:+1:

I've successfully signed many applications. What are you using to sign your application?

Try executing:

codesign -d --deep-verify -v -v -v /Path/To/Your/Bundle

It'll tell you what is signed and what isn't (and by whom). There may be something within the bundle thats previously been signed by someone else that you may be including that can't be resigned.

Hello there , the "/Path/To/Your/Bundle" is the nw executable path?

Yes, its the path to your application, it would end with .app

Has anyone else managed to get this to work. Or does it only work if you also then distribute the application via the app store.

@timhaak, yes i've successfully signed apps multiple times. Not to be a negative nancy, but is your developer certificate expired or has it been revoked?

You may also want to use Xcode "Projects", specifically the Archive feature to see if will give you any idea what's going on, generally this is more verbose about issues (especially if you're requesting push notifications or nee identities).

I've successfully submitted (and had accepted) node-webkit and tint applications into the MacStore. One caviet is you're not allowed to "run" packages which aren't yours. e.g., you can't use it as a runtime to execute other peoples apps, nor can you auto update the package without going through the app store.

Turned out that I didn't have right to generate the correct cert. I need to generate the Developer ID cert.

Bellow is the script that I'm using in case anyone else gets stuck.

export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/usr/bin/codesign_allocate"

Run the following to get a list of certs

#

security find-identity

app="$1"
identity="182F7BADDDFA459E45F0AAA394A6F797832E28B1"

echo "### signing frameworks"
codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/crash_inspector"
codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/node-webkit Framework.framework/node-webkit Framework.tmp"
codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/node-webkit Framework.framework/node-webkit Framework.TOC"
codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/node-webkit Framework.framework/"
codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/node-webkit Helper EH.app/"
codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/node-webkit Helper NP.app/"
codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/node-webkit Helper.app/"

echo "### signing app"
codesign --force --verify --verbose --sign "$identity" "$app"

echo "### verifying signature"
codesign -vvv -d "$app"
sudo spctl -a -vvvv "$app"

@timhaak you are a saint for providing that script.

@timhaak thanks so much for that script! I was able to sign my node-webkit package on OS X and get passed the "unidentified developer" warning.

I also had to sign up for a Mac Developer Account and then import those signing certificates in the accounts section of XCode.

Edit: to get passed the unidentified developer warning, pick the "Developer ID Application" signing identity after running security find-identity and place the string there in the identity field of the script.

Does anyone zip their codesigned application? I don't think this is node-webkit specific - but a friendly warning as I'm having major issues with this since upgrading to Mavericks:

https://stackoverflow.com/questions/22367809/code-signed-mac-app-broken-after-downloading

No, I kept it as a dmg which was also to get that "nice" drag-to-install
window.

I'd suggest a .pkg if you want to send a compressed version of the
application.

On Thu, Mar 13, 2014 at 1:51 PM, Tom Moor [email protected] wrote:

Does anyone zip their codesigned application? I don't think this is
node-webkit specific - but a friendly warning as I'm having major issues
with this since upgrading to Mavericks:

https://stackoverflow.com/questions/22367809/code-signed-mac-app-broken-after-downloading

—
Reply to this email directly or view it on GitHubhttps://github.com/rogerwang/node-webkit/issues/616#issuecomment-37572175
.

@mlynch appreciate the note, I agree - we need to change this. Unfortunately the zip is needed to update already deployed app :-(

@tommoor It's a shame that zip invalidates the code signature on OS X 10.9.
I had to change the update file format from zip to dmg i.e. use the setup package for OS X.
Our automatic install script relies now on

hdiutil attach "our_product.dmg" -nobrowse -plist > "$TMPDIR"our_product_dmg_attach_result.plist

if [ -x /usr/libexec/PlistBuddy ]
then
    i=0
    until [ $i -ge 3 ]
    do
        MOUNT_POINT=`/usr/libexec/PlistBuddy -c "Print system-entities:${i}:mount-point" "${TMPDIR}our_product_dmg_attach_result.plist"`
        if [ $? -eq 0 ]
        then
            break
        fi
        i=`expr $i + 1`
    done
    if [ $i -ge 3 ]
    then
        echo "Warning: Error reading mount point from disc attachment output!"
    fi
else
    echo "Warning: Can not find and execute PlistBuddy on your system!"
fi
...
# remove the old app bundle
rm -R $OLD_APP_BUNDLE
cp -R "$MOUNT_POINT"/our_product.app $TARGET_DIR
hdiutil detach $MOUNT_POINT

I don't know how reliable that is, but at least the app bundle remains properly signed.

@semmel thanks, I'm moving over to this method - that's very useful :-)

This is what I've been working on, it might be useful for others:

https://github.com/sqwiggle/node-webkit-mac-updater

@tommoor :+1:

@timhaak thanks for sharing the script, it helped ease the last little bit of the process for me :+1:

When upload app to the mac store, we must enable sandbox.

I use codesign with --entitlements build.entitlements
and the entitlements enable the sandbox

com.apple.security.app-sandbox

com.apple.security.network.client

com.apple.security.network.server

com.apple.security.files.user-selected.read-write

but after that. it will crash when start app. even i try to codesign the official app (http://dl.node-webkit.org/v0.10.5/node-webkit-v0.10.5-osx-x64.zip) . the same problem will be happen.

....app/Contents/MacOS/node-webkit ; exit;
[3410:0922/211257:ERROR:breakpad_mac.mm(238)] Breakpad initializaiton failed
logout

someone know why? @tommoor @rogerwang
node v0.11.12 OSX 10.9.4

I had a lot of code failed to satisfy specified code requirement(s) errors when using @timhaak's script. Turns out, I had to include

export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate"

Based on this post

In addition to @timhaak script, I had to codesign some extra files:

codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/node-webkit Helper EH.app/Contents/Resources/crash_report_sender.app"
codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/node-webkit Helper NP.app/Contents/Resources/crash_report_sender.app"
codesign --force --verify --verbose --sign "$identity" "$app/Contents/Frameworks/node-webkit Helper.app/Contents/Resources/crash_report_sender.app"

Note that you need to codesign all .app files. Run find apppath/appname.app -iname "*.app" to be sure you're covering everything.

Thanks a lot @timhaak! I had to do a few changes in the newer versions, as the node-webkit is changed to nwjs, but after that I was able to sign my app :)

Glad this is still helping :)