Am 30.11.2015 um 20:29 schrieb Austin English:
Typically the .pkg installer is signed.
You are right. Signing the xar archive is sufficient to make OS X happy (I installed my self signed certificate):
$ pkgutil --check-signature wine-staging-1.7.55-osx.pkg Package "wine-staging-1.7.55-osx.pkg": Status: signed by a certificate trusted on this system Certificate Chain: 1. Test SHA1 fingerprint: A9 95 25 95 [...]
From a technical point of view I don't see a problem in signing the
packages. We already have all required tools on the build system.
Am 30.11.2015 um 21:22 schrieb Hin-Tak Leung:
Can you tell me more about the open tool used for signing Mac OS X
executables?
I have been working on font signing in the recently open-sourced microsoft font validator (there is an official windows-only tool for signing fonts, but apparently an open-toolchain based tool also exist in somebody's hard disk)
The tool I used for sining the executables is ldid (http://gitweb.saurik.com/ldid.git). The program calculates the checksums for all code sections, signs the checksums and then embeds the signature into the Mach-O executable. It is unlikely that this will help you with font files.