Should I sign open source code myself?












11















I use macOS 10.14 and came across a problem when I tried to install an open source plugin for Vim that I found on Github. I downloaded the source code and compiled it myself, which worked well, but when I ran it, the execution was interrupted because the "Code signature [of executable] not valid for use in process".



This has given me a lot of questions that I can't wrap my head around:



I could either sign it myself, but wouldn't that kind of ruin the purpose of code signing? Is there any qualitative difference in signing code from the internet and allowing apps from unidentified developers in the "This app was downloaded from the internet" dialog box?



If I don't do it, whose "responsibility" is it to sign? The repository maintainer? The contributors? Is Apple expecting open source developers to always have an Apple Developer ID? Or have I misunderstood the purpose of code signing?



Edit:



To clearify, my question is how I should handle unsigned source code that I compile myself, since I don't expect contributers to always be able to, or remember to, sign their code, especially when it comes to tiny contributions to open source projects with many contributers.










share|improve this question





























    11















    I use macOS 10.14 and came across a problem when I tried to install an open source plugin for Vim that I found on Github. I downloaded the source code and compiled it myself, which worked well, but when I ran it, the execution was interrupted because the "Code signature [of executable] not valid for use in process".



    This has given me a lot of questions that I can't wrap my head around:



    I could either sign it myself, but wouldn't that kind of ruin the purpose of code signing? Is there any qualitative difference in signing code from the internet and allowing apps from unidentified developers in the "This app was downloaded from the internet" dialog box?



    If I don't do it, whose "responsibility" is it to sign? The repository maintainer? The contributors? Is Apple expecting open source developers to always have an Apple Developer ID? Or have I misunderstood the purpose of code signing?



    Edit:



    To clearify, my question is how I should handle unsigned source code that I compile myself, since I don't expect contributers to always be able to, or remember to, sign their code, especially when it comes to tiny contributions to open source projects with many contributers.










    share|improve this question



























      11












      11








      11


      1






      I use macOS 10.14 and came across a problem when I tried to install an open source plugin for Vim that I found on Github. I downloaded the source code and compiled it myself, which worked well, but when I ran it, the execution was interrupted because the "Code signature [of executable] not valid for use in process".



      This has given me a lot of questions that I can't wrap my head around:



      I could either sign it myself, but wouldn't that kind of ruin the purpose of code signing? Is there any qualitative difference in signing code from the internet and allowing apps from unidentified developers in the "This app was downloaded from the internet" dialog box?



      If I don't do it, whose "responsibility" is it to sign? The repository maintainer? The contributors? Is Apple expecting open source developers to always have an Apple Developer ID? Or have I misunderstood the purpose of code signing?



      Edit:



      To clearify, my question is how I should handle unsigned source code that I compile myself, since I don't expect contributers to always be able to, or remember to, sign their code, especially when it comes to tiny contributions to open source projects with many contributers.










      share|improve this question
















      I use macOS 10.14 and came across a problem when I tried to install an open source plugin for Vim that I found on Github. I downloaded the source code and compiled it myself, which worked well, but when I ran it, the execution was interrupted because the "Code signature [of executable] not valid for use in process".



      This has given me a lot of questions that I can't wrap my head around:



      I could either sign it myself, but wouldn't that kind of ruin the purpose of code signing? Is there any qualitative difference in signing code from the internet and allowing apps from unidentified developers in the "This app was downloaded from the internet" dialog box?



      If I don't do it, whose "responsibility" is it to sign? The repository maintainer? The contributors? Is Apple expecting open source developers to always have an Apple Developer ID? Or have I misunderstood the purpose of code signing?



      Edit:



      To clearify, my question is how I should handle unsigned source code that I compile myself, since I don't expect contributers to always be able to, or remember to, sign their code, especially when it comes to tiny contributions to open source projects with many contributers.







      open-source code-signing






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 27 '18 at 12:16







      Jacob Taxén

















      asked Nov 27 '18 at 9:29









      Jacob TaxénJacob Taxén

      5818




      5818






















          3 Answers
          3






          active

          oldest

          votes


















          9














          Ad-Hoc Code Signing



          For third party applications and binaries that you compile yourself, and that require code signing, use an ad hoc code signature.




          • I am assuming the application will not run without a signature;

          • I am assuming the application will not be distributed;

          • I am assuming you do not care about the identity of the signature being valid.


          An ad-hoc signature does not provide reliable security benefits. It can be used to determine if the application has been changed and it can be used to apply security restrictions, such as entitlements, to an application.



