Quartz Builder - Approved Developer settings

cybero's picture

I recently found that a QB app was denied runtime privileges as it didn't pass Mountain Lion's Gatekeeper security check for having been created by an approved developer.

Would that application have passed muster with Gatekeeper if it had included in its Identifier meta information the name of an approved developer?

My understanding was that such code signing needed to be done during the process of developing an application within Xcode and could not be done any other way at all.

https://developer.apple.com/library/mac/#documentation/Security/Conceptu...

Is there any way that an application other than Xcode that produces small applications, like Quartz Builder, could have an option for registered Apple developers to incorporate the appropriate certification Gatekeeper requires of Apple application developers?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

dust's picture
Re: Quartz Builder - Approved Developer settings

you can code sign an application via the terminal or handy utilities like AppResigner http://www.gorbster.net/blog/archives/273 or UnityEntitlments http://jemast.com/unity/entitlements.php etc...

just code signing isn't going to help though as mountain lion defaults its security settings to only open from the (mac app store ) unless you specify (mac app store and identified developers) or (anywhere). more than likely a user would have all ready changed these setting.

i guess if your goal is to get a qb app to open up as if it where a mac store application ? one in theory would have to sign and submit the application to the itunes store. reject the binary upload and export a distributed signed application for sharing. that is all supposing that a qb binary will validate ( i have no idea ? ). there would obviously need to be modifications to the to the plist files etc...

i have applications on my disc that when even signed once uploaded to the internet and re-downloaded the security warnings will not let you open. only apps that i have meta data for in itunes connect will let me share as if it where a mac app store app regardless of if they are live or not on the store.

people submit unity apps, and max msp apps etc... to the app store so in theory one can upload a binary... made by an application other than xcode.... will this work with qb (i have no idea )

although code signing and selecting (mac app store and identified developers) in security settings will let you open a shared qb file. you will need to make sure you have the proper certificates installed on you computer. ( Developer ID Application: Your Name ) or ( 3rd Party Mac Developer Application: Your Name ) etc.... in your developer account there is a section where one would specify a certificate ID made specifically for sharing applications on other sites than the apple store.

seems a lot easier to just change your security settings ;)

cybero's picture
Re: Quartz Builder - Approved Developer settings

Dust, thanks for your reply and those two links, AppResigner and UnityEntitlments. Very useful information.

Quote:
i guess if your goal is to get a qb app to open up as if it where a mac store application ?

Well that would be one aim.

Primarily though, I was just wondering by what means one could sign application builds in Quartz Builder, which I am guessing is a no go within QB itself.

The main purpose of that being enabling the creation of signed applications from QB that could be distributed without [some of] the Gatekeeper warnings flashing up.

Gatekeeper can be set to only accept Mac App Store held only items and therefore mean that an application distributed [with signing] outside of the Mac App Store could still be refused where the user has their system settings at the Mac App Store only level.

So no way around that apart from distributing through the Mac App Store.

My aim was to see in what ways one could end up with a signed application QB.app that would and should pass muster with the secondary level of exclusion - being for signed applications only .

So there's no way to do the actual code signing required at present within QB itself?

dust's picture
Re: Quartz Builder - Approved Developer settings

here i made a few min video explaining the process of signing a QB app for distribution under the secondary level of security ( Mac App Store and identified developers )

Quote:
http://www.dustinoconnor.nmdprojects.net/signQuartzBuilderApp/signQuartz...

the video is only a few mins long... if you don't have the patience for watching the test video then follow the directions below....

Signing a QB App for Distribution by utilizing the ( Mac App Store and identified developers ) security exclusion settings.

• create developer ID certificate (see pic)

Quote:
Developer ID To sign Mac apps for distribution outside of the Mac App Store, you will need a Developer ID Application Certificate and a Developer ID Installer Certificate.

• build app with Quartz Builder. • sign app with AppResigner or terminal foo etc...

Quote:
http://www.gorbster.net/blog/archives/273 https://github.com/gorbster/AppResigner

• use your developer ID to sign the app.

Quote:
"Developer ID Application: Your Name"

cybero's picture
Re: Quartz Builder - Approved Developer settings

Thanks for that, very useful indeed.