From brendan.simon at etrix.com.au Sun Aug 23 04:44:01 2015 From: brendan.simon at etrix.com.au (Brendan Simon (eTRIX)) Date: Sun, 23 Aug 2015 12:44:01 +1000 Subject: [Pythonmac-SIG] codesigning py2app/wxPython app failing Message-ID: <55D93371.4020505@etrix.com.au> I'm trying to codesign a wxPython app bundle generated with py2app. (python2.7, wxPython 3.0.2, Intel 64/32-bit, build on 10.10.5, XCode 6.4 installed) I'm getting the following error: $ codesign -vvvv -f --deep -s dist/.app dist/.app: code failed to satisfy specified code requirement(s) In subcomponent: /dist/.app/Contents/Frameworks/libncursesw.5.dylib I've read that this can be a problem if a framework is signed, but it isn't. Also "codesign -f" is supposed to replace any signed objects anyway, right? $ codesign -vvvv dist/.app/Contents/Frameworks/libncursesw.5.dylib dist/.app/Contents/Frameworks/libncursesw.5.dylib: code object is not signed at all In architecture: x86_64 For testing, I removed libncursesw.5.lib, but now codesign complains about dist/.app/Contents/Frameworks/libwx_osx_cocoau-3.0.0.2.0.dylib. If I remove libwx_osx_cocoau-3.0.0.2.0.dylib, it complains about dist/.app/Contents/Frameworks/Python.framework. If I remove Python.framework, it complains about dist/.app/Contents/MacOS/python If I remove python, I don't get any errors referencing any files or directories, but I still get the "code failed to satisyfy specified code requirement(s)". $ codesign -vvvv -f --deep -s "Sureshot" dist/.app dist/.app: code failed to satisfy specified code requirement(s) I set up the following environment variable to resolve a codesign_allocate error. There were other codesign_allocate binaries on my system but this is the only one that seemed to not complain. export CODESIGN_ALLOCATE="/usr/bin/codesign_allocate" Any ideas about what is going on and how to resolve this? Is it a certificate issue perhaps? I purchased a class2 cert from sslstart.com. I was a renewed one and I'm not 100% sure I'm using the correct private key for the certificate. Would that cause the above errors? I've never had any success signing an app. I get the same errors with another cert/private key that someone else provided to me (from www.digicert.com). KeyChain says that both certs were signed by an unknown authority. Could this be the issue? Thanks for any help. Brendan. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kw at codebykevin.com Sun Aug 23 05:08:41 2015 From: kw at codebykevin.com (Kevin Walzer) Date: Sat, 22 Aug 2015 23:08:41 -0400 Subject: [Pythonmac-SIG] codesigning py2app/wxPython app failing In-Reply-To: <55D93371.4020505@etrix.com.au> References: <55D93371.4020505@etrix.com.au> Message-ID: <55D93939.6040903@codebykevin.com> On 8/22/15 10:44 PM, Brendan Simon (eTRIX) wrote: > > $ codesign -vvvv -f --deep -s dist/.app > The "deep" flag doesn't work anymore. Pretty much every binary object must be signed. Here's what I use to codesign one of my apps (the specific example is Perl, my current Python project is awaiting an update, but I'll roll something similar for the Python project). First I start with the dylibs: find build/FileMorph.app -type f -name "*.bundle" -exec codesign --verbose --signature-size 9400 -f -s "My Credentials" {} \; find build/FileMorph.app -type f -name "*.dylib" -exec codesign --verbose --signature-size 9400 -f -s "My Credentials" {} \; Next, the frameworks and executables: codesign --verbose --signature-size 9400 -f -s "My Credentials" build/FileMorph.app/Contents/Frameworks/Tk.framework/Versions/8.6/Resources/Wish.app/Contents/MacOS/Wish codesign --verbose --signature-size 9400 -f -s "My Credentials" build/FileMorph.app/Contents/Frameworks/Tk.framework/Versions/Current codesign --verbose --signature-size 9400 -f -s "My Credentials" build/FileMorph.app/Contents/Frameworks/Tcl.framework/Versions/Current codesign --verbose --signature-size 9400 -f -s "My Credentials" build/FileMorph.app/Contents/MacOS/perl Finally, the app itself: codesign --signature-size 9400 -f -s "My Credentials" --verbose=2 build/FileMorph.app > Is it a certificate issue perhaps? I purchased a class2 cert from > sslstart.com. I was a renewed one and I'm not 100% sure I'm using the > correct private key for the certificate. Would that cause the above > errors? I don't know if that's the specific issue here, but I do know that Gatekeeper does not recognize certificates from authorities other than Apple--not sure if codesign itself would flag a signature as non-valid if the cert was not issued by Apple's developer group. --Kevin -- Kevin Walzer Code by Kevin/Mobile Code by Kevin http://www.codebykevin.com http://www.wtmobilesoftware.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From kw at codebykevin.com Sun Aug 23 06:22:27 2015 From: kw at codebykevin.com (Kevin Walzer) Date: Sun, 23 Aug 2015 00:22:27 -0400 Subject: [Pythonmac-SIG] codesigning py2app/wxPython app failing In-Reply-To: <0AAC2474-B74E-427F-B6C2-29321A83961D@twistedmatrix.com> References: <55D93371.4020505@etrix.com.au> <55D93939.6040903@codebykevin.com> <0AAC2474-B74E-427F-B6C2-29321A83961D@twistedmatrix.com> Message-ID: <55D94A83.1000006@codebykevin.com> On 8/23/15 12:11 AM, Glyph wrote: > I was /going/ to say something about how "codesigning" certificates > have different X509 extensions in them, but then I clicked the link to > "sslstart.com " and I got redirected to > mac-protect dot info (not in URL syntax because it looks to be > malware) saw this popup: I saw that too, but I suspect Brendan simply mistyped the domain. startssl.com is a valid CA for codesigning certs, and they have the lowest-cost certificates in the business. --Kevin -- Kevin Walzer Code by Kevin/Mobile Code by Kevin http://www.codebykevin.com http://www.wtmobilesoftware.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From brendan.simon at etrix.com.au Sun Aug 23 13:37:13 2015 From: brendan.simon at etrix.com.au (Brendan Simon (eTRIX)) Date: Sun, 23 Aug 2015 21:37:13 +1000 Subject: [Pythonmac-SIG] codesigning py2app/wxPython app failing In-Reply-To: References: Message-ID: <55D9B069.90303@etrix.com.au> On 23/08/2015 8:00 pm, pythonmac-sig-request at python.org wrote: > Re: [Pythonmac-SIG] codesigning py2app/wxPython app failing > From: > Kevin Walzer > Date: > 23/08/2015 2:22 pm > > To: > Glyph > CC: > pythonmac-sig at python.org > > > On 8/23/15 12:11 AM, Glyph wrote: >> I was /going/ to say something about how "codesigning" certificates >> have different X509 extensions in them, but then I clicked the link >> to "sslstart.com " and I got redirected to >> mac-protect dot info (not in URL syntax because it looks to be >> malware) saw this popup: > > I saw that too, but I suspect Brendan simply mistyped the domain. > startssl.com is a valid CA for codesigning certs, and they have the > lowest-cost certificates in the business. Yes that was my bad. startssl.com is correct. -------------- next part -------------- An HTML attachment was scrubbed... URL: From brendan.simon at etrix.com.au Sun Aug 23 14:09:36 2015 From: brendan.simon at etrix.com.au (Brendan Simon (eTRIX)) Date: Sun, 23 Aug 2015 22:09:36 +1000 Subject: [Pythonmac-SIG] codesigning py2app/wxPython app failing In-Reply-To: References: Message-ID: <55D9B800.4030204@etrix.com.au> On 23/08/2015 8:00 pm, pythonmac-sig-request at python.org wrote: > > Subject: > Re: [Pythonmac-SIG] codesigning py2app/wxPython app failing > From: > Kevin Walzer > Date: > 23/08/2015 1:08 pm > > To: > pythonmac-sig at python.org > > > On 8/22/15 10:44 PM, Brendan Simon (eTRIX) wrote: >> >> $ codesign -vvvv -f --deep -s dist/.app >> > The "deep" flag doesn't work anymore. Pretty much every binary object > must be signed. > > Here's what I use to codesign one of my apps (the specific example is > Perl, my current Python project is awaiting an update, but I'll roll > something similar for the Python project). > > First I start with the dylibs: > > find build/FileMorph.app -type f -name "*.bundle" -exec codesign > --verbose --signature-size 9400 -f -s "My Credentials" {} \; > find build/FileMorph.app -type f -name "*.dylib" -exec codesign > --verbose --signature-size 9400 -f -s "My Credentials" {} \; > > Next, the frameworks and executables: > > codesign --verbose --signature-size 9400 -f -s "My Credentials" > build/FileMorph.app/Contents/Frameworks/Tk.framework/Versions/8.6/Resources/Wish.app/Contents/MacOS/Wish > codesign --verbose --signature-size 9400 -f -s "My Credentials" > build/FileMorph.app/Contents/Frameworks/Tk.framework/Versions/Current > codesign --verbose --signature-size 9400 -f -s "My Credentials" > build/FileMorph.app/Contents/Frameworks/Tcl.framework/Versions/Current > codesign --verbose --signature-size 9400 -f -s "My Credentials" > build/FileMorph.app/Contents/MacOS/perl > > Finally, the app itself: > > codesign --signature-size 9400 -f -s "My Credentials" --verbose=2 > build/FileMorph.app Thanks for the help :) Unfortunately I haven't made any progress :( I've tried singing some of the binaries and frameworks from a bash script (and manually) but I still get errors :( -------- export CODESIGN_ALLOCATE="/usr/bin/codesign_allocate" #export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate" $ find dist/.app -type f -name "*.dylib" dist/.app/Contents/Frameworks/libncursesw.5.dylib dist/.app/Contents/Frameworks/libwx_osx_cocoau-3.0.0.2.0.dylib $ find dist/.app -type f -name "*.dylib" -exec codesign -vvvv --signature-size 9400 -f -s {} \; /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate: for architecture x86_64 object: /dist/.app/Contents/Frameworks/libncursesw.5.dylib malformed object (load command 3 cmdsize not a multiple of 8) dist/.app.app/Contents/Frameworks/libncursesw.5.dylib: code failed to satisfy specified code requirement(s) dist/.app.app/Contents/Frameworks/libwx_osx_cocoau-3.0.0.2.0.dylib: code failed to satisfy specified code requirement(s) # codesign /Python.framework/Versions/Current/Python /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate: for architecture x86_64 object: /Users/brendan/eclipse-workspaces/sureshotgps/SA-v5.6/src/dist/SureAnalysis-signed-ss.app/Contents/Frameworks/Python.framework/Versions/2.7/Python malformed object (load command 3 cmdsize not a multiple of 8) # codesign /Python.framework/Versions/Current dist/SureAnalysis-signed-ss.app/Contents/Frameworks/Python.framework/Versions/Current/Python: code failed to satisfy specified code requirement(s) /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate: for architecture x86_64 object: /Users/brendan/eclipse-workspaces/sureshotgps/SA-v5.6/src/dist/SureAnalysis-signed-ss.app/Contents/Frameworks/Python.framework/Versions/2.7/Python malformed object (load command 3 cmdsize not a multiple of 8) # codesign /Python.framework/Versions/Current dist/..app/Contents/Frameworks/Python.framework/Versions/Current: code failed to satisfy specified code requirement(s) /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate: for architecture x86_64 object: /dist/.app/Contents/MacOS/python malformed object (load command 10 cmdsize not a multiple of 8) # codesign /Contents/MacOS/python dist/SureAnalysis-signed-ss.app/Contents/MacOS/python: code failed to satisfy specified code requirement(s) # codesign dist/.app dist/..app: code object is not signed at all In subcomponent: /dist/..app/Contents/Frameworks/libncursesw.5.dylib -------- Is this a codesign_allocate issue? The codesign_allocate tool in /usr/bin does NOT ask me for username and password, however if I use the one in /Applications/Xcode.app/ then a dialog pops up a number of times asking me for username and password. That looks promising by I still get the following error. "the codesign_allocate helper tool cannot be found or used" So I still with /usr/bin/codesign_allocate Any other suggestions for me to try ??? Thanks, Brendan. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kw at codebykevin.com Sun Aug 23 17:23:41 2015 From: kw at codebykevin.com (Kevin Walzer) Date: Sun, 23 Aug 2015 11:23:41 -0400 Subject: [Pythonmac-SIG] codesigning py2app/wxPython app failing In-Reply-To: <55D9B800.4030204@etrix.com.au> References: <55D9B800.4030204@etrix.com.au> Message-ID: <55D9E57D.9060200@codebykevin.com> On 8/23/15 8:09 AM, Brendan Simon (eTRIX) wrote: > Thanks for the help :) Unfortunately I haven't made any progress :( > I've tried singing some of the binaries and frameworks from a bash > script (and manually) but I still get errors :( I don't quite understand codesign_allocate and why you are using it instead of codesign, but in my experience setting a signature size, i.e. --signature-size 9400, sometimes fixes codesign failures. --Kevin -- Kevin Walzer Code by Kevin/Mobile Code by Kevin http://www.codebykevin.com http://www.wtmobilesoftware.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From brendan.simon at etrix.com.au Tue Aug 25 04:53:32 2015 From: brendan.simon at etrix.com.au (Brendan Simon (eTRIX)) Date: Tue, 25 Aug 2015 12:53:32 +1000 Subject: [Pythonmac-SIG] codesigning py2app/wxPython app failing In-Reply-To: References: Message-ID: <55DBD8AC.8090004@etrix.com.au> On 24/08/2015 1:23 am, pythonmac-sig-request at python.org wrote: > Subject: > Re: [Pythonmac-SIG] codesigning py2app/wxPython app failing > From: > Kevin Walzer > Date: > 24/08/2015 1:23 am > > To: > pythonmac-sig at python.org > > > On 8/23/15 8:09 AM, Brendan Simon (eTRIX) wrote: >> Thanks for the help :) Unfortunately I haven't made any progress :( >> I've tried singing some of the binaries and frameworks from a bash >> script (and manually) but I still get errors :( > > I don't quite understand codesign_allocate and why you are using it > instead of codesign, but in my experience setting a signature size, > i.e. --signature-size 9400, sometimes fixes codesign failures. I have no idea what codesign_allocate is or why I need it. I'm not using codesing_allocate directly. if the CODESIGN_ALLOCATE env var is not set, then codesign complains about not being able to find or use the helper tool. dist/.app/Contents/Frameworks/libncursesw.5.dylib: the codesign_allocate helper tool cannot be found or used Is this not normal? Maybe there is something screwy with my OS X system or Xcode install? Interestingly, the man page for codesign does not menthod the --signature-size option, but codesign doesn't complain about it. Brendan. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Brendan at BrendanSimon.com Tue Aug 25 08:29:33 2015 From: Brendan at BrendanSimon.com (Brendan Simon) Date: Tue, 25 Aug 2015 16:29:33 +1000 Subject: [Pythonmac-SIG] codesigning py2app/wxPython app failing In-Reply-To: <55DBD8AC.8090004@etrix.com.au> References: <55DBD8AC.8090004@etrix.com.au> Message-ID: <55DC0B4D.8020706@BrendanSimon.com> On 25/08/2015 12:53 pm, Brendan Simon (eTRIX) wrote: > On 24/08/2015 1:23 am, pythonmac-sig-request at python.org wrote: >> Subject: >> Re: [Pythonmac-SIG] codesigning py2app/wxPython app failing >> From: >> Kevin Walzer >> Date: >> 24/08/2015 1:23 am >> >> To: >> pythonmac-sig at python.org >> >> >> On 8/23/15 8:09 AM, Brendan Simon (eTRIX) wrote: >>> Thanks for the help :) Unfortunately I haven't made any progress :( >>> I've tried singing some of the binaries and frameworks from a bash >>> script (and manually) but I still get errors :( >> >> I don't quite understand codesign_allocate and why you are using it >> instead of codesign, but in my experience setting a signature size, >> i.e. --signature-size 9400, sometimes fixes codesign failures. > > I have no idea what codesign_allocate is or why I need it. I'm not > using codesing_allocate directly. if the CODESIGN_ALLOCATE env var is > not set, then codesign complains