Code Signing Woes

25 May 2018 ∞

Code signing never goes right for me. I feel like I have a pretty simple process:

  1. Export
  2. Sign with Xcode
  3. Make and sign a DMG
  4. Throw it up on a server
  5. Download it for testing
  6. 🤬

The next obvious step to to Google for the correct incantations of codesign1 and spctl2 to verify that nothing was corrupted during the upload or download. Occasionally I'll find an error, but usually the app bundle passes without issue.

As it happens, however, the error message is a little misleading. The files on disk are in fact correct, however at runtime the application runs afoul of Gatekeeper. Looking in Console reveals the true culprit:

File /Volumes/Capturebot/ failed on rPathCmd /Applications/

The application is attempting to load a file from outside of its bundle. In this case, a framework built with Swift Package Manager is linked against Xcode's Swift library rather than the bundled copy.

The fix is straight forward. A quick trip to Build Settings to add @executable_path/../Frameworks to Runtime Search Paths resolves the problem.

  1. codesign --verify --deep --verbose=4

  2. spctl --assess