Mac, Qt 4.8.6 codesign issue

Question

I'm maintaining an old app on Mac that built with Qt 4.8.6 (It was using phonon so I can't upgrade to Qt 5.x). After building, I got an .app file, then I run macdeployqt on this .app to deploy Qt libraries to this. It run well. Then I need to codesign this .app. As I know, there are some issues relative to directory structure of the app bundle has changed and the Qt4 macdeployqt command does not conform to the new layout. I tried to fix:
cp /Library/Frameworks/phonon.faramework/Contents/Info.plist myApp.app/Contents/Frameworks/phonon.framework/Resources/
The same for others libraries/frameworks. (copy ...{Qt}/Contents/Info.plist to myApp.app/Contents/Frameworks/*.framework/Resources/
Then codesign, got ouput: signed bundle with Mach-O thin (x86_64)
Then verify, got output: embedded framework contains modified or invalid version In subcomponent ...

I searched many time on internet but cannot found the solution. How to codesign/verify this kind of bundle app? (With Qt 4.8.6. With Qt 5.x, every things is ok)
Thanks!

Answer 1

I have a Mac app built with Qt 4.8.7, here's the instructions I wrote to myself to get through the code signing procedure:

Run 'macdeployqt' to copy the Qt frameworks into the bundle:

$ macdeployqt myapp.app -verbose=2 -no-plugins

macdeployqt doesn't work right, the frameworks need to be fixed.

Go into the root of the app bundle ('cd myapp.app') and run fix_frameworks

$ cd myapp.app
$ ../../platform_specific/mac/fix_frameworks.sh

Then you'll need to copy the Info.plist manually into each framework:

$ cp /usr/local/Trolltech/Qt-4.8.5/lib/QtCore.framework/Contents/Info.plist "myapp.app/Contents/Frameworks/QtCore.framework/Resources/"
$ cp /usr/local/Trolltech/Qt-4.8.5/lib/QtGui.framework/Contents/Info.plist "myapp.app/Contents/Frameworks/QtGui.framework/Resources/"
$ cp /usr/local/Trolltech/Qt-4.8.5/lib/QtNetwork.framework/Contents/Info.plist "myapp.app/Contents/Frameworks/QtNetwork.framework/Resources/"

Next you'll need to sign the .app with the Developer ID certificate and sandbox entitlements. Get the certificate from the Mac Developer site, I believe you need to log in as the Team Agent (the one who created the account). On the current OS X release (Yosemite, El Cap, whatever), do the following to sign the frameworks and app:

$ codesign --entitlements ../platform_specific/mac/sandbox.entitlements -s "Developer ID Application" --deep myapp.app

spctl should show the application is properly signed:

$ spctl --verbose=4 --assess --type execute myapp.app/
myapp.app/: accepted
source=Developer ID

And here's the contents of fix_frameworks.sh

#!/bin/sh

# Run this from the root of the app bundle after running macdeployqt

cd Contents/Frameworks/QtCore.framework
mv Resources/ Versions/4
cd Versions
ln -s 4 Current
cd ..
ln -s Versions/Current/QtCore QtCore
ln -s Versions/Current/Resources Resources
cd ../../../

cd Contents/Frameworks/QtGui.framework
mv Resources/ Versions/4
cd Versions
ln -s 4 Current
cd ..
ln -s Versions/Current/QtGui QtGui
ln -s Versions/Current/Resources Resources
cd ../../../

cd Contents/Frameworks/QtNetwork.framework
mv Resources/ Versions/4
cd Versions
ln -s 4 Current
cd ..
ln -s Versions/Current/QtNetwork QtNetwork
ln -s Versions/Current/Resources Resources
cd ../../../

You will probably need to make some changes: use the path to wherever the Qt frameworks are installed on your system, and add steps to handle Qt frameworks other than Core/Gui/Network.