I want to add a file to a signed mac app without damaging its signature. How do I do that?
Basically, I have a signed mac app that can be downloaded from my website. I want to add a few parameters(in a new file say user_data.txt) to my app which is relevant to the users(like his/her email address) when it is downloaded each time. How do I do that without damaging the signature?
I included a file, say user_data.txt, in the app before codesign. While doing codesign, I used --resource-rules to ignore signing of that particular file. This is an one time task
Each time when a user attempts to download this file, I modify the user_data.txt and write the modified app file in the output stream as a zip file.
Related
I am developing a Chrome extension for my company. The extension uses Chrome native messaging, so I am using Wix to create an installer for the host application (Just copy the binary and write a specific registry).
The native host application needs a configuration file, because the host application is performing crypto operations and in order to do that, the user needs to provide his pkcs12 keystore with signing certificates.
My first thought was to create the configuration file during installation. User would provide a path to his keystore file, the installer would write that path into the config file and copy it into the installation directory next to the host binary. I was searching the internet for hours just to find out it is not possible to select a file using Wix, only a directory.
My question is, is this actually true and there is really no way of doing this, and if so, what would you suggest? It's not very user-friendly to ask users to copy their keystore into a particular location. My second idea was to just put a text field and tell the user to fill in the path to their keystore file, but that isn't user-friendly either.
Thank you for all your suggestions
I have customising my version of the Ammyy Admin executable (AA_V3.exe) available from http://ammyy.com. I have bought a license that allows me to customise this file which I have successfully done. I am still getting an unsigned application window when opening on my 64 bit Windows 10 computer, and would like to resign this executable.
I have installed Visual Studio Community 2017 to get the signtool.exe. It seems I need to generate a certificate using makecert.exe, however to do this I need to be able to provide the Identity from the .xml file as outlined on this page - https://msdn.microsoft.com/en-us/library/windows/desktop/jj835832(v=vs.85).aspx. The issue is that there is no .xml file, nor can I seem to be able to get makeappx.exe generate one for me.
So as I see it, the steps I need to be able to complete are as follows;
Generate a .xml file from AA_V3.exe somehow using makeappx.exe
Find the Identity string for AA_V3 within that .xml file and then use makecert.exe to generate a certificate.
Use signtool to sign the AA_V3.exe application using my newly created certificate.
Let me know if I'm on the wrong track here.
I have my WinCE application bundled in a CAB file. At the time of CAB extraction I want to add some value in a config file of the app. The value has to be provided by the person who is installing the app (extracting the app).
I thought to extract the cab file by running a script that uses WceLoad.exe. But this tool does not pass any parameter to the CAB file. Moreover I am not sure how would the CAB accept parameter when it is extracting(installing). I thought to use Setup project that can be used to customize the installation but none of its methods i.e. Install_Init and Install_Exit accept any parameter.
Is this scenario possible to handle through CAB file deployment? Or is there other way to deploy so that values could be passed at the time of deployment?
ce_setup.h shows that the only argument passed is the pszInstallDir argument. The rest are only installation results (ie failed files).
You may need to write a custom installer. For example using MortScript with a zip file etc.
The issue with a setup.dll is also, that it does not allow access to files of the cab during installation.
A workaround I see, is to copy another file to the device before that cab is installed and read and process that file in setup.dll. For example: provide a static IP in a txt file, read that file during Install_Init and set a registry key with the IP, for example.
Can you tell me how to generate a checksum/hash for a .tar archive with a php script of mine that I offer for download? I mainly want this as integrity verification mechanism. Is there any free/simple/alternative way instead of obtaining a code signing certificate (eg Comodo)? Thanks.
Edit: I don't know if this makes any sense/is applicable, but I don't want to sign every file one by one, just the result .tar archive.
Well some open-source projects like the Apache Webserver give out SHA1-sums and additionally release a GPG/PGP signature. You can use gnupg for that which is free.
You create a key-pair and share the public-key (on the website or with a key-server like http://pgp.mit.edu/) and keep the private-key on your side. The private-key is used for signing the .tar and your users can then verify the .tar with the public-key.
Just generate an sha1 hash of the archive using the unix command line tool sha1sum filename.tar or any other program or tool that generates hashes. Then when you offer your file for download also list the output of that command, and once users download the archive they can do the same thing and if the outputs match, the files are the same.
we are making an Application for OS X, however, when the .app is copied on another MAC, we have problems with reading and writing files
on one MAC, everything works great from the start...
the other one will not write certain files and another 2mac will not write certain different files
if i go to show application contents and wants to edit the file by myself, i get a writing permission denied
how to distribute an MAC application so there are no such issues? so all files can be read and write by the current user
does there have to be some authorization or code sign, or smth. different in this form, in addition to normal code?
thank you
It sounds like your application tries to write files within its own application bundle. The correct solution here is: DON'T DO THAT! The only time your application bundle should be written to is when it's installed or updated.
Files that the application needs to write to should be stored in the user's home folder, generally under ~/Library. See this note in Apple's dev docs.
Preference and settings files in ~/Library/Preferences/<appbundleid>.plist; use NSUserDefaults.
Data the app manages for the user in ~/Library/Application Support/<appname> (the docs say to use the bundleid, but everyone -- Apple included -- uses the app name instead).
Cache files in ~/Library/Caches/<appbundleid>.
Temp files, use NSTemporaryDirectory
If you need to share settings & files between users, that should generally go in /Library/Application Support/<appname>, except that you really shouldn't be doing that at all.
In the past I've always used PackageMaker to create installers. An installation package can authenticate with root privileges so you can set permissions after the install. I don't have it in front of me right now but if you look around you should be able to see a Post-Installer script line. Write a shell script that manually sets the permissions of each file you have in question and then have the package execute that script after the install is finished.
You can find PackageMaker at /Developer/Applications/Utilities/PackageMaker