I deleted my previous (large) post on this topic because I've made some progress, so this is an updated request for help.
I am struggling with getting a MacOS app prepared for distribution outside the Mac App Store. I'm building under Xcode 8.3.3, under MacOS 10.12.6 (Sierra). I have two relevant targets in my project: the app itself, and a framework of my own creation, which incorporates some third party code (the AFNetworking framework and chromaprint framework for audio signal recognition, which expects a few dynamic libraries - .dylib files from the ffmpeg project).
I am almost certain that that problems I see are related to these embedded frameworks and .dylib files. I have attempted to codesign these separately from the Xcode build process, which appears to work (but i'm not sure). For example:
/usr/bin/codesign --force --sign "Developer ID Application: <my company name and identifier code>" --timestamp=none /usr/local/lib/libavcodec.57.61.102.dylib
...seems to work, and when I check it with codesign , it produces a normal (I think) report, similar to the one below (see my Diagnostics) for the app.
My app itself builds and runs just fine, and I can build Archives.
In the General settings tab of my main target (the application), for both Debug and Release versions:
- I'm NOT using "automatic signing".
- I am not using a provisioning profile because I am not requiring any special services.
- I am selecting the name of my company as my team (as opposed to myself).
- I am using "Developer ID" for the signing certificate.
- I have created certificates that I can see needing, under Xcode.
- I have created an App ID for my app on the Developer site, though I don't know that I need it, other than for a provisioning profile, which I am not using.
In the Build Settings tab under "Signing":
- I am using the Developer ID Application for my company's name (I am not planning to use Apple's installer at this time, just a DMG image file).
- I am using my company name as the team.
In other words, I THINK I have all the right choices made in XCode for both app and framework targets.
I can build and export from Archives, and the exported application runs fine. But when I transfer it over the Internet, I get the Gatekeeper message.
This is the message I get from spctl that drives me crazy - I have no idea how to fix this:
<path to my app bundle>: rejected (bundle format is ambiguous (could be app or framework))
I am at a loss. How can I fix this alleged ambiguity? Any help is appreciated. Please see diagnostics below.
---------------------------
Diagnostics:
Command:
spctl --assess --type execute <path to my app bundle>
Produces:
<path to my app bundle>: rejected (bundle format is ambiguous (could be app or framework))
I don't understand this vague message - any tips on getting more detail would be appreciated.
Command:
codesign -dvvv --deep --verbose=4 <path to my app bundle>
Produces:
(Nothing looks wrong in this, to me.)
Executable=<path to my app bundle>
Identifier=<my bundle ID>
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=1041 flags=0x0(none) hashes=25+5 location=embedded
OSPlatform=36
OSSDKVersion=658432
OSVersionMin=657920
Hash type=sha256 size=32
CandidateCDHash sha1=16059cab02da6d9d806bee834bd5ee059b71ffab
CandidateCDHash sha256=5bcebbbb681b17be9fa4105f676ccb4b0635c761
Hash choices=sha1,sha256
Page size=4096
CDHash=5bcebbbb681b17be9fa4105f676ccb4b0635c761
Signature size=8941
Authority=Developer ID Application: <my company name and identifier code>
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jul 16, 2018, 3:52:13 PM
Info.plist entries=25
TeamIdentifier=4TVJNHNY52
Sealed Resources version=2 rules=13 files=19
Nested=Frameworks/libavformat.dylib
Nested=Frameworks/libswresample.dylib
Nested=Frameworks/libavutil.dylib
Nested=Frameworks/chromaprint.framework
Nested=Frameworks/<myFrameworkName>.framework
Nested=Frameworks/AFNetworking.framework
Nested=Frameworks/libavcodec.dylib
Internal requirements count=1 size=212
