Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update codesign script for Hardened Runtime #1319

Closed
kolpanic opened this issue Nov 23, 2018 · 9 comments
Closed

Update codesign script for Hardened Runtime #1319

kolpanic opened this issue Nov 23, 2018 · 9 comments

Comments

@kolpanic
Copy link
Contributor

kolpanic commented Nov 23, 2018
edited
Loading

Based on my experience building Sparkle for use in a sandboxed & notarized app (#1266 (comment) and subsequent discussion), the script used to codesign the XPCs should be updated to use the -o runtime flag. In addition, the script should also codesign the executables embedded in Sparkle.framework.

  1. The command in codesign_xpc should have "-o", "runtime" added to its arguments.
  2. Rename codesign_xpc to codesign_embedded_executable
  3. Rename xpc_service(s) to executable(s).
  4. Update the installation instructions with the new script name and the necessity to sign the executables embedded in Sparkle.framework
@kolpanic kolpanic mentioned this issue Nov 23, 2018
Closed
@Nomis101 Nomis101 mentioned this issue Dec 24, 2018
Closed
5 tasks
@rob-dodson
Copy link

Mojave 10.14.5 will require non Mac App Store apps to be hardened.

@kolpanic
Copy link
Contributor Author

kolpanic commented Apr 16, 2019
edited
Loading

In that case, the -o runtime switch shouldn't be optional. I'll update the issue description.

@kornelski
Copy link
Member

Can you make a PR with this?

@kolpanic
Copy link
Contributor Author

I'd love to, but I already have a customized fork under my personal account for Coruscation, and I don't want to update it.

(I'd fork to our work org. but I don't have the permission. We also want to try to get the ui-separation-and-xpc branch synced with master so we can use EdDSA signing and build with Xcode 10.2.)

@chess92
Copy link

chess92 commented Apr 17, 2019
edited
Loading

Is there a time estimate when this will be added to the release version of Sparkle? Or a solution that works on the master branch?

I have attempted to build / archive Sparkle with Hardened runtime with no success (using the latest master branch). The only two targets with the Capabilities tab are "Sparkle Test App" and "Autoupdate" and I have them both set to Hardened Runtime.

Edit: Also, the bin directory no longer uses the scripts you mention in your instructions.

@kolpanic
Copy link
Contributor Author

kolpanic commented Apr 17, 2019
edited
Loading

@chess92 #1266 (comment) is the procedure I used to get Sparkle built for our apps with sandboxing, hardened runtime, and notarization.

@chess92
Copy link

chess92 commented Apr 17, 2019

ok thank you, I will check it out

@kolpanic
Copy link
Contributor Author

Looks like point 1 was taken care of by #1391.

We were able to fork the repo to our work org., so I'll do the other points.

kolpanic pushed a commit to FlixelPhotos/Sparkle that referenced this issue Apr 18, 2019
Upate the codesign script (since it’s for more than just XPCs)
6975392 
sparkle-project#1319
@kolpanic kolpanic mentioned this issue Apr 18, 2019
Merged
@rob-dodson
Copy link

Will this update be available via cocoapods?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kornelski @kolpanic @chess92 @rob-dodson