-
XAR signing is effectively just an RFC 5652 CMS signature plus some minimal data structure manipulation. Code at https://github.com/indygreg/PyOxidizer/blob/faa7dfcea5d66bf5....
Mach-O and bundles, by contrast, require a myriad of additional data structures requiring thousands of lines of code to support. To my knowledge, nobody else has implemented signing of these far-more-complicated primitives. (Existing Mach-O signing solutions just do ad-hoc signing and/or don't handle Mach-O in the context of a bundle.)
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
I think Apple's official code signing tool is also open source?
https://github.com/Apple-FOSS-Mirror/security_systemkeychain...
-
swift-corelibs-foundation
The Foundation Project, providing core utilities, internationalization, and OS independence
CoreFoundation is (partially?) open-source and cross-platform now: https://github.com/apple/swift-corelibs-foundation
-
This is actually a solved problem, using osxcross[0]. The experience is honestly very smooth, and we don't require any apple proprietary binaries. The only thing apple-proprietary is their SDK (containing the header files for compiling, and tbd files for linking), which can be downloaded from apple's website (at least if you have a developer account), or from various GitHub projects archiving them.
[0]: https://github.com/tpoechtrager/osxcross
-
this feels like a job for lemur and smallstep
https://smallstep.com/docs/step-ca
https://github.com/Netflix/lemur
-
gon
Discontinued Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library. (by mitchellh)
I’ve always used gon ( https://github.com/mitchellh/gon ) for this, which is open source golang, but I don’t think it supports mach-o embedding. I’ll have to try this tool out.
-
Kudos to these developers. I wish them success.
If I can do a small derail: I and some contributors had this mostly working a few iOS versions ago with isign (https://github.com/isignpy/isign). This is befor notarization. Announced several times to HN but didn’t seem to be interesting to many people.
This was a spin-off from our work at a testing company. I’m not an iOS developer.
I tried to make it into something, but I could never figure out who actually wanted this. What potential uses are foreseen for rcodedesign?
We did a project for a large financial company to make it compatible with hardware security module signing, but they never implemented it due to the pandemic changing priorities, and then someone discovered there was a little-known API to do something similar anyway, so our project was shelved. (We got paid though).
From time to time I am contacted by people who run alternative app stores, either distributing hacked versions of paid apps, or who run app store in countries under embargo from Western countries. (They have banks, they have iOS apps, their customers have iPhones, they want a way to distribute them). The ethical issues and legal risks seemed significant so I never pursued that. If someone wants to go do that, I guess that’s a use case.
It might have some use in build pipelines, but without a true Linux build environment it didn’t seem like a win.
So… again kudos, but what can we do with this? I’m not dissing it, I’m genuine baffled. I also thought this would be important and useful but couldn’t figure it out.
-
InfluxDB
InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.
-
