Hello all, I just saw an issue when signing and notarizing an app containing a web browser based on webenginewidgets (applies also for the Qt example minibrowser):
1.) Codesigning via codesign --options=runtime --deep ./minibrowser.app -s "Developer ID Application: XXX" works fine but breaks the app: Launching minibrowser afterwards makes the webprocess crash. 2.) Including the following keys into an entitlements file: <key>com.apple.security.cs.allow-jit</key><true/> <key>com.apple.security.cs.disable-library-validation</key><true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/> and then signing via codesign --options=runtime --entitlements ./entitlements.xml --deep ./minibrowser.app -s "Developer ID Application: XXX" does not lead to the crash anymore and codesign --verify --deep --strict --verbose=2 ./minibrowser.app tells that all is signed just fine, however, when I package the app as a DMG, load it up to the web, load it down to my desktop and launch it, it tells me that the developer cannot be verified – so it basically tells that it is not signed. The same happens when I only include the first key: <key>com.apple.security.cs.allow-jit</key><true/> but here comes the message that the package cannot be opened because it cannot be checked in terms of malware etc. Can anyone help with this ? Thanks a lot in advance, best Alex -- http://www.carot.de Email : alexan...@carot.de Tel.: +49 (0)177 5719797 _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
