1. Forum
  2. Newsgroups
  3. comp.lang.tcl

  • How to deliver and activate apps for MacOS =?UTF-8?B?Pw==?=

    From aldo.w.buratti@aldo.w.buratti@gmail.com (abu) to comp.lang.tcl on Thu Feb 6 00:20:51 2025
    From Newsgroup: comp.lang.tcl

    I recently released several Tcl packages and some full TclTk apps for
    MacOs ( see https://wiki.tcl.tk/Caligraft2025).
    Most of these packages/apps contain some binary libraries (*.dylib) and
    for the first run you are forced to do some non-trivial interactive
    steps to meet some MacOS security checks.

    Is there a method (for a common user) to avoid carrying out all these
    steps manually?
    --- Synchronet 3.20c-Linux NewsLink 1.2
  • From Christian Gollwitzer@auriocus@gmx.de to comp.lang.tcl on Thu Feb 6 07:37:09 2025
    From Newsgroup: comp.lang.tcl

    Am 06.02.25 um 01:20 schrieb abu:
    I recently released several Tcl packages and some full TclTk apps for
    MacOs ( see https://wiki.tcl.tk/Caligraft2025).
    Most of these packages/apps contain some binary libraries (*.dylib) and
    for the first run you are forced to do some non-trivial interactive
    steps to meet some MacOS security checks.

    Is there a method (for a common user) to avoid carrying out all these
    steps manually?

    Congratulations, now you know why I've left Apple and went back to Linux
    after 15 years. In order to have the software accepted, it must be
    signed with a certificate, which requires a subscription (used to be $99/year). Also in newer versions of macOS, they made it more and more cumbersome to enable "sideloading" which is there term for getting
    software without using the App store. So for the "really normal user"
    you would also need to publish it in the App store.

    Never done that myself, though.

    Christian
    --- Synchronet 3.20c-Linux NewsLink 1.2
  • From aldo.w.buratti@aldo.w.buratti@gmail.com (abu) to comp.lang.tcl on Thu Feb 6 14:41:03 2025
    From Newsgroup: comp.lang.tcl

    OK, Christian.

    A necessary clarification:
    * I often release Tcl packages (aka libraries) as opensource projects.
    * In case these packages (or full apps) contain some C/C++ code, I'm
    used to deliver them as binary (precompiled) libs/apps.

    So, my 'libs/apps" are just a zip file with a bunch of .tcl plus
    optionally some binary dll (*.dylib for MacOS)

    I could even build all the MacOS scaffold and include a small tclkit executable, so that it's a full ready-to-use app (it doesn't require a pre-installed tclsh/wish), but this is a rare case. ( see https://wiki.tcl-lang.org/page/PiX )


    In any case, problems arise, because MacOS recognizes that it's not an application signed by an affiliated Apple Developer...


    I wonder if there's someone in this community, as an officialy
    registered Apple Developer, someone who can take care to sign the
    open-source libs/applications made by this community.
    --- Synchronet 3.20c-Linux NewsLink 1.2
  • From Christian Gollwitzer@auriocus@gmx.de to comp.lang.tcl on Thu Feb 6 17:30:51 2025
    From Newsgroup: comp.lang.tcl

    Am 06.02.25 um 15:41 schrieb abu:
    OK, Christian.

    [...]

    In any case, problems arise, because MacOS recognizes that it's not an application signed by an affiliated Apple Developer...

    I wonder if there's someone in this community, as an officialy
    registered Apple Developer, someone who can take care to sign the
    open-source libs/applications made by this community.

    well I guess that would go against the conditions (and the idea) of this certificate. The signature proves that it is an app from a certain
    developer, who then takes responsibility of the content. I let Kevin
    Walzer chime in, who has actual experience with macOS apps.

    I think building an application folder is the absolute minimum
    requirement. It isn't that hard, I have Makefiles to do this: https://github.com/BessyHDFViewer/BessyHDFViewer/blob/main/Makefile#L23

    The resulting apps look and feel like everything else to a macOS user -
    apart from the signing problem.

    Christian
    --- Synchronet 3.20c-Linux NewsLink 1.2
  • From berg@berg@typoscriptics.de (TorstenBerg) to comp.lang.tcl on Fri Feb 7 10:35:55 2025
    From Newsgroup: comp.lang.tcl

    Hi,

    what I found to work (at least in my case) is tp prepare the mac
    application bundle with all packages and dylibs needed. Then, I do the following

    puts "++ removing extended attributes and code-signing the app ..."
    exec touch $exeFile
    exec sudo xattr -cr $exeFile
    exec -ignorestderr codesign --force --deep -s - $exeFile

    $exeFile is the .app file (which is actually a folder in disguise). I
    use a self-signed signature for this, so no developer account and no
    money for Apple.

    This works most of the times. I have some individual users where it
    still gives problems and I think this may be due to individual settings
    on the user side or because the upgraded to some macOS version where constraints got tighter, as already mentioned.

    Having said that, the only proper solution is to get this developer
    account, pay the money and sign the app with the certificate you get
    from Apple.

    Cheers, Torsten
    --- Synchronet 3.20c-Linux NewsLink 1.2
  • From Kevin Walzer@kw@codebykevin.com to comp.lang.tcl on Sun Feb 9 15:42:47 2025
    From Newsgroup: comp.lang.tcl

    On 2/6/25 11:30 AM, Christian Gollwitzer wrote:

    well I guess that would go against the conditions (and the idea) of this certificate. The signature proves that it is an app from a certain developer, who then takes responsibility of the content. I let Kevin
    Walzer chime in, who has actual experience with macOS apps.

    Buying the Apple developer subscription is the only way to avoid all the security warnings, because Apple only recognizes its own certificate.
    However, it's not required to deploy your app.
    --- Synchronet 3.20c-Linux NewsLink 1.2