Advice on releasing an internal OSX app

Code Signing General
pbotsaris OP
Created Feb ’23
Replies 2
Boosts 0
Views 474
Participants 3

Hi there and thanks for the help in advance.

Before I ask my question let me give you some background; I am reasonably new to swift and the OSX dev ecosystem so apologies for my ignorance in my post below.

I set to build an internal tool and most of my colleagues are OSX users so I thought why not give Swift and SwiftUI a shot? The program is fairly simple, it lays audio back to video files leveraging FFmpeg.

Swift is a nice language and the dev process was very smooth until I had to release the app so my colleagues can use it. This is when I hit that wall of bureaucracy and complexity that is code signing, sandboxing, entitlements, etc.

I completely understand the requirements for security here but I am just trying to build an internal tool that will be used by a handful of people.

My question is – what is the most straightforward process to get my app released for internal use? Is it possible to release the app without a sandbox or even code signing?

Thanks for the help.

Replies  2
Boosts  0
Views  474
Participants  3
szymczyk OP
Feb ’23

It is definitely possible to avoid the sandbox in a Mac app. Perform the following steps to turn off the App Sandbox:

  1. Open the project editor by selecting the project file on the left side of the project window.
  2. Select the target from the left side of the project editor.
  3. Click the Signing & Capabilities button at the top of the project editor.
  4. Click the Trash icon on the right side of the App Sandbox section in the project editor.

I don't know if you can avoid code signing. There is a Signing section above the App Sandbox section. That's where you would turn off code signing.

0
DTS Engineer OP
Apple
Feb ’23

Is it possible to release the app without a sandbox or even code signing?

Yes and no.

szymczyk has already addressed the app sandbox side of this. For code signing, there is only one absolutely requirement, namely that all Apple silicon code must be signed. Without that, it won’t run.

However, we strongly recommend that you sign all your code with a stable code signing identity. If you don’t, you’ll run into weird problems. For a discussion of this, see the Designated requirement section of TN3127 Inside Code Signing: Requirements.

If you’re distributing your code widely, you want to make sure it passes Gatekeeper. However, if you’re just sending it to a colleague, you can simply explain to them how to bypass Gatekeeper. For more on this, see the links in Trusted Execution Resources.

In that case, it’s fine to send them an Apple Development signed build. To do that:

  1. Choose Product > Archive.

  2. Selecting the resulting archive in the Xcode organiser.

  3. Click Distribute App.

  4. At the first step, click Development.

  5. Draw the rest of the owl. Follow the workflow from there.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Advice on releasing an internal OSX app
First post date Last post date
 
 
Q