How to sign a Mac OS X application in Linux?
For OS X, I distribute my Java application inside a DMG. Since Mountain Lion's release, opening the app gives the following error message:
[app name] is damaged and couldn't be opened. You should eject the disk image.
Apparently the fix is to sign the .app file so I read the Code Signing Guide. Everything seems to be straightforward apart from the important question of how to integrate this into my one-click build process.
Building my product on all platforms happens on my Linux development machine. I run an Ant script and the Windows installer, starter EXE, Linux installer, OS X application and DMG are all built. So I'd like to integrate code signing into this process.
Is there an equivalent of 'codesign' for Linux?
Answer
There is no documented way of code signing a Mac OS X application in Linux.
The only way I've found to do this so far is to SSH into a Mac and use that.
On the other hand, according to @Steve McLeod (https://stackoverflow.com/a/55906962/28190) the installer package install4j does offer this:
Integrated code signing on Windows and Mac OS X . In the “General Settings” section, install4j now has a “Code signing” tab where you can configure code signing certificates for Windows and Mac OS X. Code signing will be applied to all launchers and installer applications in the corresponding media files. The implementations for code signing are cross-platform, so you can sign Windows and Mac OS X media files from a Linux build server, for example.
So it must be technically possible.