OSX Installer

Bastiaan Olij bastiaan at basenlily.me
Tue Aug 19 19:59:44 EDT 2014


Hi Bo,

That text you quoted would actually underline exactly what I was talking
about. From what I've read so far code signing now requires all files
within the app bundle to be code signed. That means non of those files
can be modified without the code signing becoming invalid.

That means if you add files to the bundle, change files, etc. you
invalidate the code signing which makes perfect sense. As Omnis does
this with data files the moment you start Omnis and it edit/creates the
omnis.cfg, omnispic.df1, userpic.df1 etc files your code sign will fail
and the OS will block the app from running.

However, if you use the firstruninstall approach the app bundle will not
be modified. Instead these files will simply be copied into the users
application support folder and accessed from there which should not
compromise your code signing. Have you tried doing so? I haven't yet so
it is all theory at the moment.

Mind you, if the simple answer is that the OS is indeed invalidates code
signing on data no application would ever work anymore on OSX. By the
nature of how OSX applications are build executable code and data is
always stored separately within the app bundle.

As far as I am aware, and this goes for Windows, OS X and iOS, the idea
is that what you install as the application should be a read only
structure (on windows what you install into program files, on Mac what
is contained within your application bundle). You are then able to
copy/create any mutable files within user specific locations (<user
home>/App Data/Local/yourappname on windows, <user
home>/Library/Application Support/yourappname on Mac). The key is that
no executable code is allowed to be started from this mutable location.
This way trojans, virusses, etc. can't infect your application. The
executable code is read only and can only be modified by a code signed
installer, the mutable data can't be executed. Omnis code, like most
other runtime language breaking this by default as it is not considered
executable code by the OS, but alas. 

Anyway, I hope to get back to this soon and do some experimenting myself
so it is not longer just theory to me:)

Cheers,

Bas

On 19/08/14 5:48 PM, Bo Carleö wrote:
> Hi  Bas
>
> It´s able to distinguish executable code from data.
> I´ve tested so I know on which files the signing process stops.
>
> From Apple:
> "• Appending data to a Mach-O executable is expressly prohibited. Signature verifications on such files will fail.”
>
> http://c.apple.com/r?v=2&la=en&lc=us&a=LyplmDwDCql%2FTg%2BN55fRDSMV2a7O%2B6ZYZAopiJytLmMSm388Twlx9Im8hS8ZOAGp&ct=AJ0T0e3y2W
>
> Bo
>




More information about the omnisdev-en mailing list