          An ad-hoc signature will validate against codesign but not spctl. This may or may not matter depending on the binary being signed. For applications and executables, this is unlikely to matter because spctl is not run on locally created binaries.



          Why Code Sign?



          Regarding the refined question:




          How I should handle unsigned source code that I compile myself, since I don't expect contributers to always be able to, or remember to, sign their code, especially when it comes to tiny contributions to open source projects with many contributers.




          For most self compiled applications, there is no need for code signing. This assumes you trust the application's code. On macOS, you can open untrusted applications from the Finder, see Apple's Open an app from an unidentified developer.



          If you do not trust the code or the developers, do not compile or run the application.



          Your Responsibility



          The provider of the source code has no responsibility or obligation to provide pre-built code signed binaries. Being self compiled, all code signing is your choice and responsibility.




          • Apple require submissions to their App Stores to be code signed.


          • Apple request developers outside their App Stores sign their code, but it is not yet required.



          In both cases, only the final binaries are signed. The original source code and resources are not signed.



          Source Code is Not Signed



          Source code itself can not be code signed in a meaningful way for macOS. Source files and code can be digitally signed, as any other file can be, but this makes no impact on how the resulting application or binary is treated by macOS.



          How to Ad-Hoc Code Sign a Mac Application



          To codesign an application on macOS with an ad-hoc signature, set the identity -s flag to -:



          codesign --force -s - </path/to/application>


          All the other rules, requirements, and permutations of the codesign command remain the same.



          The flag --force is used here to overwrite any existing signature.



          You might need to add the --deep flag to the codesign command to sign sub-resources such as frameworks and embedded services.






          share|improve this answer


























          • Why do you recommend ad hoc signatures? The answer you linked to states "In practice creating ad-hoc signed binaries is only of practical value for Apple developers".

            – Wowfunhappy
            Nov 27 '18 at 14:09











          • That doesn’t make any sense to me. Adding an ad-hoc signature means that signature validation will fail. This gets you nowhere at all - the program will fail with the exact same error message.

            – jksoegaard
            Nov 27 '18 at 21:38











          • Yes, I see that you removed the link to my answer on ad-hoc signinig, and added the assumptions. But do these assumptions hold at all? - You seem to be answering as if the question is about running an application. It is not. It is about having an already signed application that the OP wants to add a plugin to. I.e. the plugin needs to pass library validation with the originally signed application (Vim) as the master.

            – jksoegaard
            Nov 28 '18 at 14:25











          • The original question has been edited. It is rather broad as is. The questioner can comment, clarify, and try these answers to see what works for them. This answer attempts to answer the edited question and provide a practical approach. If it does not help, or has incorrect assumptions, the questioner can hopefully chime in and clarify their intent.

            – Graham Miln
            Nov 28 '18 at 14:35








          • 1





            This answer was helpful. My question was quite general because I found the apple docs to be a bit hard to understand. Using ad-hoc signing solved the specific issue I had.

            – Jacob Taxén
            Feb 1 at 8:31



















          5














          Signing the program yourself isn't ruining the purpose of code signing. The general purpose of code signing is to make it possible to verify that the program is an unmodified copy that was originally created by a specific entity (person or company). When you sign a program yourself only to run on your computer, you make it possible for the system to check that it is indeed you that created the binary, and that it hasn't been modified by others.



          The qualitative difference between signing the application binary yourself, and just allowing apps from unidentified developers in GateKeeper is that in the former case you allow a single, specific app to run - whereas the latter, you open for the possibility that you can open lots of different apps just by right-clicking on them and choosing Open. I.e. it is more restrictive and thus somewhat more "secure" by signing the specific program yourself.



          The responsibility of signing is entirely yours. The open source developer cannot sign the source code - it is only possible to sign the compiled binaries. As you're producing the compiled binaries yourself, it falls upon you to sign them.



          You can sign up for a developer account on Apple's web site that will allow you to create a certificate that can be used for signing. If you're a developer and regularly compiling binaries to run on Macs this is the preferred way of doing things. If this is a one-off thing that you probably won't ever do again, it is probably overkill to go through this process. YMMV.



          Other answers for your question here recommends that you use ad-hoc signing for your binary. That will not work. You will need to generate a valid signature in order to have the binary run with GateKeeper on its most secure setting.






          share|improve this answer































            1















            Should I sign open source code myself?




            If you're not the developer, then no.



            Code signing, in a nutshell, is a method to say you (the developer) are who you say you are and the code hasn't changed since you last signed it.




            Is there any qualitative difference in signing code from the internet
            and allowing apps from unidentified developers in the "This app was
            downloaded from the internet" dialog box?




            It sounds like your confusing Code Signing (what's required by Developers to publish Apps on the App Store) and Gatekeeper (what protects your Mac from installing software from unidentified developers).



            If you allow your Mac to install software from both the App Store and identified developers, you will still get the popup alerting you to the fact software will be installed





            And if it's from an unidentified developer, you will get the same popup with a "warning icon"





            You can still install the software. This is just a mechanism that forces user interaction to actually install the software providing you a layer of security against self-installed malware.






            share|improve this answer


























            • Thank you, this answers some but not all the questions. I have edited my question to try to be more specific in what I'm asking

              – Jacob Taxén
              Nov 27 '18 at 12:17











            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "118"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f343912%2fshould-i-sign-open-source-code-myself%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            3 Answers
            3






            active

            oldest

            votes








            3 Answers
            3






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            9














            Ad-Hoc Code Signing



            For third party applications and binaries that you compile yourself, and that require code signing, use an ad hoc code signature.




            • I am assuming the application will not run without a signature;

            • I am assuming the application will not be distributed;

            • I am assuming you do not care about the identity of the signature being valid.


            An ad-hoc signature does not provide reliable security benefits. It can be used to determine if the application has been changed and it can be used to apply security restrictions, such as entitlements, to an application.



            An ad-hoc signature will validate against codesign but not spctl. This may or may not matter depending on the binary being signed. For applications and executables, this is unlikely to matter because spctl is not run on locally created binaries.



            Why Code Sign?



            Regarding the refined question:




            How I should handle unsigned source code that I compile myself, since I don't expect contributers to always be able to, or remember to, sign their code, especially when it comes to tiny contributions to open source projects with many contributers.




            For most self compiled applications, there is no need for code signing. This assumes you trust the application's code. On macOS, you can open untrusted applications from the Finder, see Apple's Open an app from an unidentified developer.



            If you do not trust the code or the developers, do not compile or run the application.



            Your Responsibility



            The provider of the source code has no responsibility or obligation to provide pre-built code signed binaries. Being self compiled, all code signing is your choice and responsibility.




            • Apple require submissions to their App Stores to be code signed.


            • Apple request developers outside their App Stores sign their code, but it is not yet required.



            In both cases, only the final binaries are signed. The original source code and resources are not signed.



            Source Code is Not Signed



            Source code itself can not be code signed in a meaningful way for macOS. Source files and code can be digitally signed, as any other file can be, but this makes no impact on how the resulting application or binary is treated by macOS.



            How to Ad-Hoc Code Sign a Mac Application



            To codesign an application on macOS with an ad-hoc signature, set the identity -s flag to -:



            codesign --force -s - </path/to/application>


            All the other rules, requirements, and permutations of the codesign command remain the same.



            The flag --force is used here to overwrite any existing signature.



            You might need to add the --deep flag to the codesign command to sign sub-resources such as frameworks and embedded services.






            share|improve this answer


























            • Why do you recommend ad hoc signatures? The answer you linked to states "In practice creating ad-hoc signed binaries is only of practical value for Apple developers".

              – Wowfunhappy
              Nov 27 '18 at 14:09











            • That doesn’t make any sense to me. Adding an ad-hoc signature means that signature validation will fail. This gets you nowhere at all - the program will fail with the exact same error message.

              – jksoegaard
              Nov 27 '18 at 21:38











            • Yes, I see that you removed the link to my answer on ad-hoc signinig, and added the assumptions. But do these assumptions hold at all? - You seem to be answering as if the question is about running an application. It is not. It is about having an already signed application that the OP wants to add a plugin to. I.e. the plugin needs to pass library validation with the originally signed application (Vim) as the master.

              – jksoegaard
              Nov 28 '18 at 14:25











            • The original question has been edited. It is rather broad as is. The questioner can comment, clarify, and try these answers to see what works for them. This answer attempts to answer the edited question and provide a practical approach. If it does not help, or has incorrect assumptions, the questioner can hopefully chime in and clarify their intent.

              – Graham Miln
              Nov 28 '18 at 14:35








            • 1





              This answer was helpful. My question was quite general because I found the apple docs to be a bit hard to understand. Using ad-hoc signing solved the specific issue I had.

              – Jacob Taxén
              Feb 1 at 8:31
















            9














            Ad-Hoc Code Signing



            For third party applications and binaries that you compile yourself, and that require code signing, use an ad hoc code signature.




            • I am assuming the application will not run without a signature;

            • I am assuming the application will not be distributed;

            • I am assuming you do not care about the identity of the signature being valid.


            An ad-hoc signature does not provide reliable security benefits. It can be used to determine if the application has been changed and it can be used to apply security restrictions, such as entitlements, to an application.



            An ad-hoc signature will validate against codesign but not spctl. This may or may not matter depending on the binary being signed. For applications and executables, this is unlikely to matter because spctl is not run on locally created binaries.



            Why Code Sign?



            Regarding the refined question:




            How I should handle unsigned source code that I compile myself, since I don't expect contributers to always be able to, or remember to, sign their code, especially when it comes to tiny contributions to open source projects with many contributers.




            For most self compiled applications, there is no need for code signing. This assumes you trust the application's code. On macOS, you can open untrusted applications from the Finder, see Apple's Open an app from an unidentified developer.



            If you do not trust the code or the developers, do not compile or run the application.



            Your Responsibility



            The provider of the source code has no responsibility or obligation to provide pre-built code signed binaries. Being self compiled, all code signing is your choice and responsibility.




            • Apple require submissions to their App Stores to be code signed.


            • Apple request developers outside their App Stores sign their code, but it is not yet required.



            In both cases, only the final binaries are signed. The original source code and resources are not signed.



            Source Code is Not Signed



            Source code itself can not be code signed in a meaningful way for macOS. Source files and code can be digitally signed, as any other file can be, but this makes no impact on how the resulting application or binary is treated by macOS.



            How to Ad-Hoc Code Sign a Mac Application



            To codesign an application on macOS with an ad-hoc signature, set the identity -s flag to -:



            codesign --force -s - </path/to/application>


            All the other rules, requirements, and permutations of the codesign command remain the same.



            The flag --force is used here to overwrite any existing signature.



            You might need to add the --deep flag to the codesign command to sign sub-resources such as frameworks and embedded services.






            share|improve this answer


























            • Why do you recommend ad hoc signatures? The answer you linked to states "In practice creating ad-hoc signed binaries is only of practical value for Apple developers".

              – Wowfunhappy
              Nov 27 '18 at 14:09











            • That doesn’t make any sense to me. Adding an ad-hoc signature means that signature validation will fail. This gets you nowhere at all - the program will fail with the exact same error message.

              – jksoegaard
              Nov 27 '18 at 21:38











            • Yes, I see that you removed the link to my answer on ad-hoc signinig, and added the assumptions. But do these assumptions hold at all? - You seem to be answering as if the question is about running an application. It is not. It is about having an already signed application that the OP wants to add a plugin to. I.e. the plugin needs to pass library validation with the originally signed application (Vim) as the master.

              – jksoegaard
              Nov 28 '18 at 14:25











            • The original question has been edited. It is rather broad as is. The questioner can comment, clarify, and try these answers to see what works for them. This answer attempts to answer the edited question and provide a practical approach. If it does not help, or has incorrect assumptions, the questioner can hopefully chime in and clarify their intent.

              – Graham Miln
              Nov 28 '18 at 14:35








            • 1





              This answer was helpful. My question was quite general because I found the apple docs to be a bit hard to understand. Using ad-hoc signing solved the specific issue I had.

              – Jacob Taxén
              Feb 1 at 8:31














            9












            9








            9







            Ad-Hoc Code Signing



            For third party applications and binaries that you compile yourself, and that require code signing, use an ad hoc code signature.




            • I am assuming the application will not run without a signature;

            • I am assuming the application will not be distributed;

            • I am assuming you do not care about the identity of the signature being valid.


            An ad-hoc signature does not provide reliable security benefits. It can be used to determine if the application has been changed and it can be used to apply security restrictions, such as entitlements, to an application.



            An ad-hoc signature will validate against codesign but not spctl. This may or may not matter depending on the binary being signed. For applications and executables, this is unlikely to matter because spctl is not run on locally created binaries.



            Why Code Sign?



            Regarding the refined question:




            How I should handle unsigned source code that I compile myself, since I don't expect contributers to always be able to, or remember to, sign their code, especially when it comes to tiny contributions to open source projects with many contributers.




            For most self compiled applications, there is no need for code signing. This assumes you trust the application's code. On macOS, you can open untrusted applications from the Finder, see Apple's Open an app from an unidentified developer.



            If you do not trust the code or the developers, do not compile or run the application.



            Your Responsibility



            The provider of the source code has no responsibility or obligation to provide pre-built code signed binaries. Being self compiled, all code signing is your choice and responsibility.




            • Apple require submissions to their App Stores to be code signed.


            • Apple request developers outside their App Stores sign their code, but it is not yet required.



            In both cases, only the final binaries are signed. The original source code and resources are not signed.



            Source Code is Not Signed



            Source code itself can not be code signed in a meaningful way for macOS. Source files and code can be digitally signed, as any other file can be, but this makes no impact on how the resulting application or binary is treated by macOS.



            How to Ad-Hoc Code Sign a Mac Application



            To codesign an application on macOS with an ad-hoc signature, set the identity -s flag to -:



            codesign --force -s - </path/to/application>


            All the other rules, requirements, and permutations of the codesign command remain the same.



            The flag --force is used here to overwrite any existing signature.



            You might need to add the --deep flag to the codesign command to sign sub-resources such as frameworks and embedded services.






            share|improve this answer















            Ad-Hoc Code Signing



            For third party applications and binaries that you compile yourself, and that require code signing, use an ad hoc code signature.




            • I am assuming the application will not run without a signature;

            • I am assuming the application will not be distributed;

            • I am assuming you do not care about the identity of the signature being valid.


            An ad-hoc signature does not provide reliable security benefits. It can be used to determine if the application has been changed and it can be used to apply security restrictions, such as entitlements, to an application.



            An ad-hoc signature will validate against codesign but not spctl. This may or may not matter depending on the binary being signed. For applications and executables, this is unlikely to matter because spctl is not run on locally created binaries.



            Why Code Sign?



            Regarding the refined question:




            How I should handle unsigned source code that I compile myself, since I don't expect contributers to always be able to, or remember to, sign their code, especially when it comes to tiny contributions to open source projects with many contributers.




            For most self compiled applications, there is no need for code signing. This assumes you trust the application's code. On macOS, you can open untrusted applications from the Finder, see Apple's Open an app from an unidentified developer.



            If you do not trust the code or the developers, do not compile or run the application.



            Your Responsibility



            The provider of the source code has no responsibility or obligation to provide pre-built code signed binaries. Being self compiled, all code signing is your choice and responsibility.




            • Apple require submissions to their App Stores to be code signed.


            • Apple request developers outside their App Stores sign their code, but it is not yet required.



            In both cases, only the final binaries are signed. The original source code and resources are not signed.



            Source Code is Not Signed



            Source code itself can not be code signed in a meaningful way for macOS. Source files and code can be digitally signed, as any other file can be, but this makes no impact on how the resulting application or binary is treated by macOS.



            How to Ad-Hoc Code Sign a Mac Application



            To codesign an application on macOS with an ad-hoc signature, set the identity -s flag to -:



            codesign --force -s - </path/to/application>


            All the other rules, requirements, and permutations of the codesign command remain the same.



            The flag --force is used here to overwrite any existing signature.



            You might need to add the --deep flag to the codesign command to sign sub-resources such as frameworks and embedded services.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 28 '18 at 15:31

























            answered Nov 27 '18 at 12:47









            Graham MilnGraham Miln

            27.3k56189




            27.3k56189













            • Why do you recommend ad hoc signatures? The answer you linked to states "In practice creating ad-hoc signed binaries is only of practical value for Apple developers".

              – Wowfunhappy
              Nov 27 '18 at 14:09











            • That doesn’t make any sense to me. Adding an ad-hoc signature means that signature validation will fail. This gets you nowhere at all - the program will fail with the exact same error message.

              – jksoegaard
              Nov 27 '18 at 21:38











            • Yes, I see that you removed the link to my answer on ad-hoc signinig, and added the assumptions. But do these assumptions hold at all? - You seem to be answering as if the question is about running an application. It is not. It is about having an already signed application that the OP wants to add a plugin to. I.e. the plugin needs to pass library validation with the originally signed application (Vim) as the master.

              – jksoegaard
              Nov 28 '18 at 14:25











            • The original question has been edited. It is rather broad as is. The questioner can comment, clarify, and try these answers to see what works for them. This answer attempts to answer the edited question and provide a practical approach. If it does not help, or has incorrect assumptions, the questioner can hopefully chime in and clarify their intent.

              – Graham Miln
              Nov 28 '18 at 14:35








            • 1





              This answer was helpful. My question was quite general because I found the apple docs to be a bit hard to understand. Using ad-hoc signing solved the specific issue I had.

              – Jacob Taxén
              Feb 1 at 8:31



















            • Why do you recommend ad hoc signatures? The answer you linked to states "In practice creating ad-hoc signed binaries is only of practical value for Apple developers".

              – Wowfunhappy
              Nov 27 '18 at 14:09











            • That doesn’t make any sense to me. Adding an ad-hoc signature means that signature validation will fail. This gets you nowhere at all - the program will fail with the exact same error message.

