Another naive question about code signing

Graham Samuel livfoss at mac.com
Sat Jan 14 13:47:03 EST 2017


Having taken a lot of advice from this list and after a delay getting certificates, I’m about to do some actual code signing for an app that has a Windows and a Mac version. I am so unsure about the process that i don’t understand whether I apply the process (let’s say with Ksign for Windows) to the installer or the app itself.

In my case the installer installs additional files apart from the executable (all neatly packaged up in the Mac version of course, but separate in the Windows one). Since an installer is itself executable, I suppose starting an installer will generate those irritating warnings (yes, I know, they are for my users’ benefit, but still…) - on that basis, should the installer be signed? Or should I codesign everything, executables, additional files (these can be stacks, which are in some sense executable) and the installer too? I think the latter, but I’m not sure.

This must be blindingly obvious to everyone else, but it is not easy to get a simple answer from the internet. Of course I will just do it and see what happens, but I would be glad to understand what ‘normal practice’ might be.

Graham



More information about the use-livecode mailing list