Easy Signing #94
Easy Signing #94
Conversation
|
Linux itself doesn't really have any codesigning standards that would be worth doing here. Linux typically signs at package level, not at individual code. See: |
|
I know osslsigncode, what is wrong with jsign? |
|
Oh, I can't read, I thought this PR did macos only so far. lol |
| @@ -258,6 +263,10 @@ private void checkForTasksToAdd (BuildTarget target) { | |||
| jnigenBuildTask.setBuildTarget(target); | |||
| jnigenBuildTask.dependsOn(jnigenTask); | |||
|
|
|||
| JnigenSignTask jnigenSignTask = project.getTasks().create("jnigenSign" + os.name() + "_" + architecture.getDisplayName() + bitness.name(), JnigenSignTask.class, this); | |||
| jnigenSignTask.setBuildTarget(target); | |||
| jnigenSignTask.dependsOn(jnigenBuildTask); | |||
There was a problem hiding this comment.
Could we maybe add the jnigenSign task conditionally, based on whether signing was configured?
And if signing is configured, adding something like:
jnigenBuildTask.finalizedBy(jnigenSignTask)?
Conceptionally I feel like signing belongs more to the packaging step, but I guess that doesn't work well with the current jnigen setup that packages everything on a linux host.
There was a problem hiding this comment.
I added a check to add the tasks only when configured.
I don't really have an opinion on finalizedBy or dependsOn
|
I just found zsign. Maybe we could replace |
I think having cross-platform signing for all targets would be certainly great. But both have kinda the pain, that we would need to compile them for the targets. |
|
I would rather see this being done at compile time. I don't see a real benefit of signing cross platform unless we also can build cross platform. |
Don't we theoretically support things like https://github.com/tpoechtrager/osxcross ? |
|
We do, but it's not built in. You have to manually specify in your config file the prefix and that it can run on linux. We could do the same for the codesign part by making the codesign invoke configurable. |
|
I also tested it on a MacBook today. Everything seems to work fine. |
Because of the AV debacle and the recent badlogic commit libgdx/libgdx@cf2bf3f for signing the dylibs, I thought it would be nice to have integrated signing capabilities in jnigen.
There's a gradle plugin jsign for signing dlls which was quite easy to integrate and works cross-platform.
For MacOS I integrated
codesignlike badlogic did. I have no idea if it works... If some of you could test it, I would be happy!I also thought there might be something for Linux, and found some old projects (bsign, elfsign, elfgpg, SignElf, DigSig-ng), but it seems no one is actually doing it (as far as I can tell).
I would love to get some feedback on this idea