Hello all,
I have a Qt-based application which want to sign with my new development certificate. I picked a Developer ID Application because it shall be distributed outside the Apple store via a DMG-Download.
So - I received the new certificate, installed it on my keychain. Then I signed the app:
soulalex@alexandarotsMBP SJC % codesign --deep --force --verify --verbose --timestamp --options runtime --sign "Developer ID Application: Alexander Carot (92C65YCLK8)" ./soundjack.app
./soundjack.app: signed app bundle with Mach-O thin (x86_64) [com.yourcompany.soundjack]
Now I verified it:
soulalex@alexandarotsMBP SJC % codesign --verify --deep --strict --verbose=2 ./soundjack.app
./soundjack.app: valid on disk
./soundjack.app: satisfies its Designated Requirement
Afterwards the problem is that the application crashes which is not the case without the signature:
soulalex@alexandarotsMBP SJC % ./soundjack.app/Contents/MacOS/soundjack
dyld: Library not loaded: @rpath/QtMultimediaWidgets.framework/Versions/5/QtMultimediaWidgets
Referenced from: /Users/soulalex/Desktop/wip/XP-shared/Soundjack/SJC/./soundjack.app/Contents/MacOS/soundjack
Reason: no suitable image found. Did find:
/Users/soulalex/Qt-5.14.2/5.14.2/clang_64/lib/QtMultimediaWidgets.framework/Versions/5/QtMultimediaWidgets: code signature in (/Users/soulalex/Qt-5.14.2/5.14.2/clang_64/lib/QtMultimediaWidgets.framework/Versions/5/QtMultimediaWidgets) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
zsh: abort ./soundjack.app/Contents/MacOS/soundjack
soulalex@alexandarotsMBP SJC %
Can anyone help ?
Thanks a lot in advance,
best
Alex
