[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Apple App Store Redux



On Sun, Nov 17, 2013 at 09:15:58AM +0000, Georg Koppen wrote:
> Erinn Clark:
> > I am at this point in favor of signing OSX packages with their codesigning but
> 
> How is this supposed to work with Gitian?

I don't see the problem. You can still verify the output of your Gitian build
against the signed version. After all, signing an app just adds an
LC_CODE_SIGNATURE load command plus associated data to your Mach-O files and a
Contents/_CodeSignature/CodeResources for the resources to your app bundle. To
verify you can simply remove both using command line tools and compare the
signed version against the local Gitian build process output.

Cheers,
Ralf
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev