Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
- Subject: Re: New 10.9.5 Gatekeeper rules (and a rant about them changing so often)
- From: Jerry Krinock <email@hidden>
- Date: Tue, 05 Aug 2014 15:31:00 -0700
On 2014 Aug 05, at 11:20, Dragan Milić <email@hidden> wrote:
> I’ve read couple of times everything I could find in documentation about Gatekeeper, codesign and code signing in general and I couldn’t figure the way out of my situation. Does anyone else have some suggestions?
I too was kind of upset about the short notice when I received that yesterday, but it turns out that my current script was already meeting the new requirements, simply by running in Mavericks.
I say THANK YOU to whomever it was inside Apple who championed the inclusion of Contents/Helpers as a code location.
Signing for Developer ID with codesign, and checking it with spctl, is tedious but straightforward once you have a recursive script. Then you won’t need —-resource-rules. Yesterday I modified my script, adding an additional check phase motivated by that new section in TN2206. Feel free to rip from it…
https://gist.github.com/jerrykrinock/b3ec9422e97f99895eea/edit
The codesigning stuff is in "sub codesignDeveloperID”, which currently starts at line 2171. The lines above it are for other phases of my shipping. The script is written in embarassingly verbose “C-style” Perl, so that even an electrical engineer can understand it. When I ship with this script, I am 100% confident that the product will pass Gatekeeper.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden