Xojo Conferences

« Two weeks left for ea… | Home | MBS Xojo Plugins, ver… »

Code Signing FileMaker 17 Runtimes

This week I prepared a new code singing script for runtimes made with FileMaker 17.

A few things changed in the runtimes with a new Cloud framework, addition of the swift libraries and removal of OmniORB4 framework.

If you distribute your runtimes, you need to sign the app and the disk image for Gate Keeper. If your runtime is not signed, the Finder will ask the user when launching the application after download to delete the app! Or you may get a message that the database is not found. To avoid users get confused or not use the runtime, we sign the runtime.


Signing the runtime got harder with new requirements in Mac OS X 10.9 and the upcoming Yosemite release. We not just need to sign the actual application, but also make sure we sign all the components. For the frameworks inside the runtime, we need to fix them to give them a few standard symlinks which are missing. Without those modifications, the bundle will not sign. If you like to save a few bytes, you can delete the icon files: FM12Dict.icns, FM12Label.icns and FM12Plug.icns inside the runtime. Those are not referenced and never used.

Developer Account

In order to sign, you need to sign up for a Mac Developer Account with Apple. This costs $99 USD per year. In the Certificates, Identifiers & Profiles section, please go in Mac Apps section and there in Certificates. Create a new Developer ID certificate, follow the instructions and download the certificate file. Double click it to add it to Keychain Manager and voila, it is installed and ready to use.

Sign Script

When you edit the script in a text editor (like BBEdit or TextWranger), you can change the path to the runtime, the name of the app and the name of the certificate. Please note that this script will not work without correct values. If your file name or path contain special character, escaping may be needed. For example a space character needs to be escaped with putting a backslash character just before the space character. You can learn how to escape a path by dragging and dropping the file or folder into the window of the Terminal application. The path is inserted and you can copy & paste it.

Now when everything is setup for your runtime in the script, you can drop the script on a Terminal window and press return key to start it. You'll see a couple of messages. This may include some complains from rm command trying to delete files which are not there. Nothing to worry about, the script just makes sure everything is correct. Further you see a couple of sign message for various parts of the application. The final line should show "signed bundle with Mach-O thin" and report success for signing your runtime app.


To check if app is okay for Gate Keeper you can first verify code signature using a call to codesign with a couple of v for more details and -d to display certificate:

codesign -d -vvvv /Users/cs/Desktop/Test/test.app

Next with spctl utility you can show if app is accepted. So we run spctl utility with verbose messages and -a parameter:

spctl -a -vv /Users/cs/Desktop/Test/test.app

Please change path to your runtimes before running above commands. The output should say "accepted" and now you are lucky and can archive and upload your runtime. Good luck!
Now you can build disk image and sign it.

New script will be included with MBS Plugin.
19 05 18 - 10:35
eleven comments

Is this copy and paste from an older version? 10.9 and Yosemite are a bit old.
Beatrix Willius - 19 05 18 - 12:17

This is an older article, updated for FileMaker 17.
Christian Schmitz (URL) - 19 05 18 - 19:35


Thanks for providing the script.

It worked perfectly, and ended the frustration that I was feeling, trying to make the old script work with a FileMaker 17 runtime.

You sir are a gentleman and very generous to share your knowledge and information with those of us in the FileMaker community who are obvioisly not as knowledgeable, but want to be able to produce good products.

Graham Lindsay - 21 05 18 - 02:06


I could not find the code sign script for filemaker 17.

Where is the new script located in the MBS Plugin?
gen - 12 10 18 - 03:17

The script is included with the MBS Plugin download.
Christian Schmitz (URL) - 12 10 18 - 10:28

Thank you for making this available. I am running into errors using Version of FMPA. I get this error: Versions/Current
invalid argument “runtime”
invalid argument “runtime”
invalid argument “runtime”
invalid argument “runtime”
invalid argument “runtime”

Then it says the code object is not signed at all. I do have a confirmed developer certificate installed.

Any ideas? Thanks
Gregory Taylor - 09 12 18 - 17:33

Please make sure you have a recent version of MacOS and Xcode, so you don’t have an old codesign app.
Christian Schmitz (URL) - 09 12 18 - 18:56

I am able to successfully code sign my runtime….and build my dmg using DMG Canvas. Installation goes fine with no warning…but I am getting the can’t find primary file message like the runtime isn’t signed.

The message received during code signing was: SE Management Program 2019.app: satisfies its Designated Requirement
SE Management Program 2019.app: accepted

I just installed Apple Security Update 10.13.6

Any chance my issue is related to that update?
Gregory Taylor - 17 12 18 - 03:56

If you get missing database file, the file is either not there, or your app is in quarantine.
To avoid quarantine you need to have a code signed app and code signed disk image. Please check both!
Christian Schmitz (URL) - 17 12 18 - 07:18

i have tried code signing as described above but when i put the script into terminal i get a message of access denied. looking at my certificate there is no key with it. is this needed and how do i get it as there is little info about a certificate key.

thanks in advance
martin lewis (URL) - 17 02 19 - 16:40

Christian, I just wanted to extend a deep thanks to you for proving this script. I followed the steps and everything worked. Your script is essential and you have no idea how crucial this was in terms of being able to get code signing properly working with FMP 17 runtimes.

I have no issues to report, just a deep thanks for providing this info. Thank you!
Mike M. - 18 05 19 - 06:59

Remember personal info?

Emoticons / Textile

Hide email:

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.