Tighten Pro C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: codesigning for Mountain Lion building on Snow Leopard
No teams showing in organizer | Cocoabuilder
You *can* sign with Developer ID on a Mac running Snow Leopard. It is not officially supported, but it is unofficially supported and somewhat documented.
You need a Mac running Xcode 4.3+ in order to retrieve your Signing Certificate(s). You then export this from Xcode 4.3+, then import into Keychain Access in your Build Mac. Then you can sign anything with Developer ID on your Build Mac using the 'codesign' command-line tool. I am running Xcode 3.2.5 under 10.7 (not supported, but I do it anyhow), and have successfully added this step to my build script and it works.
Personally, I haven't had any trouble building and signing with Xcode 3.2.5. However, in order to get applications into the App Store successfully you will need to build retina Icons on Lion or Mountain Lion using iconutil and then use these icns in your Xcode 3.2.5 build. Labels: codesigning, lion, mac app store, mountain lion, retina
|
|
|
Mac Developer: Tighten Free Download
Just added a download link to the Free edition of Tighten: generates a customized implementation of Mac App Store Receipt Validation unique to your application. Better than using free code samples from the internet.
Consider upgrading to Tighten Pro for a more secure implementation. Labels: app store, codesign, receipt, validation
|
|
|
Mac Developer: Checking Code Signing and Sandboxing Status in Code – Ole Begemann
Checking Code Signing and Sandboxing Status in Code – Ole Begemann
Can we do the same in code? Yes we can. With a lot of help from my coworkers Jörg Jacobsen (see his work on XPC and Sandboxing for the iMedia framework) and Christian Beer (who pointed me to the source code for the codesign utility), I wrote a category on NSBundle that can tell you for any application bundle:
· whether it has a valid code signature,
· whether it is sandboxed and
· whether it was downloaded from the Mac App Store."
Labels: codesign, entitlements, sandbox
|
|
|
Mac Developer: Xcode static openssl darwin libssl.a libopenssl.a
#!/bin/bash
cd /Users/me/openssl/
OPENSSL_VERSION="1.0.1c"
curl -O http://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz
tar -xvzf openssl-$OPENSSL_VERSION.tar.gz
mv openssl-$OPENSSL_VERSION openssl_i386
tar -xvzf openssl-$OPENSSL_VERSION.tar.gz
mv openssl-$OPENSSL_VERSION openssl_x86_64
cd openssl_i386
./Configure darwin-i386-cc
make
cd ../
cd openssl_x86_64
./Configure darwin64-x86_64-cc
make
cd ../
mkdir libopenssl
mkdir libopenssl/lib
libtool -static -o ./libopenssl/lib/libcrypto.a ./openssl_i386/libcrypto.a
./openssl_x86_64/libcrypto.a
libtool -static -o ./libopenssl/lib/libssl.a ./openssl_i386/libssl.a ./openssl_x86_64/libssl.a
ln -s -v /Users/me/openssl/openssl_i386/include openssl-$OPENSSL_VERSION
ln -s -v /Users/me/openssl/openssl_x86_64/include libopenssl
rm openssl-$OPENSSL_VERSION.tar.gz
Dynamically linking to crypto.dylib has been deprecated and CommonCrypto is the preferred system API. If you rely on openssl, you may want to create static libaries and link to them directly. I was scrounging on the internet and found a script which I modified for this purpose. Replace /Users/me/openssl with your own private openssl directory name.
|
|
|
Mac Developer: Another Viewer for Mac App Receipts
ViewBer
ViewBer is a free utility that displays the ASN.1 structure of a BER-encoded file. ViewBer can be used to view the contents of DER and PEM encoded X.509 certificates, PKCS#12, PKCS#10, CSR files, PKCS#7, etc.
This shows a slightly different view of the PKCS#7 structure. To use with a Mac App Receipt, copy the receipt to the desktop, add a .ber file extension and open it with ViewBer. Labels: ASN.1, BER encoding, DER encoding
|
|
|
Mac Developer: Re-Signing iOS apps
Re-Signing iOS apps
In order for an app to run on an iOS device, it needs to be code signed. This proves to iOS that the app has been approved to run on iOS devices. This is true of any apps in the App store, ad-hoc, or enterprise apps. The App store apps add an additional level of protection, as the apps are not only cryptographically signed by Apple, but also protected by DRM. Since only Apple can apply this DRM to apps, the app needs to go through the approval process and be “blessed” by Apple."
Even though this article is about iOS applications, it reveals some important ideas for Mac developers distributing applications signed with Developer ID. If the application itself does not check the code signature, your work could be altered and redistributed with different credentials.
Labels: ASN.1, codesigning, developerid, ios
|
|
|
Mac Developer: Apple turns on App Store Genius recommendations for developers
Apple turns on App Store Genius recommendations for developers: "Apple rolled out a revamped App Store for iOS 6 beta on Friday, though at the time it appeared to be a work in progress as Genius recommendations weren't yet activated and the 'Chomp-inspired' layout seen on the iPad version had yet to make its way to the iPhone. "
When the gorilla shuffles it's foot, thousands of ants die. Labels: app store, chomp
|
|
|
Mac Developer: Quarantine, Gatekeeper and xattr
Issue 156 - soundflower
OK, I seem to have found a fix for this. The problem seems to be that the installer gets 'quarantined' because of an unrecognised certificate. This is marked against the file by an extended attribute. You need to clear the attribute to allow the installer to run again. The command for this is:
xattr -c
The installer will run after this. It throws up a certificate error but you can tell the system to trust it. For some reason, the install ran completely clean...
More about the xattr command at developer.apple.com. Labels: gatekeeper, quarantine bit
|
|
|
| |
|