KNOWLEDGE BASE
Log In    |    Knowledge Base    |    4D Home
Tech Tip: How to certify a 4D standalone application with Gatekeeper?
PRODUCT: 4D | VERSION: 13.2 | PLATFORM: Mac OS X
Published On: December 6, 2012



  1. Introduction

    With the new Mountain Lion system, Apple introduces an additional security barrier integrated into the system called "gatekeeper."

    Its particularity is to prevent applications from starting when they do not come from the Mac App Store or from an identified developer.

    This means that any new application that is downloaded or copied onto a Mac with Mountain Lion, and that is not digitally signed using an Apple developer certificate, displays the following error:



    This error can be masked by checking the "Anywhere" option below the "Allow applications downloaded from" field found on the "General" tab of the "Security & Privacy" window in the System Preferences on your Mac.



    But if you technically need to sign your OS X applications, you will need an Apple developer certificate.

  2. Create an Apple Developer ID

    On Mac OS 10.8, signing a 4D merged application consists of buying a certificate on the Apple website, after creating an Apple Developer ID using the following link: https://developer.apple.com/programs/start/standard/create.php



    You can create either an individual account or a company account:



    After creating an account, you can then use your Apple user name and password to access resources provided by Apple. By following the registration instructions, and after you have activated your account, you can download the latest Xcode version that provides developers with the integrated development environment of reference for creating applications for Mac.



    XCode facilitates the installation of certificates issued by Apple, and provide us with command line tools that we will need later on:


  3. Generate your 4D standalone application

    4D allows you to generate a standalone (double-clickable) application directly from your database. To do this, you must follow these instructions:

    • Start by opening your application

    • Select "Generate Application" in the Design menu

    • If you want to generate an executable application:


      • Standalone: go to the "Application" tab, check the "Generate an executable application" option and then specify the location of the 4D Volume Desktop by clicking the button:


      • Client / Server: go to the "Client / Server" tab and specify the location of the 4D Server and 4D Volume Desktop:



    • Then select the "Plugins & components" tab in order to integrate any plug-ins and components needed

    • If you want to generate a standalone application, you must integrate the required licenses from the Licenses tab (add the 4D Developer and 4D Unlimited Desktop licenses)


    • You can then click on "Build."



  4. Sign your application

    If your Apple account is created (and validated) and your standalone application is generated, we can now proceed to the next step: signing your 4D application.

    1. How to sign your 4D application

      To do this, you must configure the Xcode:

      • Open Xcode, select the "Window" menu and open the "Organizer".

      • Click on the "Devices" tab to display the "Devices organizer".

      • Select "Provisioning Profiles" and click "Refresh", if you have not yet activated your Apple account, you will see the following error:


      • Otherwise, you will see the login page.

      • Enter your Apple ID and password then click "Log in".


      • Click on "Submit Request".

      • If you created a "Company" account with Apple and there is more than one developer, once the connection is established, you must create a certificate provisioning profile, specifying the "Team" and checking any other appropriate properties related to the type of certificate purchased.


      • To configure your machine with the profile you have just created, you must first create a Portal by clicking ''Add to Portal"


      • If you are a member of the team or an Admin, a certificate entitled "Mac Developer:" followed by your name appears in your keychain.
      • If a dialog box appears, indicating that the certificate request is pending, click OK.

      • If you are a member of the team, and your application is approved, open the Organizer devices, select "Provisioning Profiles" in the "Library" section and click "Refresh", then select the team you belong to in "Teams".


      Important: If you have other certificates in your keychain from previous projects, you must remove them before continuing. Team members or Admins must have only one certificate installed starting with "3rd Party Mac Developer Application" and one other starting with "3rd Party Mac Developer Installer."


      Now that we have the certificates on our machine, if we want to use them on another machine, we can save these certificates and deploy them:


    2. Verification of certificates

      When you have finished configuring Xcode, the certificate is automatically installed in your keychain.

      The development certificate should appear in "My Certificates". The certificate name starts with "Mac Developer:" followed by your name. You can click on the triangle next to the name to deploy it and to make your private key appear below it.

      You can export your certificates for back ups or if you use the "Root" profile.



      Verify that the certificates are valid and the expiration date is correct.

  5. Signing your code

    Now that your certificates and keys are present in the keychain, we can sign the 4D merged application.

    To do this, use the "codesign" command.

    Here is the procedure to follow:


    • Move the "test.app" standalone application (in this example) into a folder.

    • Go to the folder, right-click on "test.app" and then display the contents of the package.

    • Browse through to "Contents".

    • Right-click on the "Contents" folder then click on "Get Info".

    • Verify that "Reading and Writing" permissions are assigned to everyone. If necessary click on the lock, change the permissions and apply them to all the items included.

    • If you have modified permissions, click on the lock to close it again and then close the properties window.

    • Double-click on the "info.plist" file to open it (it opens in the "Property List Editor" application).

    • Make sure that the Info.plist file includes the following keys:

      • CFBundleIdentifier
      • CFBundleName

    • The value of "CFBundleIdentifier" is used as the unique default name of your program.
      <key>CFBundleIdentifier</key>
      <string>4d.com.Test.app</string>
    • The value of "CFBundleName" appears in system dialogs as the name of your program.
      <key>CFBundleName</key>
      <string>Test</string>

    • Open Terminal and then go into the application folder.

