9 Replies Latest reply on Jan 8, 2014 2:07 AM by intex

    Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails

    intex

      Summary

      Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails

      Product

      FileMaker Pro

      Version

      12v5

      Operating system version

      Mac OS X Mavericks 10.9

      Description of the issue

      Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails. I get the message:

      "INtex Aufgaben.app: bundle format unrecognized, invalid, or unsuitable
      In subcomponent: /Users/martin/Documents/Software/INtex 11 Software/INtex Aufgaben 11/INtex Aufgaben/INtex Aufgaben.app/Contents/Frameworks/DBEngine.framework"

      I use the codesign command in Terminal: codesign -s 'Developer ID Application: company_name' 'INtex Aufgaben.app'

      New Command Line Tools for Mavericks were downloaded and successfully installed.
      Runtime is newly created on Mavericks.
      Developer certificates from Apple are valid and installed
      If I delete DBEngine.framework I get the same message for the next framework FMEngine.framework
      All worked like a charm with 10.8.5 on the same machine with identical runtimes, the same certificate and the same Terminal command.

      Without codesigning we can´t possibly publish any demos and software to the public - so this is a full game stopper.

      Steps to reproduce the problem

      - generate a runtime
      - try codesigning the runtime with codesign in Terminal


      reproducable for other users - see
      https://fmdev.filemaker.com/thread/72798

      User JML

      Expected result

      a signed runtime

      Actual result

      nothing, only error messages

      Exact text of any error message(s) that appear

      something like

      xxx.app: bundle format unrecognized, invalid, or unsuitable
      In subcomponent: /Users/user/Documents/MYAPP.app/Contents/Frameworks/DBEngine.framework"

      Configuration information

      iMac

      Workaround

      none so far

        • 1. Re: Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails
          TSGal

               Martin Bohmer:

               Thank you for your post, and I apologize for the late reply.

               Your post has been sent to Development and Testing for review.  When I receive feedback, I will let you know.

               I have also included most of the follow-up links on the TechNet thread, as well as your separate posting on the AppWrapper workaround.

               TSGal
               FileMaker, Inc.

          • 2. Re: Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails
            TSGal

                 Martin Bohmer:

                 I have been informed that various items are modified during the runtime creation, and as a result, it will never have a valid signature after being created via the Developer Tools.

                 Continue using App Wrapper 2.3 for your workaround.

                 TSGal
                 FileMaker, Inc.

            • 3. Re: Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails
              intex

                   Why then is small Ohanaware able to do what big FM Inc. can´t ? Furthermore there was no such signing problem in 10.8 and from a version FMPA 12.v4 named "Mavericks compatible" I do expect Mavericks compatibility, which indeed isn´t given regarding the code signing (which is a important feature for serious developers using FMPA, because otherwise many user won´t be able to start or use your app or won´t trust you.

                   Is it that difficult to create an error free, garbage free runtime from within FMPA ?

                   For example:

                   - why the hell is this fmstrs.dls in the language folders of ressources always protected? No other file is and this makes it difficult for customers to delete the runtime. We always have to unprotect these files manually (since years by the way).

                   - why does the runtime of FMP12 which purpose is "Intel only" still contain PPC code in the frameworks ?

                   - why does the runtime (which does not have a layout mode at all) still contain all the GUI graphics for the layout mode ?

                   - why are the frameworks incomplete, so that things like symbolic links and plist files have to be added - at least this is what I was told by Ohanaware and MBS plugin maker Christian Schmitz ?

                   - why can´t we choose which languages to include in the runtime - many developers only work for small local markets and don´t need all the languages FMP supports ?

                    

                   Where is FM Inc. love to detail ?

              • 4. Re: Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails
                TSGal

                     Martin Bohmer:

                     Your questions have been submitted to Development.  I'll post again when I have answers.

                     TSGal
                     FileMaker, Inc.

                • 5. Re: Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails
                  TSGal

                       Martin Bohmer:

                       1. FileMaker Pro is installed signed as "FileMaker, Inc.".  When a Runtime is created, the internals are modified and we chose not to sign someone's Runtime app as "FileMaker, Inc.".

                       2. The security settings in Mac OS X 10.8 are not as strict as Mac OS X 10.9.

                       3. The fmstrs.dls file contains several functions, including the ability to run multiple instances of Runtime on different machines, and the file must be locked.

                       4. There is still some PowerPC code in the framework.

                       5. Runtime is a copy of the application with some limitation.  It grabs the necessary folders of files it needs.  It doesn't hand pick the files, including Layout mode.

                       6. What frameworks are incomplete?  What is affecting your Runtime application?

                       7. Everything is included needed to run for multi-language environment.  I recommend adding a suggestion for choosing a language upon Runtime creation to our Feature Requests web form at:

                  http://www.filemaker.com/company/contact/feature_request.html

                       The entries into this web form populate a database file that is hosted by our Product Management and Development departments.  Each entry is discussed and considered for possible implementation in a future release.  Although I could copy your post and paste it into the web form, there are a couple of questions asked that only you can answer.

                       Let me know if you have any other questions.

                       TSGal
                       FileMaker, Inc.

                  • 6. Re: Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails
                    Benjamin Fehr

                         TSGal:

                         Could you please give some further informations?

                    1. FileMaker Pro is installed signed as "FileMaker, Inc.".  When a Runtime is created, the internals are modified and we chose not to sign someone's Runtime app as "FileMaker, Inc.".

                         This turns deployment of Runtime solutions for Mavericks into a nightmare. Though there is no technical need to not sign our Runtime solutions as 'FM Inc.' or maybe as 'FMI Runtime'?

                         Is there any greater harm a Runtime solution could cause or any conflict with Apple Inc. Terms & Conditions for SW certification or signing?

                          

                    3. The fmstrs.dls file contains several functions, including the ability to run multiple instances of Runtime on different machines, and the file must be locked.

                         After Runtime creation, first thing I do is to unlock that fmstrs.dls file (then delete some useless language libraries) before creating the installer. Wouldn't this proof your statement "must be locked" wrong?!

                          

                    4. There is still some PowerPC code in the framework.

                         Can any PowerPC code run or even be of any use on Mac OS 10.7 and higher without Rosetta?

                    • 7. Re: Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails
                      TSGal

                           Benjamin Fehr:

                           Thank you for your post.

                           1. Apple continually makes changes to their operating system.  I recommend entering this suggestion into our Feature Requests web form at:

                      http://www.filemaker.com/company/contact/feature_request.html

                           The entries into this web form populate a database that is hosted and monitored by Development and Product Management.  Each of these entries are discussed and considered for possible implementation in a future release.

                           3. We do not provide details for every file included in FileMaker/Rnutime.  If users are looking for ways to delete files, they will be unable to delete the fmstrs.dls because it is locked.  My apologies for my explanation.  You can unlock the file, but it will be created as a locked file.

                           4. I did not receive any explanation why the PowerPC code still exists.  I'll inquire and let you know when I receive an answer.

                           TSGal
                           FileMaker, Inc.

                      • 8. Re: Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails
                        Benjamin Fehr

                             TSGal:

                             thanks for reply. I even did that feature request and referred to this and 2 other reports.

                             kind regards

                             Benjamin

                        • 9. Re: Codesigning of FM12v5 generated runtimes on Mac OS X 10.9 Mavericks fails
                          intex

                               "1. FileMaker Pro is installed signed as "FileMaker, Inc.".  When a Runtime is created, the internals are modified and we chose not to sign someone's Runtime app as "FileMaker, Inc."."

                                

                               Of course not - we want to sign the runtime ourselves with our developer certificate. We did that since Lion via the codesign command without any problem. Now with Mavericks and FileMaker 12 and 13 it doesn´t work anymore.

                               THIS IS A FULL SHOW STOPPER - nobody will download and run an app, that isn´t codesigned due to gatekeeper

                                

                                

                                

                               3. The fmstrs.dls file contains several functions, including the ability to run multiple instances of Runtime on different machines, and the file must be locked.

                                

                               Maybe, but if it is locked, people can´t delete the runtime based app easily, they can´t empty their dustbin. Therefor we unlocked this file since years without ever having any problem.

                                

                                

                               4. There is still some PowerPC code in the framework.

                                

                               For what reason, if the overall app is Intel only ?

                                

                                

                               5. Runtime is a copy of the application with some limitation.  It grabs the necessary folders of files it needs.  It doesn't hand pick the files, including Layout mode.

                               Then change it ...

                                

                                

                               6. What frameworks are incomplete?  What is affecting your Runtime application?

                               Contact Sam from Ohanaware - he can tell you.