              – jksoegaard
              Nov 27 '18 at 21:38











            • Yes, I see that you removed the link to my answer on ad-hoc signinig, and added the assumptions. But do these assumptions hold at all? - You seem to be answering as if the question is about running an application. It is not. It is about having an already signed application that the OP wants to add a plugin to. I.e. the plugin needs to pass library validation with the originally signed application (Vim) as the master.

              – jksoegaard
              Nov 28 '18 at 14:25











            • The original question has been edited. It is rather broad as is. The questioner can comment, clarify, and try these answers to see what works for them. This answer attempts to answer the edited question and provide a practical approach. If it does not help, or has incorrect assumptions, the questioner can hopefully chime in and clarify their intent.

              – Graham Miln
              Nov 28 '18 at 14:35








            • 1





              This answer was helpful. My question was quite general because I found the apple docs to be a bit hard to understand. Using ad-hoc signing solved the specific issue I had.

              – Jacob Taxén
              Feb 1 at 8:31

















            Why do you recommend ad hoc signatures? The answer you linked to states "In practice creating ad-hoc signed binaries is only of practical value for Apple developers".

            – Wowfunhappy
            Nov 27 '18 at 14:09





            Why do you recommend ad hoc signatures? The answer you linked to states "In practice creating ad-hoc signed binaries is only of practical value for Apple developers".

            – Wowfunhappy
            Nov 27 '18 at 14:09













            That doesn’t make any sense to me. Adding an ad-hoc signature means that signature validation will fail. This gets you nowhere at all - the program will fail with the exact same error message.

            – jksoegaard
            Nov 27 '18 at 21:38





            That doesn’t make any sense to me. Adding an ad-hoc signature means that signature validation will fail. This gets you nowhere at all - the program will fail with the exact same error message.

            – jksoegaard
            Nov 27 '18 at 21:38













            Yes, I see that you removed the link to my answer on ad-hoc signinig, and added the assumptions. But do these assumptions hold at all? - You seem to be answering as if the question is about running an application. It is not. It is about having an already signed application that the OP wants to add a plugin to. I.e. the plugin needs to pass library validation with the originally signed application (Vim) as the master.

            – jksoegaard
            Nov 28 '18 at 14:25





            Yes, I see that you removed the link to my answer on ad-hoc signinig, and added the assumptions. But do these assumptions hold at all? - You seem to be answering as if the question is about running an application. It is not. It is about having an already signed application that the OP wants to add a plugin to. I.e. the plugin needs to pass library validation with the originally signed application (Vim) as the master.

            – jksoegaard
            Nov 28 '18 at 14:25













            The original question has been edited. It is rather broad as is. The questioner can comment, clarify, and try these answers to see what works for them. This answer attempts to answer the edited question and provide a practical approach. If it does not help, or has incorrect assumptions, the questioner can hopefully chime in and clarify their intent.

            – Graham Miln
            Nov 28 '18 at 14:35







            The original question has been edited. It is rather broad as is. The questioner can comment, clarify, and try these answers to see what works for them. This answer attempts to answer the edited question and provide a practical approach. If it does not help, or has incorrect assumptions, the questioner can hopefully chime in and clarify their intent.

            – Graham Miln
            Nov 28 '18 at 14:35






            1




            1





            This answer was helpful. My question was quite general because I found the apple docs to be a bit hard to understand. Using ad-hoc signing solved the specific issue I had.

            – Jacob Taxén
            Feb 1 at 8:31





            This answer was helpful. My question was quite general because I found the apple docs to be a bit hard to understand. Using ad-hoc signing solved the specific issue I had.

            – Jacob Taxén
            Feb 1 at 8:31













            5














            Signing the program yourself isn't ruining the purpose of code signing. The general purpose of code signing is to make it possible to verify that the program is an unmodified copy that was originally created by a specific entity (person or company). When you sign a program yourself only to run on your computer, you make it possible for the system to check that it is indeed you that created the binary, and that it hasn't been modified by others.



            The qualitative difference between signing the application binary yourself, and just allowing apps from unidentified developers in GateKeeper is that in the former case you allow a single, specific app to run - whereas the latter, you open for the possibility that you can open lots of different apps just by right-clicking on them and choosing Open. I.e. it is more restrictive and thus somewhat more "secure" by signing the specific program yourself.



            The responsibility of signing is entirely yours. The open source developer cannot sign the source code - it is only possible to sign the compiled binaries. As you're producing the compiled binaries yourself, it falls upon you to sign them.



            You can sign up for a developer account on Apple's web site that will allow you to create a certificate that can be used for signing. If you're a developer and regularly compiling binaries to run on Macs this is the preferred way of doing things. If this is a one-off thing that you probably won't ever do again, it is probably overkill to go through this process. YMMV.



            Other answers for your question here recommends that you use ad-hoc signing for your binary. That will not work. You will need to generate a valid signature in order to have the binary run with GateKeeper on its most secure setting.






            share|improve this answer




























              5














              Signing the program yourself isn't ruining the purpose of code signing. The general purpose of code signing is to make it possible to verify that the program is an unmodified copy that was originally created by a specific entity (person or company). When you sign a program yourself only to run on your computer, you make it possible for the system to check that it is indeed you that created the binary, and that it hasn't been modified by others.



              The qualitative difference between signing the application binary yourself, and just allowing apps from unidentified developers in GateKeeper is that in the former case you allow a single, specific app to run - whereas the latter, you open for the possibility that you can open lots of different apps just by right-clicking on them and choosing Open. I.e. it is more restrictive and thus somewhat more "secure" by signing the specific program yourself.



              The responsibility of signing is entirely yours. The open source developer cannot sign the source code - it is only possible to sign the compiled binaries. As you're producing the compiled binaries yourself, it falls upon you to sign them.



              You can sign up for a developer account on Apple's web site that will allow you to create a certificate that can be used for signing. If you're a developer and regularly compiling binaries to run on Macs this is the preferred way of doing things. If this is a one-off thing that you probably won't ever do again, it is probably overkill to go through this process. YMMV.



              Other answers for your question here recommends that you use ad-hoc signing for your binary. That will not work. You will need to generate a valid signature in order to have the binary run with GateKeeper on its most secure setting.






              share|improve this answer


























                5












                5








                5







                Signing the program yourself isn't ruining the purpose of code signing. The general purpose of code signing is to make it possible to verify that the program is an unmodified copy that was originally created by a specific entity (person or company). When you sign a program yourself only to run on your computer, you make it possible for the system to check that it is indeed you that created the binary, and that it hasn't been modified by others.



                The qualitative difference between signing the application binary yourself, and just allowing apps from unidentified developers in GateKeeper is that in the former case you allow a single, specific app to run - whereas the latter, you open for the possibility that you can open lots of different apps just by right-clicking on them and choosing Open. I.e. it is more restrictive and thus somewhat more "secure" by signing the specific program yourself.



                The responsibility of signing is entirely yours. The open source developer cannot sign the source code - it is only possible to sign the compiled binaries. As you're producing the compiled binaries yourself, it falls upon you to sign them.



                You can sign up for a developer account on Apple's web site that will allow you to create a certificate that can be used for signing. If you're a developer and regularly compiling binaries to run on Macs this is the preferred way of doing things. If this is a one-off thing that you probably won't ever do again, it is probably overkill to go through this process. YMMV.



                Other answers for your question here recommends that you use ad-hoc signing for your binary. That will not work. You will need to generate a valid signature in order to have the binary run with GateKeeper on its most secure setting.






                share|improve this answer













                Signing the program yourself isn't ruining the purpose of code signing. The general purpose of code signing is to make it possible to verify that the program is an unmodified copy that was originally created by a specific entity (person or company). When you sign a program yourself only to run on your computer, you make it possible for the system to check that it is indeed you that created the binary, and that it hasn't been modified by others.



                The qualitative difference between signing the application binary yourself, and just allowing apps from unidentified developers in GateKeeper is that in the former case you allow a single, specific app to run - whereas the latter, you open for the possibility that you can open lots of different apps just by right-clicking on them and choosing Open. I.e. it is more restrictive and thus somewhat more "secure" by signing the specific program yourself.



                The responsibility of signing is entirely yours. The open source developer cannot sign the source code - it is only possible to sign the compiled binaries. As you're producing the compiled binaries yourself, it falls upon you to sign them.



                You can sign up for a developer account on Apple's web site that will allow you to create a certificate that can be used for signing. If you're a developer and regularly compiling binaries to run on Macs this is the preferred way of doing things. If this is a one-off thing that you probably won't ever do again, it is probably overkill to go through this process. YMMV.



                Other answers for your question here recommends that you use ad-hoc signing for your binary. That will not work. You will need to generate a valid signature in order to have the binary run with GateKeeper on its most secure setting.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 27 '18 at 13:57









                jksoegaardjksoegaard

                18.1k1949




                18.1k1949























                    1















                    Should I sign open source code myself?




                    If you're not the developer, then no.



                    Code signing, in a nutshell, is a method to say you (the developer) are who you say you are and the code hasn't changed since you last signed it.




