[Vm-dev] [squeak-dev] Condensing sources for a new release
Tobias Pape
Das.Linux at gmx.de
Thu Feb 13 08:39:28 UTC 2020
> On 13.02.2020, at 01:32, Ronie Salgado <roniesalg at gmail.com> wrote:
>
> There is a way to untranslocate an application an access to content outside the read-only mount: https://objective-see.com/blog/blog_0x15.html
This part looks promising:
> › creating a signed DMG
> Apple tells us that App translocation does not apply to disk images (DMGs) that are signed. So instead of using a ZIP archive to distribute the application, I looked into using a signed DMG. To create a signed DMG I used the following make file (kindly provided by one of Objective-See's users -mahalo Clayton!!):
> VERSION="1.5.0"
> PROJECT="TaskExplorer"
> CODESIGN_IDENTITY="Developer ID Application: Objective-See, LLC (VBG97UB4TA)"
>
>> ## dmg
>> dmg:
>> rm -f ./${PROJECT}*.dmg
>> rm -rf /tmp/${PROJECT}-build
>> mkdir -p /tmp/${PROJECT}-build/
>> cp -R ./TaskExplorer.app /tmp/${PROJECT}-build
>> hdiutil create -srcfolder /tmp/${PROJECT}-build -volname "${PROJECT}" -format UDZO
>> -o ${PROJECT}-${VERSION}.dmg
>>
>> xattr -rc ${PROJECT}-${VERSION}.dmg
>> codesign -s ${CODESIGN_IDENTITY} -v ${PROJECT}-${VERSION}.dmg
>> rm -rf /tmp/${PROJECT}-build
The untranslocate part relies on Apple Private APIs. We should not do that.
Best regards
-Tobias
More information about the Vm-dev
mailing list