-
-
Notifications
You must be signed in to change notification settings - Fork 366
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove the --no-sign
option and warn the user about --adhoc-sign
on macOS applications
#865
Comments
Signing support should also be added for Android. This isn't necessary for running an app, because Gradle will just sign it with an auto-generated key which is different for each build machine. But for releasing on Google Play, you need to settle on one key and then use it consistently. How about replacing
|
Completely agreed that we need to expand signing support onto all other platforms. There's analogous support needed on iOS (which will be a pre-requisite for #860); Windows and Linux both have signing conventions as well. I think the UX cleanup you've suggested makes sense as well. "adhoc" signing is very macOS-loaded language; "minimal viable signing" is something every platform can support (with warnings if necessary if the resulting binary won't be redistributable); and having a single option would map to the end-user's understanding of something that is being done to the build/packaging step. The only question/alternative I'd offer is whether to add a new |
Yes, that all sounds reasonable. |
I'm looking into this during the sprint. |
The
package
command provides--no-sign
and--adhoc-sign
options.This is only used on macOS. Previously, macOS allowed completely unsigned apps and DMGs. However, as of macOS 12 (Monterey), apps must be signed to be able to run at all; and adhoc-signed apps won't be usable on any computer other than the one that created the app. Adhoc signing is useful for local testing, but completely unsigned apps are no longer possible on macOS.
Describe the solution you'd like
The
--no-sign
option should be removed. AdHoc signing should become the default signing option for all packaging on all platforms. This should be interpreted as "perform the minimal signing necessary to allow this app to run" - on Windows and Linux, this means "no signing".Using the
--adhoc-sign
option on macOS should prominently warn the user that the app will work, but will not be re-distributable.Describe alternatives you've considered
We could retain the
--no-sign
option and make it raise an error; however, that's not a great user experience. As macOS is the only platform that performs signing at present, it makes sense to repurpose "adhoc" signing as "do the minimum legal signing".The text was updated successfully, but these errors were encountered: