Archive for March 20, 2012

Tuesday, March 20, 2012

Developer ID Gotcha

Daniel Jalkut:

So, my recommended fix either to use Xcode 4.3 to build your app, or mimic Xcode 4.3′s code signing behavior by stealing its codesign arguments (look in the build log after building on 4.3) and applying them verbatim in your build process.

Chris Suter:

If you need your application to work on older versions of OS X, you need to take care. By default, codesign will sign your application using a designated requirement that is built into the system. The default is controlled by the system that you are performing verification on, not the system that you’re signing on.

Update (2012-03-24): Ben Artin:

Where we run into problems is that the designated requirement embedded inside an application signed by Xcode 4.3 using an Apple Developer ID (which is required to support Gatekeeper in Mac OS X 10.8 Mountain Lion) is too complex for Mac OS X 10.5.x to understand. As a result, a Gatekeeper-enabled app running on Mac OS X 10.5.x always seems to be an impostor, which results in a variety of problems (such as the user always being prompted to allow the app to use passwords stored in the keychain, instead of being prompted only the first time — exactly the problem we ran into with Fetch 5.7.1).

He seems to have a better solution than Jalkut.

Don’t Use bcrypt

Tony Arcieri (via Hacker News):

If you’re already using bcrypt, relax, you’re fine, probably. However, if you’re looking for a key derivation function for a new project, bcrypt is probably not the best one you can pick. In fact, there are two ciphers which are each better in a different way than bcrypt, and also widely available across many platforms.

Welcome to the Brave New App Store World

Thomas Bauer:
Unfortunately, I will have to remove this feature if I still want to update my App in the App Store. The reason is that Spotlight is not ready for the sandbox and does not work in a sandboxed App. (Yes, this is the same Spotlight that was the key technology introduced in 10.4 Tiger and where every developer attending that WWDC was encouraged to do creative things with.)