macospyinstallercodesignapp-bundle

Codesign OSX App Bundle with periods in MacOS directory names


I run this line:

codesign --verbose --force --deep --sign "Developer ID Application: Company" Company.app

and I get this error:

Company.app: bundle format unrecognized, invalid, or unsuitable
In subcomponent: /Users/me/repo/client/Company.app/Contents/MacOS/include/python2.7

I have narrowed the problem down to the fact that I have an app bundle that includes a few subdirectories in the Contents/MacOS directory that have periods in their names. According to this, codesign chokes on this because it believes any directory with a period in it is a bundle itself and rejects it (emphasis mine):

Note that a location where code is expected to reside cannot generally contain directories full of nested code, because those directories tend to be interpreted as bundles. So this occasional practice is not recommended and not officially supported. If you do do this, do not use periods in the directory names. The code signing machinery interprets directories with periods in their names as code bundles and will reject them if they don't conform to the expected code bundle layout.

My bundle is being created by PyInstaller (tested version 3.1 and 3.2), and the directoriess are being pulled in automatically. Here are all the directories that have this problem:

Company.app/Contents/MacOS/include/python2.7
Company.app/Contents/MacOS/lib/python2.7
Company.app/Contents/MacOS/lib/python2.7/config
Company.app/Contents/MacOS/qt_menu.nib
Company.app/Contents/MacOS/tcl/http1.0
Company.app/Contents/MacOS/tcl/opt0.4

I looked here, and there was no mention of this issue, and I wanted to know if anyone has configuration ideas that might fix the problem without completely eliminating the dependencies from being included.

The bundle is created with the following command:

python $PYINSTALLER/pyinstaller.py \
-n $APP_NAME \
--paths $MODULE_SEARCH_PATH \
--windowed \
--icon $BUNDLEFILES_DIR/$APP_NAME.icns \
--distpath $BUNDLE_DIR/dist \
--osx-bundle-identifier com.company.$APP_NAME \
--exclude-module core.InternalTool \
main.py

Solution

  • I encountered the same issue and after a lot of failures, I finally can get the codesign to work. I wrote a recipe for that with a script to automatically fix your app: Recipe OSX Code Signing Qt.