Squirrel.Mac icon indicating copy to clipboard operation
Squirrel.Mac copied to clipboard

Published 20 hours ago verified publisher icon Squirrel

Move shipit executable out of Resources, codesign it separately

Open jspahrsummers opened this issue 11 years ago • 1 comments

Originally mentioned by @keithduncan in #1:

You should sign every executable in your product, including applications, tools, hidden helper tools, utilities and so forth. Signing an application bundle covers its resources, but not its subcomponents such as tools and sub-bundles. Each of these must be signed independently.

If you sign a bundle container such as a .app and that signature includes it’s subcomponents such as .framework bundles or single file utilities, subsequently signing those subcomponents will change their contents and invalidate the signature of the parent component that included them in it’s signature.

quote is from Apple docs Code Signing Guide > Code Signing Tasks

jspahrsummers avatar Aug 06 '13 06:08 jspahrsummers

shipit will be an XPC service after #18, but we'll still need to codesign it.

jspahrsummers avatar Aug 10 '13 04:08 jspahrsummers