Re: Code Signing for Mac application
Re: Code Signing for Mac application
- Subject: Re: Code Signing for Mac application
- From: Chris Suter <email@hidden>
- Date: Wed, 17 Feb 2010 10:49:02 +1100
Hi Paul,
On Wed, Feb 17, 2010 at 1:18 AM, Paul Sanders
<email@hidden> wrote:
> AFAIK, the Mac does not check code signatures when it launches an app.
It can do if you want it to. See the documentation but bear in mind
it's easy for any user to circumvent.
> Even if it did, you would probably prefer it not to. When an app is dragged to
> another folder, the Finder seems to add or modify something in the Resources
> folder, thus rendering the signature invalid.
No, it doesn't.
> I never got to the bottom of
> this - I could not reproduce it on my own machines - but it caused a lot of
> trouble in the field and lead me to abandon checking the validity of the
> signature (using codesign -v) in my own code.
You've missed the point of code signing. At this point in time, it's
not there to check that your application hasn't been tampered with,
since that is easy to circumvent by the determined attacker.
One thing that code signing does is allow an updated application to
get access to the Keychain without prompting the user for a password
(which the user agreed to do in the previous version). I believe
there’s some way in which it affects parental controls and there are
probably other things it helps with.
Anyway, code signing is the way forward and I can imagine a future
(albeit some way off) where the default behaviour on Macs would be to
show a warning if an application isn't signed.
Kind regards,
Chris
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden