Reputation: 41
How do I make Install4j sign everything?
How do I change what files are signed by install4j's codesigning on Mac OS X?
Specifically, none of my application's files (including its jar file) are signed. This defeats the purpose of code signing entirely. So, I would like to fix this.
I would also like to do the same on Windows, but it's possible that this is already handled correctly (I have not yet checked).
Upvotes: 2
Views: 646
Answers (2)
Reputation: 11
@Ingo, it is also true that launcher signing is required for certain restricted functions an application may need (e.g. opening a network socket). I also think I should mention the "Sign installed launchers" on the "Installer options" step is not available on the "Mac OS X single bundle" media type, so users will need to choose another media type if they require launching signing.
This wasn't clear in the documentation, so hopefully this comment can save someone some time.
Upvotes: 0
Reputation: 48105
The purpose of signing not that everything that can be signed in any way is actually signed.
Windows reduces UAC dialogs and shows them with a different warning level if executables are signed. Each launcher that requests elevated privileges has to be signed so that includes the installer, the uninstaller and possibly your launchers.
Mac OS X has a "gatekeeper" that checks if an application bundle that was downloaded from the internet is signed. If not, it will not allow you to run it directly. That's why the installer application bundle has to be signed. Gatekeeper is not concerned with any application bundles that are installed by the installer, so they are not signed by default. This is mostly a good thing, since otherwise you would not be able to modify the Info.plist files of your launchers after the installation.
If you use entitlements for gaining access to specific features on Mac OS X your launchers need to be signed as well. You can specify an entitlements file on the "Executable info->Mac OS X options" step of the launcher wizard, and select "Sign installed launchers" on the "Installer options" step of the Mac OS X media file wizard.
install4j is not concerned with signing JAR files. If you need this feature for some reason, you have to do this in your build process.
Upvotes: 1
Related Questions
- Why "macOS folder archive" doesn't get signed with install4j
- Is there a way to sign existing installers using install4j?
- Code signing for linux executable using install4j
- How to make install4j sign the Mac launcher app?
- code signing error with install4j
- How to sign DMG and installer for OSX
- install4j code signing with sha256 digest
- Code signing app bundle on OS X with Install4j 6, sealed resource is missing or invalid
- Install4j Mac OSx signing
- Mac installer signed with install4j is unsigned