• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Codesigning pain, god it hurts!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Codesigning pain, god it hurts!

  • Subject: Re: Codesigning pain, god it hurts!
  • From: Jonathan Mitchell <email@hidden>
  • Date: Wed, 18 May 2016 10:10:14 +0100
> On 18 May 2016, at 04:29, Quincey Morris <email@hidden> wrote:
>
> Yes, it’s awful.
>
I agree. Screwing it up is easy.
I use the following project archive scheme post action script to run a Gatekeeper security check on archive builds.
This provides decent confirmation that all is well.

 if [ "${CONFIGURATION}" == "Release" ]; then

    # xcode post build build/archive cannot directly return or log error conditions but we can:
    # 1. put up a dialog
    # 2. post a notification
    # 3. say someting
    # 4. write to the syslog
    # 5. write to a file and open the file

    # Execute a project folder script.
    # Note that Git checkout may mutate the execute permissions
    #${PROJECT_DIR}/${PROJECT_NAME}/script.sh

    # audible feedback
    say "Processing post action script for ${PROJECT_NAME}"

    # show avaiable vars - helps a lot when debugging
    SHOW_EXPORTS=0
    if [ $SHOW_EXPORTS -eq 1 ]; then
        OUT_FILE="${HOME}/Desktop/${PROJECT_NAME}-xcode-post-action-exports.txt"
        rm "${OUT_FILE}"
        export -p > "${OUT_FILE}"
        open "${OUT_FILE}"
    fi

    # make archived app path
    APP_PATH="${ARCHIVE_PRODUCTS_PATH}/Applications/${EXECUTABLE_PATH}"

    # update syslog
    syslog -s -l Error "xcode-post-action APP_PATH = ${APP_PATH}"

    # do Gatekeeper security check
    spctl -vvvvv --assess --type execute "${APP_PATH}"
    SPCTL_OUT=$?

    # output result
    syslog -s -l Error "xcode-post-action spctl result code = $SPCTL_OUT"
    if [ $SPCTL_OUT -eq 0 ]; then
        say "Gatekeeper security check passed for ${PROJECT_NAME}"
        osascript -e 'display notification "Gatekeeper security check passed" with title "Archive Security Check"'
    else
    say "Gatekeeper security check faile for ${PROJECT_NAME}"
        osascript -e 'tell app "Xcode" to display dialog "Security failure: spctl rejected app and Gatekeeper will too." buttons {"Okay"} default button "Okay"'
    fi
fi
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Codesigning pain, god it hurts! (From: Graham Cox <email@hidden>)
 >Re: Codesigning pain, god it hurts! (From: Quincey Morris <email@hidden>)

  • Prev by Date: Re: Codesigning pain, god it hurts!
  • Next by Date: Re: Application Activation Problem
  • Previous by thread: Re: Codesigning pain, god it hurts!
  • Next by thread: Decide which mail app to use for mailto: links
  • Index(es):
    • Date
    • Thread