Signing OSX Builds

Below are the steps for signing OSX Builds using masonry:


  • Enroll in the Apple Developer Program to be able to generate a Developer ID Certificate
  • Install Apple Certificates in your Keychain using Xcode (Preferences -> Accounts)

Ss1.jpg

  • Add the Developer ID signing certificate's Common Name to the cert option in the masonry opts configuration file (e.g., mb-2.13.3-darwin:10.13-x86_64-release.json).
{"bootstrap_visit":
  {"version": "2.13.3",
  "build_types": ["release"],
  "arch":   "darwin-x86_64",
  "cert":   "Developer ID Application: Kevin Griffin (K2QL7A77SW)",
  "branch": "2.13RC",
  "make_nthreads": 8,
  "boost_dir": "/.../boost/1_60_0/i386-apple-darwin15_clang",
  "svn": {"mode":"ssh","nersc_uname":"name"},
  "build_visit":  { "cmake_ver": "3.8.1",
                    "args":"--no-thirdparty --openssl",
                    "libs":["cmake",
                        "python",
                        "vtk",
                        "qt",
                        "qwt",
                        "boost",
                        "mxml",
                         ....
                        "uintah",
                        "moab"]}
 }}
  • Test application signature against system policies using codesign -vvv VisIt.app
$> codesign -vvv VisIt.app/
VisIt.app/: valid on disk
VisIt.app/: satisfies its Designated Requirement
  • Alternatively, test application signature against system policies using spctl -a -t exec -vv VisIt.app
$> spctl -a -t exec -vv VisIt.app
VisIt.app/: accepted
source=Developer ID
origin=Developer ID Application: Kevin Griffin (K2QL7a77SW)