Gates to Hell – Yup!

One Response to Gates to Hell – Yup!

1. highperformancecoder says:

   March 15, 2021 at 3:26 pm

   More Apple shenanigans. I just went to produce a beta build, and found the usual preparation script which worked a week ago, has just stopped working. Notarization failed. That’s the extent of the help you get from Apple. So following the usual breadcrumbs found by Google, you must first do
   * xcrun altool –notarization-history 0 -u email -p “@keychain:Product”
   This gives you a requestUUID. With this in hand, you can issue:
   * xcrun altool –notarization-info -u email -p “@keychain:Product”
   This will give you a LogFileURL. Using ssh, or whatever, get that URL into a WebBrowser.

   Now I found 3 things were being flagged as errors (which obviously weren’t so last week):
   1. “The binary is not signed.”
   2. “The signature does not include a secure timestamp.”
   3. “The executable does not have the hardened runtime enabled.”
   It seemed that codesign was no longer recursively descending into the .dmg file like it used to. Adding –deep didn’t seem to make much difference.

   So, after much googling, not finding too many sensible answers, I tried codesigning the bundle directory (.app), with –deep, –timestamp and –options runtime (to deal with the above 3 issues). This time I got a slightly more meaningful error message:

   fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.
   xctoolchain/usr/bin/codesign_allocate: can’t allocate code signature data for: /Users/rks/minsky/minsky.app/Contents/MacOS/minsky (for architecture x86_64) because larger updated load commands do not fit (the program must be relinked using a larger -headerpad value)

   WTF Apple?
   After somewhat more googling, I found the solution: add the linker option -Wl,-headerpad_max_install_names to the Makefile – but really, couldn’t this have been done by design?

   Log in to Reply