05nelsonm on Nostr: Made something for creating detached code signatures for macOS/Windows binaries. 1. ...
Made something for creating detached code signatures for macOS/Windows binaries.
1. Reproducibly build program
2. Copy it
3. Codesign (+ notarize for macOS) the copy
4. Take a 'diff' between the 2
The '.diff' is just the signatures, which can be applied to the unsigned binaries at a later date (so others can verify build reproducibility)
Think I'll publish it to Debian and Home Brew once I add a few things; check it out!
https://github.com/05nelsonm/kmp-tor-binary/blob/master/tools/diff-cli/README.md
Had a unique issue which craigraw (npub1hea…g9v2) found. Tor binaries for macOS weren't signed or notarized, so when he went to run `kmp-tor` on macOS aarch64 GateKeeper said "nope, not happening".
1. Reproducibly build program
2. Copy it
3. Codesign (+ notarize for macOS) the copy
4. Take a 'diff' between the 2
The '.diff' is just the signatures, which can be applied to the unsigned binaries at a later date (so others can verify build reproducibility)
Think I'll publish it to Debian and Home Brew once I add a few things; check it out!
https://github.com/05nelsonm/kmp-tor-binary/blob/master/tools/diff-cli/README.md
Had a unique issue which craigraw (npub1hea…g9v2) found. Tor binaries for macOS weren't signed or notarized, so when he went to run `kmp-tor` on macOS aarch64 GateKeeper said "nope, not happening".