CodeSign the macOSX DMG

DocuBricks / docubricksEditor

DocuBricks is a documentation format that helps your open hardware project to greater modularity and reusability as all as a standardised, professional look. This repository contains the editor software that allows you to create or open DocuBricks XML files and edit them.

http://docubricks.com/

BSD 3-Clause "New" or "Revised" License

9 stars 0 forks source link

CodeSign the macOSX DMG #1

Open andrewjaykeller opened 6 years ago

andrewjaykeller commented 6 years ago

Expect:

Get a warning that app was downloaded from the internet but developer is known

Problem:

Warning says this app is from an unidentified developer and can't be open

screen shot 2017-10-10 at 12 50 32 pm

Solution: Get the Test for conformance command line to passing

_All examples are copied from when I code sign the OpenBCIGUI app

$ codesign --verify --deep --strict --verbose=2 ~/openbci/OpenBCI_GUI_v2.0/OpenBCI_GUI/application.macosx/OpenBCI_GUI.app/

Learn how to manually code sign with super command:

$ codesign -s "Developer ID Application: Andrew Keller (G2YUCSS226)" --force ~/openbci/OpenBCI_GUI_v2.0/OpenBCI_GUI/application.macosx/OpenBCI_GUI.app/

mahogny commented 6 years ago

Yes, this is a known problem. codesign is to my knowledge only available for OSX which means I am out of luck fixing this properly. The solution for now is to go to OSX preferences -> security -> somewhere, and then allow OSX to run non-signed applications.

Lucky thing though is that only the stub for running java need be signed, not the entire program (according to some forums I checked before). So we theoretically only need to do this once!

andrewjaykeller commented 6 years ago

I can try signing the Java file if you want and we could test your theory!

andrewjaykeller commented 6 years ago

Are you signing the windows apps? I still don't know how to do that

mahogny commented 6 years ago

osx, sure, send me signature and we'll give it a go! windows - are there problems there too? we don't do any signing at all right now

andrewjaykeller commented 6 years ago

Haven't tried on Windows, but I still haven't figured out how to sign windows apps so I asked everyone lol

Do you have a link to the file you're thinking I should try to sign?

mahogny commented 6 years ago

this might give a hint: https://stackoverflow.com/questions/26938414/code-sign-java-app-for-os-x-gatekeeper

we don't provide a JRE so one less headache. the binary that the .app runs is docubricks.app/Contents/MacOS/JavaApplicationStub and it is never changed. if we could get away with just signing this one it would be great!

but worst case, you could sign everything but docubricks.jar - unless we need to add new libraries etc, this is the only file we change between releases