Re: [basex-talk] Mac OS X package (was Mac OS X, key bindings, 8.0 betas)

Mon, 22 Sep 2014 02:11:37 -0700 

Hi James,

thank you very much for your feedback and suggestions. You definitely brought 
me on the right track.

On 15.09.2014, at 16:09, James Ball <basex-t...@jamesball.co.uk> wrote:

> I think that it is being signed with your Mac Developer certificate. [ Mac 
> Developer: Alexander Holupirek (ER9NUV223U) ]
> I’m not expert on the developer certificates but I think that each 
> application has to be signed with a Developer ID Application certificate.

You're perfectly right about that. There are different certificates to obtain 
for different tasks [0].

> Compare the result of testing another non-Mac App Store application:
> 
> jb8748$ spctl -a -vvvv ./Across\ Lite.app/
> ./Across Lite.app/: accepted
> source=Developer ID
> origin=Developer ID Application: Literate Software LLC
> 
> with BaseX:
> 
> jb8748$ spctl -a -vvvv ~/Downloads/BaseX.app/
> /Users/jb8748/Downloads/BaseX.app/: rejected
> origin=Mac Developer: Alexander Holupirek (ER9NUV223U)
> 
> A check with code sign [ codesign -d -vvv ~/Downloads/BaseX.app/ ] suggests 
> that there is nothing wrong with the hashes or the signature. So it seems 
> that it’s just that it’s signed with a certificate that isn’t accepted by 
> Gatekeeper.
> 
> I think that a registered developer can obtain a Developer ID Application 
> certificate — it’s just a request somewhere on the portal. Perhaps you have 
> to have one per application which is why it’s different to your Mac Developer 
> one?

Very right. I'm now signing with 'Developer ID Application: BaseX GmbH 
(K88H76ZSQF)' and the verification tools give following output:

% spctl --status
assessments enabled
% spctl -a -vvvv ./app/BaseX.app 
./app/BaseX.app: accepted
source=Developer ID
origin=Developer ID Application: BaseX GmbH (K88H76ZSQF)

> It’s all a bit of a black art to me but I hope this helps!

I'm glad that the Apple document about that topic is entitled 'Your Signing 
Certificates in Depth'. I was not aware of this depth before.
But now, I'm confident that the current BaseX.app [1] is in quite good shape 
(at least concerning the signing issue ;-)

Thanks a lot
        Alex

[0] 
https://developer.apple.com/library/mac/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html#//apple_ref/doc/uid/TP40012582-CH31-SW41
[1] http://files.basex.org/releases/BaseX-latest.app.tar.bz2 (22-Sep-2014 
10:31, MD5 37ea3aa39bdb5a4efb467535ebe5894e)

Reply via email to