I called my certificate OTrecorderSign
$ vi *.c
$ make
$ codesign -f -s OTrecorderSign myprog
You are now asked "wants to sign using OTrecorderSign ... your keychain"
=> ALWAYS allow
$ /usr/libexec/ApplicationFirewall/socketfilterfw --add /Users/jpm/myprog
The application is already a part of the firewall # this is OK
$ /usr/libexec/ApplicationFirewall/socketfilterfw --unblock /Users/jpm/myprog
$ myprog # asked to allow incoming connections; say Allow
$ vi *.c
$ make
$ codesign -f -s OTrecorderSign myprog
$ myprog # NO LONGER asked to allow incoming connections
From here
- Open Keychain Access.
- Go to the Keychain Access menu, and under Certificate Assistant, choose Create a Certificate
- Name your Certificate. (I recommend using something other than your first and last names)
- For Type, choose Self Signed Root.
- Make sure Let me override defaults is checked and click Continue.
- Under Serial Number, use a random number. Just make sure there is no other certificate on your system with the same name and serial number
- Give yourself a sufficiently long validity period. For a little over 5 years, use 2000 days. For almost 11 years, choose 4000 days.
- Under Certificate Type, choose Code Signing, and click Continue.
- Enter your personal information on the next screen. Have fun with Organization and Organizational Unit. After all, this is for your own personal use. Don't use "Apple." I myself used something like "Orange Computer" for Organization and "Hacking Department" for Organizational Unit. Click Continue when all has been filled out.
- For Key Pair Information, accept the defaults and click Continue.
- For Key Usage Extension, accept the defaults and click Continue.
- For Extended Key Usage Extension, accept the defaults and click Continue.
- For Basic Constraints Extension, accept the defaults and click Continue.
- For Subject Alternate Name Extension, accept the defaults and click Continue.
- Use your "login" keychain to store the certificate and click Continue.
- Now you have to set your certificate to be "trusted."
- Go to your keychain, and right click (control click) on the new certificate you made and choose Get Info.
- Open the triangle next to Trust.
- Go down to Code Signing, and choose Always Trust.
- Close the box. The system will ask for your admin password. Enter it and click OK.
You're done, and you have a certificate you can use for signing your own code, or re-signing someone else's code that you've modified or tinkered with.
It turns out I cannot get this to work on 10.10 for some reason :( I must have broken something, the process now fails at step 6 or 14 with 'The specified item could not be found.'