• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Code Signing for Mac application
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code Signing for Mac application

  • Subject: Re: Code Signing for Mac application
  • From: "Paul Sanders" <email@hidden>
  • Date: Wed, 17 Feb 2010 18:04:38 -0000
Seems I spoke to soon.  I did get it to work, but PackageMaker can only sign *flat* packages (--target 10.5), which is no good to me as (a) I still support Tiger, and (b) I cannot then knock out Snow Leopard's horrible new relocation 'feature' which, amongst other things, will install your application to the Trash if the user has dragged the old version there.  Snow Leopard does this *even if you have turned off relocation in PackageMaker*.  You need to patch a file called TokenDefinitions.plist in the built package to disable it, which, most likely, you cannot do in a flat package.  Not easily, anyway.  And attempting to sign distribution.dist in a metapackage results in the installer displaying the helpful message:
 
Operation could not be completed (com.apple.installer.pagecontroller error -1).
 
Never seen that one before.
 
This is typical of my PackageMaker experiences.  In particular, its error reporting is truly dreadful.  I don't think I have ever come across a piece of more developer-hostile software.  And things which should 'just work' ... just don't.  But don't get me started.
 
I think we should stop now Graham, we're way off topic for this list.  But I have learned a lot, thanks again.  Unfortunately, Atlanta is a continent away, for me.
 
Paul Sanders.
 
----- Original Message -----
From: "Graham Lee" <email@hidden>
To: "Paul Sanders" <email@hidden>
Cc: "Chris Espinosa" <email@hidden>; "XCode Users" <email@hidden>
Sent: Wednesday, February 17, 2010 5:00 PM
Subject: Re: Code Signing for Mac application

Hi Paul,

On 17 Feb 2010, at 16:19, Paul Sanders wrote:

> 2.  It was trivial to sign my mpkg so I now do so, not that it has any visible effect.  What Safari should do of course, when it downloads and runs a DMG containing an mpkg, is to tell the user whether the package is signed, and if so, who by.  I don't know whether changing the contents of the mpkg breaks the signature (obviously, it should) - there seems to be no way to verify that a package is signed.

If you've got it right, there should be a little cert icon in the installer, clicking it brings up an SFCertificatePanel with the details and trust settings. Screenshot: http://securemacprogramming.com/images/fg10-10.tif (actually, in fairness I know that happens for flat packages, I don't know about distributions and metapackages, but I would expect it does).

> That's all folks.  Thanks again for the help, Graham.

No problem. <shameless>I'm talking on code signing at NSConference in Atlanta, GA next week: http://www.nsconference.com/ for tickets</shameless> :-D

Graham.= 
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Code Signing for Mac application
      • From: Stéphane Sudre <email@hidden>
References: 
 >Re: Code Signing for Mac application (From: "Paul Sanders" <email@hidden>)
 >Re: Code Signing for Mac application (From: Graham Lee <email@hidden>)

  • Prev by Date: Re: Code Signing for Mac application
  • Next by Date: How to combine Mac and iPhone targets in one project?
  • Previous by thread: Re: Code Signing for Mac application
  • Next by thread: Re: Code Signing for Mac application
  • Index(es):
    • Date
    • Thread