Codesigning ate my Sunday


I have a version of Cartographica that I need to push out before the end of the year, due to a certificate expiration on one of my long-term servers.  As a bulwark against problems occurring just at the turn of the year and to make sure that users can use the 1.4.x series of Cartographica, I set out to sign and release 1.4.9, a version of 1.4.8 containing only this signature fix.

And then, codesigning ate my Sunday.

It seemed simple enough, I ran my release build script, it created a disk image (dmg) file and pushed it up to our web server for release.  Then I added the release notes into Feeder.app (which I use to push the RSS feeds) and ran one last test before I pushed it out to the users:

  • File downloaded fine
  • Disk Image opened fine
  • Cartographica application copied fine

And then Cartographica crashed upon start, giving the relatively cryptic:

 Reason: no suitable image found.  Did find:
  /Applications/Cartographica.app/.../XXX.dylib: code signing blocked mmap() of /Applications/Cartographica.app/.../XXX.dylib

Well, that was unexpected.  What ensued was a wide variety of searches on the internet mostly leading to people's expired keys and certificates or signing and testing the wrong items, but eventually I noticed that the library in question (supplied by a third party) was a fat library (i386 an x64_86).  Could that be related?

It appears that version 2 code signatures contain the following "Format=bundle with Mach-O thin (x86_64)" which is the same as our last shipping version in August 2017, but the 2017 variant works just fine.  Maybe something related to Mojave (on which I'm running the signing and the executing the binary)?

I lipo'd the library to remove the i386 code and rebuilt.  Then I re-signed the binary.  Seems fine on pre-10.14 machines, but won't work on pre-10.14.  Even if I sign on 10.13, it works fine on 10.13, but not on 10.14.

I spent time looking through any number of internet postings about similar problems (mostly iOS, which wasn't necessarily applicable) and they were mostly related to the actual certificates being used to sign. You may want to give those a try if you got here looking for a solution to this problem on iOS...

After about 5 hours I finally decided to throw in the towel, save for one last effort. I rebuilt with code signing on my MacBook Pro (still running 10.13, because I hadn't had time to upgrade it yet) and Xcode 7 (the last version that can build the 1.4 string without substantial updates.  Under normal circumstances, I don't build the binaries with code signing on (at least not in the older versions) because of inconsistencies in the way that code signing worked.  Further, it was just as easy to re-sign everything as part of my scripted steps to get the DMG file built and uploaded.

This time, I changed the code signing parameters to sign with my Developer ID certificate and rebuilt for archive, taking that archive and manually deploying the disk image (thanks to DropDMG, this was a simple command line operation). The build was successful and ran on 10.13 without a hitch.

Testing on 10.14 also ran without a hitch, so it looks like I've finally solved the last 1.4 issue.