about not being able to find or use > the helper tool. > > dist/.app/Contents/Frameworks/libncursesw.5.dylib: the > codesign_allocate helper tool cannot be found or used > > Is this not normal? Maybe there is something screwy with my OS X > system or Xcode install? > > Interestingly, the man page for codesign does not menthod the > --signature-size option, but codesign doesn't complain about it. >From what I can tell from StackOverflow and other resources on the net, I should be using the codesign_allocate that is part of the default Xcode installation. It should be the one in /Applications/Xcode/... not the one in /usr/bin/. This doesn't solve my problem, but at least I am more comfortable with that. An easy way to set the env var is: export CODESIGN_ALLOCATE=$(xcrun codesign_allocate) I've discovered that at least _one framework library does get signed ok_. libwx_osx_cocoau-3.0.0.2.0.dylib $ codesign -s "Brendan Simon" -f -vvvv --signature-size=9400 dist/.app/Contents/Frameworks/libwx_osx_cocoau-3.0.0.2.0.dylib dist/.app/Contents/Frameworks/libwx_osx_cocoau-3.0.0.2.0.dylib: replacing existing signature dist/.app/Contents/Frameworks/libwx_osx_cocoau-3.0.0.2.0.dylib: signed Mach-O universal (i386 x86_64) [libwx_osx_cocoau-3] $ codesign -v -vvvv dist/.app/Contents/Frameworks/libwx_osx_cocoau-3.0.0.2.0.dylib dist/.app/Contents/Frameworks/libwx_osx_cocoau-3.0.0.2.0.dylib: valid on disk dist/.app/Contents/Frameworks/libwx_osx_cocoau-3.0.0.2.0.dylib: satisfies its Designated Requirement But most others fail. e.g. libncursesw.5.dylib $ codesign -s "Brendan Simon" -f -vvvv --signature-size=9400 dist/.app/Contents/Frameworks/libncursesw.5.dylib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate: for architecture x86_64 object: /dist/.app/Contents/Frameworks/libncursesw.5.dylib malformed object (load command 3 cmdsize not a multiple of 8) dist/.app/Contents/Frameworks/libncursesw.5.dylib: the codesign_allocate helper tool cannot be found or used Crazy, right ?? So I did a search of libncursesw.5.dylib on my system and found the shasum of the one in the app was different to others on the system. Sure, it's probably stripped, right. So I copied /Library/Frameworks/Python.framework/Versions/2.7/lib/libncursesw.5.dylib to /tmp, and it signed ok !! I even stripped it and it still signed ok. $ codesign -s "Brendan Simon" -f -vvvv --signature-size=9400 /tmp/libncursesw.5.dylib /tmp/libncursesw.5.dylib: signed Mach-O universal (i386 x86_64) [libncursesw.5] $ codesign -v -vvvv /tmp/libncursesw.5.dylib /tmp/libncursesw.5.dylib: valid on disk /tmp/libncursesw.5.dylib: satisfies its Designated Requirement $ strip /tmp/libncursesw.5.dylib $ codesign -s "Brendan Simon" -f -vvvv --signature-size=9400 /tmp/libncursesw.5.dylib /tmp/libncursesw.5.dylib: replacing existing signature /tmp/libncursesw.5.dylib: signed Mach-O universal (i386 x86_64) [libncursesw.5] $ codesign -v -vvvv /tmp/libncursesw.5.dylib /tmp/libncursesw.5.dylib: valid on disk /tmp/libncursesw.5.dylib: satisfies its Designated Requirement So, what's different (wrong?) with the libraries, frameworks, binaries, etc in the app bundle that Py2App creates? And how can I get my Py2App app bundle to be signed ??? I'm assuming others have done this, and there is something I am missing, yes? Thanks, Brendan. -------------- next part -------------- An HTML attachment was scrubbed... URL: From karstenwo at googlemail.com Wed Aug 26 13:55:19 2015 From: karstenwo at googlemail.com (Karsten Wolf) Date: Wed, 26 Aug 2015 13:55:19 +0200 Subject: [Pythonmac-SIG] PyobjC using pdb on yosemite Message-ID: I am setting up a 10.10 system and the current annoyance is that when pdb.set_trace() stepping through a pyobjc/py2app app everything printed, event the (pdb) prompt is piped through NSLog and hard to use. The Python version is 2.7.10 and compiled with X86_64 and MIN_DEPLOYMENT_TARGET=10.6 Perhaps someone knows a remedy.