How to code sign macOS binary to stop firewall permissions requests?

Bowtie app is here: http://bowtieapp.com. The binary but not the source is available.

It has the problem on macOS Sierra 10.12.5 Beta that an active firewall causes it to request firewall permissions on every boot. I suspect this can only be resolved via codesigning.

There is an old fix which no longer seems to work: https://ivadrenaline.wordpress.com/2015/07/07/do-you-want-the-application-to-accept-incoming-network-connections/

You can sign the frameworks, but then when you sign the whole app you get:

/Applications/Bowtie.app/: resource fork, Finder information, or similar detritus not allowed

Googling that error leads to: https://developer.apple.com/library/content/qa/qa1940/_index.html

But while running xattr -cr on the app causes the signing to proceed without error, it still does not prevent the firewall dialog permissions request from appearing.

I have also tried deep versions of the signing process which did not work.

I think Bowtie has the app itself and a helper application, so it may have more than one executable, and be related to this item: Application with multiple executables appears signed but triggers firewall warning Also: Why is OSX continually asking for firewall permission for my app which is signed? This promising answer also did not work: https://stackoverflow.com/a/40067738/365478

What is the fix for this?

Manually adding the application to the firewall exclusions list via the macOS System Preferences UI worked. The .app was fine, it wasn't necessary to find the executable. I didn't isolate these changes, so it may also be necessary to codesign the app with the failing methods and/or to manually set firewall exclusions via the terminal, as another answer on the following thread suggests.

https://stackoverflow.com/a/10011819/365478

If someone shows how to codesign it properly I'll remark that best answer.