                    Is there any qualitative difference in signing code from the internet
                    and allowing apps from unidentified developers in the "This app was
                    downloaded from the internet" dialog box?




                    It sounds like your confusing Code Signing (what's required by Developers to publish Apps on the App Store) and Gatekeeper (what protects your Mac from installing software from unidentified developers).



                    If you allow your Mac to install software from both the App Store and identified developers, you will still get the popup alerting you to the fact software will be installed





                    And if it's from an unidentified developer, you will get the same popup with a "warning icon"





                    You can still install the software. This is just a mechanism that forces user interaction to actually install the software providing you a layer of security against self-installed malware.






                    share|improve this answer


























                    • Thank you, this answers some but not all the questions. I have edited my question to try to be more specific in what I'm asking

                      – Jacob Taxén
                      Nov 27 '18 at 12:17
















                    1















                    Should I sign open source code myself?




                    If you're not the developer, then no.



                    Code signing, in a nutshell, is a method to say you (the developer) are who you say you are and the code hasn't changed since you last signed it.




                    Is there any qualitative difference in signing code from the internet
                    and allowing apps from unidentified developers in the "This app was
                    downloaded from the internet" dialog box?




                    It sounds like your confusing Code Signing (what's required by Developers to publish Apps on the App Store) and Gatekeeper (what protects your Mac from installing software from unidentified developers).



                    If you allow your Mac to install software from both the App Store and identified developers, you will still get the popup alerting you to the fact software will be installed





                    And if it's from an unidentified developer, you will get the same popup with a "warning icon"





                    You can still install the software. This is just a mechanism that forces user interaction to actually install the software providing you a layer of security against self-installed malware.






                    share|improve this answer


























                    • Thank you, this answers some but not all the questions. I have edited my question to try to be more specific in what I'm asking

                      – Jacob Taxén
                      Nov 27 '18 at 12:17














                    1












                    1








                    1








                    Should I sign open source code myself?




                    If you're not the developer, then no.



                    Code signing, in a nutshell, is a method to say you (the developer) are who you say you are and the code hasn't changed since you last signed it.




                    Is there any qualitative difference in signing code from the internet
                    and allowing apps from unidentified developers in the "This app was
                    downloaded from the internet" dialog box?




                    It sounds like your confusing Code Signing (what's required by Developers to publish Apps on the App Store) and Gatekeeper (what protects your Mac from installing software from unidentified developers).



                    If you allow your Mac to install software from both the App Store and identified developers, you will still get the popup alerting you to the fact software will be installed





                    And if it's from an unidentified developer, you will get the same popup with a "warning icon"





                    You can still install the software. This is just a mechanism that forces user interaction to actually install the software providing you a layer of security against self-installed malware.






                    share|improve this answer
















                    Should I sign open source code myself?




                    If you're not the developer, then no.



                    Code signing, in a nutshell, is a method to say you (the developer) are who you say you are and the code hasn't changed since you last signed it.




                    Is there any qualitative difference in signing code from the internet
                    and allowing apps from unidentified developers in the "This app was
                    downloaded from the internet" dialog box?




                    It sounds like your confusing Code Signing (what's required by Developers to publish Apps on the App Store) and Gatekeeper (what protects your Mac from installing software from unidentified developers).



                    If you allow your Mac to install software from both the App Store and identified developers, you will still get the popup alerting you to the fact software will be installed





                    And if it's from an unidentified developer, you will get the same popup with a "warning icon"





                    You can still install the software. This is just a mechanism that forces user interaction to actually install the software providing you a layer of security against self-installed malware.







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited Nov 27 '18 at 9:54

























                    answered Nov 27 '18 at 9:41









                    AllanAllan

                    45.1k1467168




                    45.1k1467168













                    • Thank you, this answers some but not all the questions. I have edited my question to try to be more specific in what I'm asking

                      – Jacob Taxén
                      Nov 27 '18 at 12:17



















                    • Thank you, this answers some but not all the questions. I have edited my question to try to be more specific in what I'm asking

                      – Jacob Taxén
                      Nov 27 '18 at 12:17

















                    Thank you, this answers some but not all the questions. I have edited my question to try to be more specific in what I'm asking

                    – Jacob Taxén
                    Nov 27 '18 at 12:17





                    Thank you, this answers some but not all the questions. I have edited my question to try to be more specific in what I'm asking

                    – Jacob Taxén
                    Nov 27 '18 at 12:17


















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Ask Different!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f343912%2fshould-i-sign-open-source-code-myself%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

                    Calculate evaluation metrics using cross_val_predict sklearn

                    Insert data from modal to MySQL (multiple modal on website)