Sign the Mac Release

[grthor]

This issue is just for the record.

@dschadow is currently working on this.

[simlei]

We decided to leave the Mac OS/X version unsigned for now -- this issue is no longer part of the 1.0 release. We have had longstanding problems with this:

• Only one person can test the signing properly as the key is linked with the apple account
• Signing the app currently renders it unopenable ("could not load dynamic linked library")

[mouse07410]

With the new MacOS, you need to either sign (all of) the dynamic libraries the app uses in addition to signing the app itself, or (if you build/sign with Xcode) mark (among the capabilities, I think) that it should not validate the dynamic libraries.

I tried both approaches with my app that uses OpenSSL, and settled on the 2nd: just don't validate the libs.

[simlei]

@mouse07410 That is quite interesting. Thanks for your comment!

We sign our product as follows:

codesign -f -v --timestamp --sign "xxxxxxxxx" --options=runtime JCrypTool.app 

How would one proceed to "not validate the libs"? set an xattr (before) or (after) the signing?

Is this flag one you used, or is it some other flag / something else? https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation

We'd be happy about any further information about your process :) However, we do not use Xcode -- we have to sign everything directly from the command line...

[simlei]

Update 2021: Still no working signatures for Mac