Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adhoc signing happens too often #1099

Open
mhsmith opened this issue Feb 14, 2023 · 1 comment
Open

Adhoc signing happens too often #1099

mhsmith opened this issue Feb 14, 2023 · 1 comment
Labels
bug A crash or error in behavior. good first issue Is this your first time contributing? This could be a good place to start! macOS The issue relates to Apple macOS support.

Comments

@mhsmith
Copy link
Member

mhsmith commented Feb 14, 2023
edited

Adhoc signing of every .so or .dylib in the app takes at least 7 seconds on my machine for a minimal app, and 15 seconds for this app. So it's annoying that it happens every time I run briefcase run -u, and unnecessary because that command isn't capable of changing any of the signed files.

Similarly, briefcase package -u will adhoc sign the app, and then properly sign it all over again.
@mhsmith mhsmith added bug A crash or error in behavior. macOS The issue relates to Apple macOS support. labels Feb 14, 2023
@freakboy3742 freakboy3742 added the good first issue Is this your first time contributing? This could be a good place to start! label Feb 15, 2023
@freakboy3742
Copy link
Member

Definitely agreed that some optimisation is called for here.

Some notes for potential implementors:

  1. We can't completely drop signing on briefcase run -u - while we don't need to resign the app_packages, the signing of the app bundle as a whole is needed, because the app content has changed.
  2. Build currently automatically does an automatic adhoc sign to ensure that run has a binary that can run locally. However, when invoking package, that signing during build is redundant. The good news is that the kwargs passed to build_app will have identity and adhoc_sign provided as arguments if it is being invoked transitively from a package command; this could be used as a signal to ignore the signing pass on build.
  3. There is some crossover with Remove the --no-sign option and warn the user about --adhoc-sign on macOS applications #865; anyone tackling this issue may want to look into that one as well.
  4. There is also potentially some crossover with Make create, update, build and run automatically execute any of the earlier steps which are out of date #807. Part of the underlying issue here is that the "dirty" state of the app includes whether the file has been updated since it was last signed. Updating a single binary file should only require that single file to be re-signed; the current process does a complete re-sign, regardless of whether a file has been altered. Addressing Make create, update, build and run automatically execute any of the earlier steps which are out of date #807 is a much bigger change; we can make significant improvements to workflows without introducing a full "dirty state" tracking system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug A crash or error in behavior. good first issue Is this your first time contributing? This could be a good place to start! macOS The issue relates to Apple macOS support.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@freakboy3742 @mhsmith