MailTrackerBlocker icon indicating copy to clipboard operation
MailTrackerBlocker copied to clipboard
verified publisher icon apparition47

"Build from source: Makefile" instructions don't work

Open ninetythirty opened this issue 4 years ago • 1 comments

A. The current instructions don't clone the required unsign project. Adding --recursive to the clone command fixes this error.

B. cp instead of mv the unsign binary. This isn't an error, but I think copying is less surprising.

Ref.: https://github.com/apparition47/MailTrackerBlocker/blob/main/Makefile#L31

C. The codesign option runtime was added in macOS 10.14. Your prerequisites state that this project works with macOS 10.11. Removing the option for operating systems older than 10.14 works fine.

Ref.: https://github.com/apparition47/MailTrackerBlocker/blob/main/Makefile#L32

D. Codesign fails with error: The specified item could not be found in the keychain. This error indicates that no developer certificate named "Developer ID Installer: One Fat Giraffe (CW298N32P4)" can be found on my computer. (Of course not.) I'm unfamiliar with macOS codesigning, so I don't know how to fix this problem. Do I need a developer certificate? Is that what unsign is supposed to take care of?

Ref.: https://github.com/apparition47/MailTrackerBlocker/blob/main/Makefile#L32

I didn't submit a PR because I don't know how to solve issue D. Thanks for your contribution to OSS.

ninetythirty avatar May 14 '21 16:05 ninetythirty

Thanks for the feedback, the Make documentation is definitely incomplete; I'll see if I can get around to working on A, B, C.

D. Do I need a developer certificate? Is that what unsign is supposed to take care of?

There's two parts to this:

  1. Big Sur (11.x) Mail requires a signed mailbundle while 10.15 Mail and older will refuse to run signed mailbundles. I've included unsign as part of the end user installation process (found that codesign --remove-signature wasn't reliably available on some setups) to remove the code signature for macOS setups older than 11.x.
  2. In order to deploy a signed pkg installer (to avoid issue #1 Gatekeeper warnings), everything in the payload has to be signed. Ideally, you need to create your own Developer ID Application and Developer ID Installer Certificates from Apple Developer. For testing though, you should be able to skip the productsign and codesign steps and add CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO to Makefile:9.

apparition47 avatar May 15 '21 01:05 apparition47

Added more instructions for non-signed builds

apparition47 avatar Feb 12 '23 08:02 apparition47