Hi all,
My project consists of main application, an endpoint security extension and a findersync extension. When I try to build it in release mode, the findersync extension is getting built with entitlements of the main app and not one of its own. I am not seeing this issue for endpoint security. I am signing using a "Developer ID Application" signing identity.
When I look into the build logs I am seeing that --entitlement is used in code sign and the file which is passed as the argument also has the correct entitlement.
When I tried manually running the codesign command with the --entitlement flag, I am still unable to get the correct entitlement.
Is there any difference in the way the codesign happens for the system extension and findersync?
What changes do I need to make in order to get the correct entitlement.
Thanks in advanced
Yes, it is manually set.
OK. This is not a setup I recommend. Developer ID signing identities are precious, and one consequence of that is that you should not be using them for day-to-day development. Rather, you should use a development signing identity (typically Apple Development) for your day-to-day development and only engage with Developer ID when you’re ready to distribute. Specifically, if your product is a self-contained app then you can distribute by creating an archive (Product > Archive) and then distributing from that archive.
If you follow this approach then you can typically enable automatic code signing, which makes everything much easier (-:
But when I went inside the SourceCode -> Build -> main.app -> Contents -> Plugins -> FinderSync , this one does not have the correct entitlement.
Honestly, I suspect that there’s some weirdness in your manual code signing setup that’s triggering this (a common cause is that folks add --deep
to Other Code Signing Flags build setting [1]) and that switching over to automatic code signing (and clearing out any build setting overrides) will fix the problem. However, it’s hard to be sure without testing that. Which specific entitlement are you having problems with?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] FYI, I recommend against using --deep
when signing products. See --deep
Considered Harmful as to why.