Re: Code Signing for Mac application
Re: Code Signing for Mac application
- Subject: Re: Code Signing for Mac application
- From: "Paul Sanders" <email@hidden>
- Date: Wed, 17 Feb 2010 18:04:38 -0000
Seems I spoke to soon. I did get it to work, but
PackageMaker can only sign *flat* packages (--target 10.5), which is no good to
me as (a) I still support Tiger, and (b) I cannot then knock out Snow Leopard's
horrible new relocation 'feature' which, amongst other things, will install your
application to the Trash if the user has dragged the old version there.
Snow Leopard does this *even if you have turned off relocation in
PackageMaker*. You need to patch a file called TokenDefinitions.plist in
the built package to disable it, which, most likely, you cannot do in a flat
package. Not easily, anyway. And attempting to sign
distribution.dist in a metapackage results in the installer displaying the
helpful message:
Operation could not be completed (com.apple.installer.pagecontroller error -1).
Never seen that one before.
This is typical of my PackageMaker experiences. In
particular, its error reporting is truly dreadful. I don't think I have
ever come across a piece of more developer-hostile software. And
things which should 'just work' ... just don't. But don't get me
started.
I think we should stop now Graham, we're way off topic for
this list. But I have learned a lot, thanks again. Unfortunately,
Atlanta is a continent away, for me.
Paul Sanders.
----- Original Message -----
Sent: Wednesday, February 17, 2010 5:00 PM
Subject: Re: Code Signing for Mac
application
Hi Paul,
On 17
Feb 2010, at 16:19, Paul Sanders wrote:
> 2. It was trivial to
sign my mpkg so I now do so, not that it has any visible effect. What
Safari should do of course, when it downloads and runs a DMG containing an mpkg,
is to tell the user whether the package is signed, and if so, who by. I
don't know whether changing the contents of the mpkg breaks the signature
(obviously, it should) - there seems to be no way to verify that a package is
signed.
If you've got it right, there should be a little cert icon in the
installer, clicking it brings up an SFCertificatePanel with the details and
trust settings. Screenshot: http://securemacprogramming.com/images/fg10-10.tif (actually, in fairness I know that happens for flat packages, I
don't know about distributions and metapackages, but I would expect it
does).
> That's all folks. Thanks again for the help,
Graham.
No problem. <shameless>I'm talking on code signing at
NSConference in Atlanta, GA next week: http://www.nsconference.com/ for
tickets</shameless> :-D
Graham.=
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden