05nelsonm on Nostr: Made something for creating detached code signatures for macOS/Windows binaries. 1. ...
Made something for creating detached code signatures for macOS/Windows binaries.
1. Reproducibly build program
2. Copy it
3. Codesign (+ notarize for macOS) the copy
4. Take a 'diff' between the 2
The '.diff' is just the signatures, which can be applied to the unsigned binaries at a later date (so others can verify build reproducibility)
Think I'll publish it to Debian and Home Brew once I add a few things; check it out!
https://github.com/05nelsonm/kmp-tor-binary/blob/master/tools/diff-cli/README.mdHad a unique issue which
craigraw (npub1hea…g9v2) found. Tor binaries for macOS weren't signed or notarized, so when he went to run `kmp-tor` on macOS aarch64 GateKeeper said "nope, not happening".
Published at
2023-03-27 20:09:29Event JSON
{
"id": "677db5582c7ad62152bad9bcd14a7d079938fcce40e5f95cec4dd8fac70351ef",
"pubkey": "94530f2a7f9a02d4115394de3261af4d69f230e37cab484980c377010b0fea36",
"created_at": 1679947769,
"kind": 1,
"tags": [
[
"p",
"be7a5291b532e8b918f2dc98148948a33d3e0da07788d7416f73b4c7514f08e6"
]
],
"content": "Made something for creating detached code signatures for macOS/Windows binaries.\n\n1. Reproducibly build program\n2. Copy it\n3. Codesign (+ notarize for macOS) the copy\n4. Take a 'diff' between the 2\n\nThe '.diff' is just the signatures, which can be applied to the unsigned binaries at a later date (so others can verify build reproducibility)\n\nThink I'll publish it to Debian and Home Brew once I add a few things; check it out!\n\nhttps://github.com/05nelsonm/kmp-tor-binary/blob/master/tools/diff-cli/README.md\n\nHad a unique issue which #[0] found. Tor binaries for macOS weren't signed or notarized, so when he went to run `kmp-tor` on macOS aarch64 GateKeeper said \"nope, not happening\".",
"sig": "65adea80af7e8690437ed119926e59a4c3d36a7ad5e5041f40ea71b83bbb3d5ff0c0f67a1aa8f234ec4c2d95b6b4a57f02ac4b16891b3e1e1ad8748521a86637"
}