Closed taozuhong closed 2 weeks ago
Thanks for the suggestion. While signing is required, I think signing is out of scope for dmgbuild as a library.
dmgbuild
is an API wrapper around the capabilities of hdiutil
, and hdiutil
doesn't have any native signing capabilities. Yes, the DMG needs to be signed; but so does the contents of the DMG; and the process of managing that signing requires a much more complex set of information and configuration.
I say this as someone who has implemented a wrapper for the signing process; Briefcase uses dmgbuild
, and also performs signing - but the two concerns are quite separate.
There may be scope to extract some of the signing code from Briefcase into a standalone package; but that wouldn't involve adding the code into dmgbuild
.
@freakboy3742 AppDMG / Create-DMG all support code signing, we should consider support it. appdmg
- code-sign (object, optional) - Options for codesigning the DMG
- signing-identity (string, required) - The identity with which to sign the resulting DMG
- identifier (string, optional) - Explicitly set the unique identifier string that is embedded in code signatures
Create-DMG
--codesign <signature>: codesign the disk image with the specified signature
Excellent. Good for them. That doesn't change the fact that I consider signing to be out-of-scope for dmgbuild
.
If you're unhappy with the scope of dmgbuild
, you're free to use a different package.
all apps distributed outside the App Store must be signed by the developer using an Apple-issued Developer ID certificate (combined with a private key) and notarized by Apple to run under the default Gatekeeper settings.