[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tycho-user] Tycho and code signing on OS X

Hey!

As far as I know, you need use the "codesign" command from the Xcode toolchain.
Maybe there are hacks and tricks out there that make "codesign" work on Linux, but I don't know anything about that.


The Mozilla guys also do OSX signing in their build process, maybe they know a way to get this to work on Linux machines...?

Cheers,
-Martin



On 28.09.12 12:06, Markward Schubert wrote:
Hi, just joining your discussion:

Do I understand this right, that if we want to sign our app for OSX, we
definitively need an OSX machine in our build-farm?
Or to put this a different way: The signing process can only be done if
we do it "[...] on a OSX machine with the Xcode toolchain installed and
you need to unlock your OSX keychain before." as Martin explained?

Just asking so I can get the people with the money get used to the idea,
that I need a Mac to make it Jenkin's slave :-)

Regards,
Markward


2012/9/27 David Carver <d_a_carver@xxxxxxxxx <mailto:d_a_carver@xxxxxxxxx>>

    You could do the same thing with the exec-maven-plugin.  Which would
    avoid the call to Ant.

    Dave

    On 09/27/2012 02:53 PM, Martin Lippert wrote:

        Hey Valerio!

        I guess you mean signing the OSX app with an Apple certificate
        to make Mountain Lion and Gatekeeper happy? I do the following
        in my build script for the products of the Spring Tool Suite:

        (you would need to replace STS.app with the name of your app, of
        course, and <YourCompanyHere> with the correct ID of your Apple
        Developer certificate that you need from Apple)

        <build>
             <plugins>
                 <plugin>
        <groupId>org.apache.maven.__plugins</groupId>
        <artifactId>maven-antrun-__plugin</artifactId>
                     <version>1.7</version>
                     <executions>
                         <execution>
                             <id>osx-app-signing</id>
                             <phase>package</phase>
                             <configuration>
        <skip>${skip.osx.signing}</__skip>
                                 <target>
                                     <taskdef
        resource="net/sf/antcontrib/__antcontrib.properties" />

                                     <exec executable="codesign">
                                         <arg value="-s"/>
                                         <arg value="Developer ID
        Application: <YourCompanyHere>"/>
                                         <arg
        value="${build.destination.__cocoa.x86}/sts-${__unqualifiedVersion}.${p2.__qualifier}/STS.app"/>
                                     </exec>

                                     <exec executable="codesign">
                                         <arg value="-s"/>
                                         <arg value="Developer ID
        Application: <YourCompanyHere>"/>
                                         <arg
        value="${build.destination.__cocoa.x86_64}/sts-${__unqualifiedVersion}.${p2.__qualifier}/STS.app"/>
                                     </exec>

                                 </target>
                             </configuration>
                             <goals>
                                 <goal>run</goal>
                             </goals>
                         </execution>
                     </executions>
                 ...


But you need to run this on a OSX machine with the Xcode toolchain installed and you need to unlock your OSX keychain before.

        HTH,
        Martin



        On 27.09.12 20:38, Valerio Santinelli wrote:

            Hello there,

            this is my first post on this list and I hope I'm not going
            to be off-topic.

            Hre's the question: has anyone stumbled upon having to code
            sign an OS X binary (.app) built with Tycho?
            Is there a script that can be run from Maven or a plugin for
            the Maven+Tycho couple?

            Thanks!

            Valerio Santinelli

            Inviato da iPad
            _________________________________________________
            tycho-user mailing list
            tycho-user@xxxxxxxxxxx <mailto:tycho-user@xxxxxxxxxxx>
            https://dev.eclipse.org/__mailman/listinfo/tycho-user
            <https://dev.eclipse.org/mailman/listinfo/tycho-user>

        _________________________________________________
        tycho-user mailing list
        tycho-user@xxxxxxxxxxx <mailto:tycho-user@xxxxxxxxxxx>
        https://dev.eclipse.org/__mailman/listinfo/tycho-user
        <https://dev.eclipse.org/mailman/listinfo/tycho-user>


_________________________________________________ tycho-user mailing list tycho-user@xxxxxxxxxxx <mailto:tycho-user@xxxxxxxxxxx> https://dev.eclipse.org/__mailman/listinfo/tycho-user <https://dev.eclipse.org/mailman/listinfo/tycho-user>




_______________________________________________ tycho-user mailing list tycho-user@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/tycho-user