Posts

Post not yet marked as solved
10 Replies
4.8k Views
Hi,We package an Open Source database system called PostgreSQL. This is signed and notarized by us. PostgreSQL is designed to be user extensible, and has various hooks to allow additional functionality to be loaded from shared libraries, which are dynamically loaded at runtime.We compile the PostgreSQL sources on macOS Mountain Lion (10.8) using MacOSX10.9.sdk with -mmacosx-version-min=10.9. The codesigning is done on the macOS Mojave (10.14) using a Developer ID Application certificate.When linking with the hardened runtime, the loading of third-party extensions is blocked on macOS Catalina because they are not signed by either Apple or with the same team ID used for PostgreSQL itself. How can we resolve this such that our builds of PostgreSQL are able to load third-party extensions? We used the entitlement "com.apple.security.cs.disable-library-validation" already on the command line option for the codesign binary while signing the app bundle.Awaiting your feedback. Thanks.
Posted
by sandeeptt.
Last updated
.
Post not yet marked as solved
1 Replies
436 Views
A C++ Qt application freezes on BigSur but works fine on prior releases. It's built on macOS Catalina with 10.15SDK Here are few observations: codesign -dvvv displays this warning: Library validation warning=OS X SDK version before 10.9 does not support Library Validation This is observed only for this application and not for other binaries that are generated on the same server with the same build environment. 2. otool -l displays: cmdsize 24 		uuid 07737FD7-A037-3D62-A381-BB9704324FD7 Load command 9 			cmd LC_VERSION_MIN_MACOSX 	cmdsize 16 	version 10.13 			sdk n/a I was using Xcode 11 CommandLineTools and not the Xcode. But somewhere I read I need to install Xcode to fix this and I then installed Xcode 11.4.1 but that didn't help. I'm not sure why only for this particular application (this is the only one depending on Qt and Python) has the above issues. Please provide some inputs. Thanks
Posted
by sandeeptt.
Last updated
.
Post not yet marked as solved
4 Replies
3.8k Views
Hi,We develop the macOS app bundle for our product. I have a question for other developers/packagers. We codesign every binary and .dylib first before we create the app bundle. The app bundle is then codesigned again and notarised. I wanted to know if it's a must to code sign every binary or simply code sign the application is enough?
Posted
by sandeeptt.
Last updated
.