search

khoj-ai / khoj

Your AI second brain. Self-hostable. Get answers from the web or your docs. Build custom agents, schedule automations, do deep research. Turn any online or local LLM into your personal, autonomous AI (e.g gpt, claude, gemini, llama, qwen, mistral).
https://khoj.dev
GNU Affero General Public License v3.0
14.27k stars 707 forks source link

Sign DMG packages for Mac App #440

Closed sabaimran closed 1 year ago

sabaimran commented 1 year ago

You can sign a DMG package using the codesign command in the Terminal. Here's an example command:

codesign --deep --force --verbose --sign "Developer ID Application: Your Name (ABC123DEF456)" /path/to/your/package.dmg

Replace "Developer ID Application: Your Name (ABC123DEF456)" with your own signing identity. You can find your signing identity in the Apple Developer portal.

Replace /path/to/your/package.dmg with the path to your DMG package.

Here's what each option in the codesign command does:

--deep: Sign all nested code within the package. --force: Replace any existing signature. --verbose: Print verbose output. --sign: Specify the signing identity. After running the codesign command, you can verify the signature using the spctl command:

This command should print accepted if the signature is valid.

spctl -a -vv /path/to/your/package.dmg

Note that you need to have a valid signing identity and a Developer ID certificate from Apple to sign your DMG package.

sabaimran commented 1 year ago

To replace "Developer ID Installer: Your Name (ABC123DEF456)" with the name and identifier of your developer ID installer certificate, you need to know the name and ID of the certificate.

If you have a certificate signing request (CSR) file, you can use it to generate a developer ID installer certificate from the Apple Developer website.

Once you have the certificate, you can find its name and ID by opening the Keychain Access app on your Mac and selecting the "Certificates" category. Look for the certificate with the name you provided when you created the certificate, and note its common name and SHA-1 hash.

To replace "Developer ID Installer: Your Name (ABC123DEF456)" with the name and identifier of your certificate, replace the string with the common name and SHA-1 hash separated by a space, enclosed in quotes. For example:

codesign --force --deep --sign "Developer ID Installer: John Doe (12AB34CD56EF)" "dist/khoj_dev_amd64.dmg"

Replace "John Doe" with the name on your certificate, and "12AB34CD56EF" with the SHA-1 hash of your certificate.

Note that the SHA-1 hash is a hexadecimal string that identifies the certificate uniquely. You can find the SHA-1 hash of your certificate by selecting it in Keychain Access, right-clicking, and selecting "Get Info". The SHA-1 hash is listed under "Details".