    • Run the following commands:
      sudo chmod 755 AppName.app/Contents/MacOS/AppName

      codesign -f -v -s "Mac Developer: FirstName LastName" "AppName.app"


    If, despite the fact that your "info.plist" file is properly structured, you get the following error: "object file format unrecognized, invalid, or unsuitable" you must run the command line below before executing the codesign command. This error only concerns users who have migrated their system to Mountain Lion from a previous version of Mac OS X.
    export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/usr/bin/codesign_allocate"


    • You then need to enter the password of your session.

    • Authorize the signature of the application:




    Eventually you will receive a message indicating "signed bundle" in the Terminal window. At this point, your application is certified and you can open it by double-clicking on "test.app."

    If you want to distribute your application outside of the Mac App Store as part of an installation package, create the "MyPackageName.pkg" package with the name of the application. This package allows you to install the 4D merged application in the "Applications" folder.

    Here is the procedure to follow:

    • Open Terminal and then go into the application folder.

    • Run the following command line:
      productbuild --component "AppName.app" /Applications --sign "3rd Party Mac Developer Installer: FirstName LastName" --product "AppName.app/Contents/info.plist" AppName.pkg


    Note: Be sure to sign the installation package using your "3rd Party Mac Developer Installer" certificate. The productsign command allows you to sign an installation package using your Developer Application ID.


    • To check the package:
      spctl -a -v --type install MyPackageName.pkg

    • Install the application by double-clicking on the package or by running the following command line:
      installer -store -pkg AppName.app.pkg -target /



    Note: using the 4D "LAUNCH EXTERNAL PROCESS" command, you can also run the codesign command:

    $codesin:="codesign -f -v -s 'Developer ID Application: FirstName LastName' '"+$path+"'"


    LAUNCH EXTERNAL PROCESS($codesin;vtentree;vtsortie;vterreur)


    and for the productbuild command:

    $product:="productbuild --component '"+$path+"'/Applications --sign '3rd Party Mac Developer Installer: FirstName LastName' --product '"+$path1+"' '"+$path2+"'"


    LAUNCH EXTERNAL PROCESS($product;vtentree1;vtsortie1;vterreur1)


    - The $path variable: contains the exact path of the database.
    - The $path1 variable: contains the exact path of the "Info.plist" file.
    - The $path2 variable: contains the path to our package.



    Copyright © 1985-2012 4D SAS - Tous droits réservés
    Tous les efforts ont été faits pour que le contenu de cette note technique présente le maximum de fiabilité possible.
    Néanmoins, les différents éléments composant cette note technique, et le cas échéant, le code, sont fournis sans garantie d'aucune sorte.
    L'auteur et 4D SAS déclinent donc toute responsabilité quant à l'utilisation qui pourrait être faite de ces éléments, tant à l'égard de leurs utilisateurs que des tiers.
    Les informations contenues dans ce document peuvent faire l'objet de modifications sans préavis et ne sauraient en aucune manière engager 4D SAS. La fourniture du logiciel décrit dans ce document est régie par un octroi de licence dont les termes sont précisés par ailleurs dans la licence électronique figurant sur le support du Logiciel et de la Documentation afférente. Le logiciel et sa documentation ne peuvent être utilisés, copiés ou reproduits sur quelque support que ce soit et de quelque manière que ce soit, que conformément aux termes de cette licence.
    Aucune partie de ce document ne peut être reproduite ou recopiée de quelque manière que ce soit, électronique ou mécanique, y compris par photocopie, enregistrement, archivage ou tout autre procédé de stockage, de traitement et de récupération d'informations, pour d'autres buts que l'usage personnel de l'acheteur, et ce exclusivement aux conditions contractuelles, sans la permission explicite de 4D SAS.
    4D, 4D Calc, 4D Draw, 4D Write, 4D Insider, 4ème Dimension ®, 4D, 4D Server, 4D Compiler ainsi que les logos 4e Dimension, sont des marques enregistrées de 4D SAS.
    Windows et Microsoft sont des marques enregistrées de Microsoft Corporation.
    Apple, Macintosh, Power Macintosh, LaserWriter, ImageWriter, QuickTime sont des marques enregistrées ou des noms commerciaux de Apple Computer,Inc.
    Mac2Win Software Copyright © 1990-2002 est un produit de Altura Software,Inc.
    4D Write contient des éléments de "MacLink Plus file translation", un produit de DataViz, Inc,55 Corporate drive, Trumbull, CT, USA.
    XTND Copyright 1992-2002 © 4D SAS. Tous droits réservés.
    XTND Technology Copyright 1989-2002 © Claris Corporation.. Tous droits réservés ACROBAT © Copyright 1987-2002, Secret Commercial Adobe Systems Inc.Tous droits réservés. ACROBAT est une marque enregistrée d'Adobe Systems Inc.
    Tous les autres noms de produits ou appellations sont des marques déposées ou des noms commerciaux appartenant à leurs propriétaires respectifs.