James Crook
2016-12-04 16:43:30 UTC
I've shared a signed Audacity build with Gale, just to get some sense of
what is OK/Broken when signing is enabled.
I'm still learning about signing, so the below can and probably will be
streamlined later.
patched wxwidgets was built with xcode 6.4 then I upgraded to xcode 8.1 for building Audacity.
Like Cliff I haven't yet figured out how to build wxWidgets 3.0.2 with xcode 8.1.
signed the wxwidgets release dynlibs using
codesign -s <identity> -v wx*.dynlib
Not sure if that is essential, as the codesign --deep done later may take
care of that.
In the mac build_dist.sh script, I commented out the last line:
#rm -rf ${DMG} TMP.dmg
so that after building, I would have a read/write dmg that I could tweak.
Then:
xcodebuild -clean -build CODE_SIGNING_REQUIRED=NO CODE_SIGNING_IDENTITY=""
-configuration Release install
The disabling of codesigning is because I'd previously set up xcode gui to codesign,
and once you've done that xcode does not like to remove that step - even if you remove identities from it
and try to set codesigning none. I've seen comments about xcode having a cache of identities,
but don't think it was that.
The build creates the TMP.dmg
hdiutil resize -size 200m TMP.dmg
This step is needed as codesigning takes some temporary space, more than is available in the dmg.
mount the dmg
codesign --deep -s <identity> -v "/Volumes/Audacity 2.1.3/Audacity/Audacity.app"
(deep to make sure everything important is signed)
spctl -a -v "/Volumes/Audacity 2.1.3/Audacity/Audacity.app"
(this is to check the signing was OK)
unmount the dmg
hdiutil convert TMP.dmg -format UDZO -imagekey zlib-level=9 -o "Newname.dmg"
codesign -s <identity> -v Newname.dmg
(not even sure if this is needed at all, once the app is signed)
To test the signing, upload the dmg to dropbox and then download it again. Then double click to
install and drag across to apps. When you go to run, you now get this rather than being prevented
from running...
--James.
what is OK/Broken when signing is enabled.
I'm still learning about signing, so the below can and probably will be
streamlined later.
patched wxwidgets was built with xcode 6.4 then I upgraded to xcode 8.1 for building Audacity.
Like Cliff I haven't yet figured out how to build wxWidgets 3.0.2 with xcode 8.1.
signed the wxwidgets release dynlibs using
codesign -s <identity> -v wx*.dynlib
Not sure if that is essential, as the codesign --deep done later may take
care of that.
In the mac build_dist.sh script, I commented out the last line:
#rm -rf ${DMG} TMP.dmg
so that after building, I would have a read/write dmg that I could tweak.
Then:
xcodebuild -clean -build CODE_SIGNING_REQUIRED=NO CODE_SIGNING_IDENTITY=""
-configuration Release install
The disabling of codesigning is because I'd previously set up xcode gui to codesign,
and once you've done that xcode does not like to remove that step - even if you remove identities from it
and try to set codesigning none. I've seen comments about xcode having a cache of identities,
but don't think it was that.
The build creates the TMP.dmg
hdiutil resize -size 200m TMP.dmg
This step is needed as codesigning takes some temporary space, more than is available in the dmg.
mount the dmg
codesign --deep -s <identity> -v "/Volumes/Audacity 2.1.3/Audacity/Audacity.app"
(deep to make sure everything important is signed)
spctl -a -v "/Volumes/Audacity 2.1.3/Audacity/Audacity.app"
(this is to check the signing was OK)
unmount the dmg
hdiutil convert TMP.dmg -format UDZO -imagekey zlib-level=9 -o "Newname.dmg"
codesign -s <identity> -v Newname.dmg
(not even sure if this is needed at all, once the app is signed)
To test the signing, upload the dmg to dropbox and then download it again. Then double click to
install and drag across to apps. When you go to run, you now get this rather than being prevented
from running...
--James.