Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
- Subject: Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
- From: Dragan Milić <email@hidden>
- Date: Tue, 05 Aug 2014 23:04:14 +0200
On uto 05.08.2014., at 22.13, James Moore wrote:
> Our approach is to sign things explicitly and then confirm that all executables are signed and valid at the very end. The confirmation happens in our main build script, outside of xcodebuild. I found it easier to do it this way since code-signing has to happen from the inside-out. Controlling the order of the signing is paramount.
>
> Each project has a shell script that we run in a script build phase. It mostly lists its signable resources like this
> ………….
>
> later it sources a global script that among other things signs the items in the resources list
> ………….
>
> In other words the strategy we use is that sub-projects don’t do any code signing. All of the signing happens in a script phase of the app and then we verify the results with
>
> xcrun codesign --verify --verbose=4 -deep <app path>
James, thanks a lot for the detailed answer and exposure of your workflow. It certainly is more advanced then mine, but I’m not very knowledgeable about shell scripts. I guess it’s time to learn it better. I do have one question though; how do I refer to scripts in the sub-projects from within a script in the main app project so that I can source them and set resources_to_sign variables? I guess I should start reading man page of xcodebuild(1), but it’s easier to ask.
-- Dragan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden