Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove OSX dependency (aka support Linux) #6

Open
trufae opened this issue Feb 16, 2016 · 13 comments
Open

Remove OSX dependency (aka support Linux) #6

trufae opened this issue Feb 16, 2016 · 13 comments

Comments

@trufae
Copy link
Member

trufae commented Feb 16, 2016

As described in this project: https://github.com/saucelabs/isign

Looks like it is basically running openssl commands to do all that signing thing without depending on Apple hw or sw. (thanks @oleavr for the finding)

@dweinstein
Copy link
Member

👍 do you want to get this out before we open this repo up to the public or nah?

@trufae
Copy link
Member Author

trufae commented Feb 16, 2016

it is not mandatory but it will be nice to have. The problem of this python
implementation is that it also requires a tool that is not distributed with
openssl and it needs to be a very specific version. We can release as is
for now, and investigate later on this to make it fully portable without
depending on system programs.

On Tue, Feb 16, 2016 at 8:57 PM, David Weinstein notifications@github.com
wrote:

[image: 👍] do you want to get this out before we open this repo up to
the public or nah?


Reply to this email directly or view it on GitHub
#6 (comment)
.

@trufae
Copy link
Member Author

trufae commented Feb 18, 2016

IMHO this issue is not blocking

@oleavr
Copy link
Member

oleavr commented Feb 18, 2016

IMHO this issue is not blocking

+1

@trufae
Copy link
Member Author

trufae commented Apr 20, 2016

For a quick approach we can just write a bunch of shellscript or python lines to implement the codesign and security programs using isign. But ideally we should have those implemented in pure node.

Those are all the four commands used in applesign

codesign -v —no-strict binaryName        # verify
codesign —no-strict —fs identityFile —entitlements=$entitlementsfile binaryToSign  # sin binary using given identity
security find-identity -v -p codesigning      # enumerate all identities with support for codesigning (maybe hardcoded)
security cms -D -i embedded.mobileprovision    # encode CMS messages 

@dweinstein
Copy link
Member

dweinstein commented Apr 20, 2016

yeah I'm investing my time fixing some issues with isign so it could work out... though longer term I'd love to see something pure-node too

@trufae
Copy link
Member Author

trufae commented May 8, 2016

See 2d8caec

@trufae
Copy link
Member Author

trufae commented May 8, 2016

@mkayswork
Copy link

An pure node solution without os x dependency would be great, I've been looking for this a few weeks..

@trufae
Copy link
Member Author

trufae commented Aug 11, 2016

@mkayswork there's https://pypi.python.org/pypi/isign/ but from my experience it is pretty hard to setup and it is pretty buggy, so it is not a reliable option

@mkayswork
Copy link

Ty, I know that project because I have to use it to get rid of that OS X dependency. It's also working, but pure node would be far better for me..

The setup itself isn't that hard anymore, the issues also give good hints for some use cases.. ;)

@trufae
Copy link
Member Author

trufae commented Aug 16, 2016

You can help on this by writing separate standalone tools that mimic osx functionality but using isign under the hood to get applesign working outside osx.

After this it will be desirable to slowly reimplement those commands as node modules that can be used to replace the tools.js thing

On 15 Aug 2016, at 11:00, Matthias Kühnel notifications@github.com wrote:

Ty, I know that project because I have to use it to get rid of that OS X dependency. It's also working, but pure node would be far better for me..

The setup itself isn't that hard anymore, the issues also give good hints for some use cases.. ;)


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

@mkayswork
Copy link

I don't have enough knowledge regarding the signing process of os x. From what I've learned, the proccess is very complex. I managed to get it working on linux with isign https://pypi.python.org/pypi/isign/ . It's because It relies on OpenSSL which is only available as a third party solution on Windows. Since the code signing process is very complex, I don't want to rely on those, which is why I started using Isign.

@trufae trufae changed the title Remove OSX dependency Remove OSX dependency (aka support Linux) Dec 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants