[Request]: AdHoc sign the app

OpenIntelWireless / HeliPort

Intel Wi-Fi Client for itlwm

https://OpenIntelWireless.github.io/HeliPort

BSD 3-Clause "New" or "Revised" License

1.09k stars 123 forks source link

[Request]: AdHoc sign the app #244

Closed i0ntempest closed 2 years ago

i0ntempest commented 2 years ago

What happened?

Currently the app does not have any signature, and Homebrew is rejecting this as a cask because of that. I understand this is mainly for hackintoshes and missing signature probably bothers no one, but still I would like to request the releases to be at least adhoc signed so Homebrew can accept it. See: https://github.com/Homebrew/homebrew-cask-drivers/pull/2990

Steps To Reproduce

N/A

Software Version

1.4.1

OS Version

12.5.1

Relevant Log Output

N/A

williambj1 commented 2 years ago

Hi @i0ntempest, HeliPort has been submitted to homebrew by the community and it is still up to date.

https://github.com/Homebrew/homebrew-cask-drivers/blob/master/Casks/openintelwireless-heliport.rb

❯ brew search --casks heliport
==> Casks
eliot                                                homebrew/cask-drivers/openintelwireless-heliport

Are you trying to achieve something different?

i0ntempest commented 2 years ago

Ohhh, I didn't bother searching and assumed heliport as the cask token and didn't find it. By bad. You may close this, but that said it's still a good idea to sign future releases as no ones knows when HBC will start purging unsigned stuff.

williambj1 commented 2 years ago

BTW, itlwm is not designed to be installed to anywhere in the system. It should only be injected to the kernel cache from a bootloader. https://github.com/Homebrew/homebrew-cask-drivers/pull/2994 is misleading and dangerous to other users.

i0ntempest commented 2 years ago

Yeah, that's why I have notes in the file mentioning that. If bootloader injection is the only way, is there no way for itlwm to be used on a real Mac (via Thunderbolt)?

williambj1 commented 2 years ago

Yeah, that's why I have notes in the file mentioning that. If bootloader injection is the only way, is there no way for itlwm to be used on a real Mac (via Thunderbolt)?

It is not designed to be used on real Macs (not tested at all)
Real Macs can use OpenCore as well
Unless you sign the kext with your own valid developer certificate, you'll need to disable SIP and it's not worth doing so if you are not developing the kext

You may close this, but that said it's still a good idea to sign future releases as no ones knows when HBC will start purging unsigned stuff.

Not sure if Homebrew will accept AdHoc-signed binaries, have you confirmed with the maintainers? Having such a strange restriction on x86 only apps doesn't really make sense to me. We might consider dropping the app from homebrew if they refuse to accept updates.

i0ntempest commented 2 years ago

Not sure if Homebrew will accept AdHoc-signed binaries, have you confirmed with the maintainers?

AFAIK their check is just running codesign --verify on the app, as long as the check does not fail the maintainers should have no reason to reject.

Having such a strange restriction on x86 only apps doesn't really make sense to me.

That's what I think, they're basically putting the restriction for arm Macs on x86 systems as well.

i0ntempest commented 1 year ago

Just upgraded my Hack to 13.0, and I noticed that if the app is not signed then the system will not allow it to be launched on login, which HeliPort can do on 12.0. So please consider reopening this.