[Vm-dev] [squeak-dev] Condensing sources for a new release

Tobias Pape Das.Linux at gmx.de
Thu Feb 13 08:39:28 UTC 2020


> On 13.02.2020, at 01:32, Ronie Salgado <roniesalg at gmail.com> wrote:
> 
> There is a way to untranslocate an application an access to content outside the read-only mount: https://objective-see.com/blog/blog_0x15.html

This part looks promising:

> › creating a signed DMG 
> Apple tells us that App translocation does not apply to disk images (DMGs) that are signed. So instead of using a ZIP archive to distribute the application, I looked into using a signed DMG. To create a signed DMG I used the following make file (kindly provided by one of Objective-See's users -mahalo Clayton!!):
> VERSION="1.5.0"
> PROJECT="TaskExplorer"
> CODESIGN_IDENTITY="Developer ID Application: Objective-See, LLC (VBG97UB4TA)"
> 
>> ## dmg
>> dmg:
>>    rm -f ./${PROJECT}*.dmg
>>    rm -rf /tmp/${PROJECT}-build
>>    mkdir -p /tmp/${PROJECT}-build/
>>    cp -R ./TaskExplorer.app /tmp/${PROJECT}-build
>>    hdiutil create -srcfolder /tmp/${PROJECT}-build -volname "${PROJECT}" -format UDZO 
>>    -o ${PROJECT}-${VERSION}.dmg
>> 
>>    xattr -rc ${PROJECT}-${VERSION}.dmg
>>    codesign -s ${CODESIGN_IDENTITY} -v ${PROJECT}-${VERSION}.dmg
>>    rm -rf /tmp/${PROJECT}-build


The untranslocate part relies on Apple Private APIs. We should not do that.

Best regards
	-Tobias




More information about the Vm-dev mailing list