Skip to content

Instantly share code, notes, and snippets.

@losh11

losh11/macOS-codesign.md

Created October 15, 2024 15:49
Show Gist options
  • Save losh11/79a1462faea70cdd6c0122ba4bcaa385 to your computer and use it in GitHub Desktop.
Save losh11/79a1462faea70cdd6c0122ba4bcaa385 to your computer and use it in GitHub Desktop.
Download ZIP
Litecoin Codesigning Process (<v0.21.4)
Raw
macOS-codesign.md

Codesign binary

$ ./detached-sig-create.sh <PATH_TO_P12>
$ tar xf signature-osx.tar.gz
$ signapple apply ./dist/Litecoin-Qt.app osx/dist

Setup notarytool (once only)

$ xcrun altool --list-providers -u "<APPLE_ID_EMAIL>" -p "@keychain:<apple-id-notarisation-app-specific-password>"
$ xcrun notarytool store-credentials --apple-id "<APPLE_ID_EMAIL>" --team-id "<TEAM_ID>"

Submit for notarisation

$ zip -r Litecoin-Qt.app.zip dist/Litecoin-Qt.app
$ xcrun notarytool submit Litecoin-Qt.app.zip --keychain-profile "lf-creds" --wait

Apply notarisation and save detach sigs

$ xcrun stapler staple dist/Litecoin-Qt.app
$ codesign -vvvv dist/Litecoin-Qt.app
$ spctl -a -vvvv dist/Litecoin-Qt.app
$ mv signature-osx.tar.gz <PATH_TO_RELEASE_BUILD_DIR>/litecoin-detached-sigs
$ mv dist/Litecoin-Qt.app/Contents/CodeResources <PATH_TO_RELEASE_BUILD_DIR>/litecoin-detached-sigs/osx/dist/Litecoin-Qt.app/Contents/

After notarisation, copy over detach sigs as below:

$ mv osx/dist/Litecoin-Qt.app/Contents/MacOS/Litecoin-Qt.x86_64sign <PATH_TO_RELEASE_BUILD_DIR>/litecoin-detached-sigs/osx/dist/Litecoin-Qt.app/Contents/MacOS/
$ mv dist/Litecoin-Qt.app/Contents/CodeResources <PATH_TO_RELEASE_BUILD_DIR>/litecoin-detached-sigs/osx/dist/Litecoin-Qt.app/Contents/CodeResources.x86_64
Raw
windows-codesign.md

On a Windows system. Move unsigned .exe to Windows Desktop to a new folder called code.

In Linux WSL

$ cd /mnt/c/Users/<USERNAME>/Desktop/
$ mkdir code && cd code

# place litecoin-0.21.4-win64-unsigned.tar.gz in code\
$ tar xf litecoin-0.21.4-win64-unsigned.tar.gz

In Powershell.

Sign using Signtool (if using certificate)

$ cd "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64"
$ .\signtool.exe sign /fd SHA256 /n "<CERT_NAME>" /sm /tr http://timestamp.sectigo.com /td SHA256 "C:\Users\<USERNAME>\Desktop\code\unsigned\litecoin-0.21.4-win64-setup-unsigned.exe"

Sign using Signtool (if using yubikey)

$ cd "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64"
$ .\signtool.exe sign /fd SHA256 /a /tr http://timestamp.sectigo.com /td SHA256 "C:\Users\<USERNAME>\Desktop\code\unsigned\litecoin-0.21.4-win64-setup-unsigned.exe"

In Linux WSL

$ osslsigncode extract-signature -pem -in "unsigned/stohn-3.1-win64-setup-unsigned.exe" -out stohn-3.1-win64-setup-unsigned.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment