-
Notifications
You must be signed in to change notification settings - Fork 66
Code Signing
Greg Fiumara edited this page Nov 23, 2021
·
1 revision
macOS and Windows releases of NFIQ 2 (since December 2021) are code signed by the National Institute of Standards and Technology. If you build NFIQ 2 within your organization, you can follow these instructions to sign packages that you create.
Steps to code sign and notarize are built into the CMake build system. Define the following CMake variables to be prompted for your credentials to sign and notarize.
| Variable | Description |
|---|---|
MACOS_CODESIGN |
Set to ON to enable paths for macOS code signing and notarization. |
MACOS_APPLICATION_SIGNING_IDENTITY |
Complete name of the Developer ID application signing certificate from Keychain. Used to sign binaries and dynamic libraries. |
MACOS_INSTALLER_SIGNING_IDENTITY |
Complete name of the Developer ID installer signing certificate from Keychain. Used to sign the package installer. |
MACOS_NOTARYTOOL_PROFILE |
Name of the profile created with xcrun notarytool store-credentials. |
# One time: Create a notarytool credentials profile
notarytool_profile="notarytool-profile"
xcrun notarytool store-credentials ${notarytool_profile}
# Grab Developer ID certificate names from Keychain
if [ "$(security -q find-identity -v | grep -c "Developer ID Application")" -ne "1" ] &&
[ "$(security -q find-identity -v | grep -c "Developer ID Installer")" -ne "1" ]; then
echo "Could not isolate Developer ID identities in Keychain"
exit
fi
app_devid=$(security -q find-identity -v | grep -c "Developer ID Application" | sed 's/.*\"\(.*\)\".*/\1/')
installer_devid=$(security -q find-identity -v | grep -c "Developer ID Installer" | sed 's/.*\"\(.*\)\".*/\1/')
cmake .. -DMACOS_CODESIGN=ON -DMACOS_APPLICATION_SIGNING_IDENTITY="${app_devid}" -DMACOS_INSTALLER_SIGNING_IDENTITY="${installer_devid}" -DMACOS_NOTARYTOOL_PROFILE="${notarytool_profile}"
make
cpack
make notarize
make staple