10.14.5 Mojave.
It installs and runs without the previous codesign error. Hope it works for others!
Copy link to clipboard
Copied
YES! This is awesome! Thank you so much re-cycle! Your step-by-step instructions should be marked as the correct answer! Ideally this should be put on Adobe's official blog or wherever we can expect to find updated information for AIR developers in the future.
What a great way to end the work week
Copy link to clipboard
Copied
Excellent. This worked for me too. Thank you so much!
Copy link to clipboard
Copied
Wow! I am very troubled about notarization. Thanks!