[Mountain Lion] Installation with Gatekeeper

[DELETED] 5

• Jul 7, 2012 - 19:13

Type

Functional

Severity

S4 - Minor

Status

closed

Project

MuseScore

Next version of Apple's operating system will have a new feature nicely named Gatekeeper. This piece of software will restrict by default the installation of any software that is no signed by a developer ID delivered by Apple.

We need to obtain a Mac Developer ID and investigate how to apply it automatically to our builds. MuseScore 1.2 should also be signed. Nightlies should probably signed with another key.

See how Mozilla dealt with this issue : http://blog.mozilla.org/bhearsum/archives/287
http://www.erickdransch.com/blog/2012/02/signing-mac-builds/

The main problem currently is that I don't have any hardware to run the developer preview of Mac 10.8 yet. We will also need to check how we can automate the signing for the nightlies.

Comments

[DELETED] 5

• Jul 29, 2012 - 17:25

So first task first, get MuseScore 1.2 signed. Without this, any Mountain Lion user who will want to run MuseScore 1.2 on his mac will need to know about GateKeeper and deactivate it to run MuseScore...

I did the following :

Obtain a Mac Developer ID from Apple and install it on the mac: done
Download MuseScore 1.2 and copy MuseScore.app in applebuild directory
Adapt mscore/packaging/packagemac to call codesign
codesign -s "Developer ID Application: MuseScore" --resource-rules mscore/packaging/CodeResources -f -v ${APP_PATH}
The CodeResources file is attached. It forces the codesigning process to not sign the Resources directory since we read different resources from it, and we advice users to put plugins, templates etc... in it... if we codesign these directories, users with GateKeeper will not be able to install new templates or modify plugins... MuseScore 2.0 should solve this with "My" directories in Preferences.
Result: a new DMG ready to be tested for people with Mountain Lion. GateKeeper should let MuseScore alone!

Next in line, nightlies
TODO

Get another certificate for nightlies
Install in on the nightly server
When using codesign, you have to be in front of your computer to enter your password to access the keychain... something like security unlock-keychain -p somepassword ~/Library/Keychains/login.keychain before calling codesign should work.

Attachment	Size
CodeResources.txt	1.28 KB

agantacroxi

• Jul 28, 2012 - 00:58

Sure it is that important for the Nightlies? I mean, who downloads nightlies should know about gatekeeper, or not? Cheers

chen lung

• Jul 28, 2012 - 05:38

Title

MuseScore on Mountain Lion : Gate Keeper

⇒

MuseScore on Mountain Lion: Gate Keeper

chen lung

• Jul 28, 2012 - 05:40

Title

MuseScore on Mountain Lion: Gate Keeper

⇒

[Mountain Lion] Installation with Gatekeeper

[DELETED] 5

• Jul 29, 2012 - 17:27

Nighlies are now signed too! A different certificate is used and the resources folder + the binary are signed, not the rest. The CodeResources file is not used for now. This issue is fixed.

[DELETED] 5

• Jul 29, 2012 - 17:28

Status (old)

active

⇒

fixed

System Message

• Aug 12, 2012 - 17:30

Status (old)

fixed

⇒

closed

Automatically closed -- issue fixed for 2 weeks with no activity.