search

realthunder / solvespace

Parametric 2d/3d CAD
http://solvespace.com/
GNU General Public License v3.0
15 stars 3 forks source link

Signing shared library for macOS #8

Open kroko opened 1 year ago

kroko commented 1 year ago

FreeCAD is signed

╰─➤  codesign --display -vv /Applications/FreeCAD-0.21.1/FreeCAD.app
Executable=/Applications/FreeCAD-0.21.1/FreeCAD.app/Contents/MacOS/FreeCAD
Identifier=org.freecadweb.FreeCAD
Format=app bundle with generic
CodeDirectory v=20200 size=214 flags=0x10000(runtime) hashes=1+3 location=embedded
Signature size=9137
Authority=Developer ID Application: Christopher Hennes (394HN54UJM)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=31 Aug 2023 at 21:31:20
Info.plist entries=18
TeamIdentifier=394HN54UJM
Sealed Resources version=2 rules=13 files=32635
Internal requirements count=2 size=23

It seems the shared lib _slvs.so that is shipped together with Assembly 3 addon is not

╰─➤  codesign --display -vv /Users/reinis/Library/Application\ Support/FreeCAD/AdditionalPythonPackages/py310/py_slvs/_slvs.so
Executable=/Users/reinis/Library/Application Support/FreeCAD/AdditionalPythonPackages/py310/py_slvs/_slvs.so
Identifier=_slvs.so
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=4641 flags=0x20002(adhoc,linker-signed) hashes=142+0 location=embedded
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements=none

Any plans on signing it?

If no dev cert is available unfortunately at this time I do not have active apple dev subscription to lend one. Maybe the signing authority for FC, namely @chennes can help out with a separate ID? 😄 🤞 Plain binary can be signed with one liner

In reference to https://github.com/FreeCAD/FreeCAD/issues/11071 -> at the end of the day for FC to give best experience on macOS one has to sign FC itself, as well as all addons that ship with binaries should be signed.

Thanks!

realthunder commented 1 year ago

Hmm... Tried to enroll as Apple Developer and got error. Search around and shocked to find people reporting the same problem every where. How can Apple allow that for years without any official explanation.

kroko commented 1 year ago

I actually renewed my apple dev certificate this week. So if your enrolment fails -> if you're interested I can support this project and sign macos binaries (just drop me a line to development at warp.lv).

realthunder commented 1 year ago

Thanks for the kind gesture. I think I'll re-try enrollment a few more times first.