Re: Code Signing for Mac application
Re: Code Signing for Mac application
- Subject: Re: Code Signing for Mac application
- From: "Paul Sanders" <email@hidden>
- Date: Tue, 16 Feb 2010 14:18:44 -0000
AFAIK, the Mac does not check code signatures when it
launches an app. Even if it did, you would probably prefer it not
to. When an app is dragged to another folder, the Finder seems to add or
modify something in the Resources folder, thus rendering the signature
invalid. I never got to the bottom of this - I could not reproduce it on
my own machines - but it caused a lot of trouble in the field and lead me to
abandon checking the validity of the signature (using codesign -v) in my own
code.
Paul Sanders.
----- Original Message -----
Sent: Tuesday, February 16, 2010 2:07 PM
Subject: Code Signing for Mac
application
I'm having troubles
implementing code signing for our Mac OS X application. Having watched WWDC
Session 504, I went ahead and created my own certificate by following the
instructions available in the docs (Code Signing Guide) and in the video itself.
I then picked the certificate's name in my Xcode Code Signing build settings.
All projects build fine and I can verify the results via codesign without
getting any errors.
I was under the assumption that signing your
code means that if the executable file or one of the non-localized resource
files get modified, the OS would prevent the app from being run, and signal the
user that something's wrong. Instead, I can insert random bits into the
executable, modify the Info.plist or files in Resources without any warning at
all. My app just runs as if Code Signing did nothing. Am I missing something big
and obvious about how this technology works?
To be clear: I'm not
using a custom rules file or custom identifier string. The executable and all
helper files are in the MacOS directory. A couple more ".app"s are inside the
"SharedSupport" directory.
Any help would be
appreciated.
Gabe
Noise Industries, LLC
_______________________________________________
Do not post admin requests to
the list. They will be ignored.
Xcode-users mailing
list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden