core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon jcryptool

Sign the Mac Release

Open grthor opened this issue 5 years ago • 4 comments

This issue is just for the record.

@dschadow is currently working on this.

grthor avatar Jun 02 '20 16:06 grthor

We decided to leave the Mac OS/X version unsigned for now -- this issue is no longer part of the 1.0 release. We have had longstanding problems with this:

  • Only one person can test the signing properly as the key is linked with the apple account
  • Signing the app currently renders it unopenable ("could not load dynamic linked library")

simlei avatar Oct 27 '20 13:10 simlei

With the new MacOS, you need to either sign (all of) the dynamic libraries the app uses in addition to signing the app itself, or (if you build/sign with Xcode) mark (among the capabilities, I think) that it should not validate the dynamic libraries.

I tried both approaches with my app that uses OpenSSL, and settled on the 2nd: just don't validate the libs.

mouse07410 avatar Oct 27 '20 14:10 mouse07410

@mouse07410 That is quite interesting. Thanks for your comment!

We sign our product as follows:

codesign -f -v --timestamp --sign "xxxxxxxxx" --options=runtime JCrypTool.app

How would one proceed to "not validate the libs"? set an xattr (before) or (after) the signing?

Is this flag one you used, or is it some other flag / something else? https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation

We'd be happy about any further information about your process :) However, we do not use Xcode -- we have to sign everything directly from the command line...

simlei avatar Oct 27 '20 15:10 simlei

Update 2021: Still no working signatures for Mac

simlei avatar Jan 26 '21 13:01 simlei