Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Signing Under Mac OS X
To sign command-line programs under Mac OS X you need 2 signing identities: one for the application and one for the installer.
For example in
var DEVELOPER_ID_APPLICATION:String = "3rd Party Mac Developer Application: Zwetan Kjukov (4AT3SFJR6C)"; var DEVELOPER_ID_INSTALLER:String = "3rd Party Mac Developer Installer: Zwetan Kjukov (4AT3SFJR6C)";
Signing an Installer
You basically use the
DEVELOPER_ID_INSTALLER identity with the
pkgbuild command-line tool.
For example to sign a
.pkg (installer) file
$ pkgbuild --sign "3rd Party Mac Developer Installer: Zwetan Kjukov (4AT3SFJR6C)"
(yes you need to use the whole string)
A full command would look like
$ pkgbuild --root path/to/pkgdir \ --identifier com.corsaair.helloworld \ --version 1.2.3 \ --ownership recommended \ --sign "3rd Party Mac Developer Installer: Zwetan Kjukov (4AT3SFJR6C)"
Signing an Application
There you use the
DEVELOPER_ID_APPLICATION identity with the
codesign command-line tool.
For the signing to work the executable have to be a Mach-O executable.
$ codesign --force \ --sign "3rd Party Mac Developer Application: Zwetan Kjukov (4AT3SFJR6C)" \ path/to/cli/executable
Special case with Redtamarin projectors
Even if the executable is a regular Mach-O executable,
because we embed our program into it,
codesign will report "main executable failed strict validation".
If you absolutely need a signed executable, you can sign one of the
and provide either the ABC or SWF file as an external file to accompany it.
First, you will need to sign a redshell executable
Copy one of the redshell
$ cp /usr/lib/redtamarin/runtimes/redshell/macintosh/64/redshell redshell-signed
$ codesign --force --sign "3rd Party Mac Developer Application: Zwetan Kjukov (4AT3SFJR6C)" redshell-signed
Verify that it is signed
$ codesign -dvvv redshell-signed
output should be
Identifier=redshell-signed Format=Mach-O thin (x86_64) CodeDirectory v=20200 size=15979 flags=0x0(none) hashes=793+2 location=embedded Hash type=sha1 size=20 CDHash=028ac8507770397c5f395548c36aa5b83d3f356d Signature size=4350 Authority=3rd Party Mac Developer Application: Zwetan Kjukov (4AT3SFJR6C) Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA Signed Time=3 May 2016 00:49:25 Info.plist=not bound TeamIdentifier=4AT3SFJR6C Sealed Resources=none Internal requirements count=1 size=196
Then you will need to change how you build the projector in
projector( "helloworld", false, null, [ "helloworld.abc" ], null, "redshell-signed" );
You will then need to alter your deployment structure
. |_ usr |_ local |_ lib |_ helloworld |_ lib either | |_ helloworld.abc your program as an ABC file | |_ helloworld.swf your program as a SWF file | |_ runtime |_ redshell the signed redshell executable
You will also need to change the wrapper script
#!/bin/sh /usr/lib/helloworld/runtime/redshell /usr/lib/helloworld/lib/helloworld.abc -- $@