Re: Gatekeeper
Re: Gatekeeper
- Subject: Re: Gatekeeper
- From: Shane Stanley <email@hidden>
- Date: Fri, 02 Mar 2012 11:45:12 +1100
On 02/03/2012, at 9:27 AM, Luther Fuller wrote:
> First, here's my situation:
> I have an application whose source code is edited in Smile. When I create the application bundle, I have a script that: tells AppleScript Editor to save as an application bundle; then copy files from a source into the bundles Content folder; then replaces the current bundle with the new bundle.
>
> After careful reading of the article, I conclude ...
>
> 1. My application is an "Internal application script" which "... should continue to work as they always have."
On your machine, yes. When you sell it, how it behaves depends on (a) whether you have codesigned it, and (b) the Gatekeeper settings of the person who downloads it.
>
> 2. My application "interacts with" Mail. "A sandboxed app can't use AppleScript to communicate with another app on your Mac, unless ..."
But your app isn't sandboxed, so that's irrelevant.
>
> And conclude, in addition, that I should not use "sandboxing". (?)
You shouldn't -- and you can't. You can only develop sandboxed applications in Xcode. (And you're doing things in your app that wouldn't be allowed in a sandboxed app anyway.)
> Up to this point, everything I have read about "sandboxing" uses "sandboxing" as an undefined term.
> Which prompts the question: What, exactly, do you do to an application to "sandbox" it ?
You click on a whole lot of settings in Xcode to gain entitlements to do things, and then you can do them only by using the approved APIs. For example, you don't click on Allow Address Book Data Access unless your app needs to get at the address book. The idea is that you don't ask for permission to do anything you don't need to, to make it harder for malware to use your app for nefarious ends. There are also limitations for where you can write files, etc, etc.
> In other words, if I obtain an entitlement from Apple, exactly what do I get and what do I do with it ?
The developer entitlement is used to codesign *any* application, sandboxed or not. Applications sold in the app store will need to be sandboxed *and* codesigned.
>
> Finally, in the last paragraph on Gatekeeper: "While applications and droplets can't be signed directly, ..."
>
> Why not? Isn't that what 'codesign' is for?
IMO that is wrong. But I wonder if what they're trying to suggest is that it's impractical because AS apps normally modify the script file when run (storing properties, etc), and that behavior is incompatible with codesigning. But I'm only guessing.
--
Shane Stanley <email@hidden>
'AppleScriptObjC Explored' <www.macosxautomation.com/applescript/apps/>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden