search

crotwell / gradle-macappbundle

A Gradle Plugin to create a Mac OSX .app application and dmg based on the project.
Apache License 2.0
95 stars 33 forks source link

Support code signing #6

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Since this is so important now for OSX 10.8, it would be nice if this plugin 
supported it. We need to:

1. Rename JavaApplicationStub to the name of the .app
2. Take a key from the keystore and sign the app

Original issue reported on code.google.com by aristede...@gmail.com on 10 Sep 2012 at 6:20

GoogleCodeExporter commented 9 years ago 
I have added changes to allow the renaming of the application stub, ie

macAppBundle {

   bundleExecutable = "newName"
}

I have not had time to research how to sign apps, but I suspect it would be 
somewhat complicated by the need to get a password from the user. If you can 
give me some more information on how this is done I will look into adding 
support for it.

Original comment by crotwell@seis.sc.edu on 10 Sep 2012 at 3:43

GoogleCodeExporter commented 9 years ago 
I think maybe the executable should only be named as per the name of the app. I 
don't think there is any other choice which is going to work properly.

We are currently writing the signing code now in gradle, so once we figure it 
out, we'll send it over.

Original comment by aristede...@gmail.com on 11 Sep 2012 at 4:21

GoogleCodeExporter commented 9 years ago 
Here is all we needed to do:

   exec {
      executable = "codesign"
      args = [  
    "-s", 
    "Acme cert",
    "-f",
    "${distsDir}/macosx/${project.appName}.app"]
    }

Original comment by aristede...@gmail.com on 12 Sep 2012 at 8:46

GoogleCodeExporter commented 9 years ago 
I have pushed in changes for this. Can you test before I make a release?

To use you would either do
gradle codeSign createDmg
or if you want to always use it, in your build.gradle
createDmg.dependsOn(codeSign)

You will want to add two configs to your macAppBundle configuration, like:
    certIdentity = "Acme cert"
    bundleExecutable = "${->project.name}"

thanks

Original comment by crotwell@seis.sc.edu on 15 Sep 2012 at 11:36

GoogleCodeExporter commented 9 years ago 
Should be fixed in 1.0.6

Original comment by crotwell@seis.sc.edu on 27 Sep 2012 at 3:37

hepcat72 commented 6 years ago

I thought I would comment for those such as myself that want to take advantage of code-signing to simply eliminate the "Unknown Developer" error...

First, the value of "certIdentity", at a (unique) minimum can be the user ID from the .cer file that you download from your apple developer account. Or it can be a number of other values from that .cer file, including a substring of the "Common Name" or even the 40 character SHA-1 string. If the value doesn't uniquely identify the cert, you'll get an error about an ambiguous cert identity.

The .cer file is installed by double-clicking it, and if you obtained the .cer file from your own Apple Developer account, a paired "private key" will be created. Without that key, the codesign will fail with "No identity found".

For educational institutions with an apple developer account such as mine, you must be an admin on the account or higher to download a cert. And in order to distribute your app outside of the app store, you need a cert of type "Developer ID Application", which can only be created by the Team Agent. And you as an admin, must download it from your own account.

I won't get into the details of how you obtain membership in the apple developer program account held by your organization, but I will say that unless you're a high-up at your university, with the ability to bind your university to legal agreements, you can't obtain a free educational institution apple developer account yourself, but your apple ID has to have its own free developer account and then be invited to your university's account with Apple as a team member.