I have a service, where an app is generated from a jar file, using Jar2App, on the fly. I use an Ubuntu Linux server as host for the service and I need to sign the app, after it is generated.
How can I do this on the server, automatically?
I know I need a developer id, but how can I make the codesign application work on my server or is there any working alternative to Ubuntu?
Best Answer
This question would get three different answers based on if you ask on Ask Different, Ask Ubuntu and Stack Overflow.
The stack overflow answer is basically that open-source style reverse engineering the
codesignwas far more engineering effort than just renting a Mac Mini and using Apple’s tools and not necessarily Apple’s certificates.The answer here is that Apple doesn’t provide that framework on OS other than macOS today and that any Mac can download for free the command line version of developer tools and you can set up ssh trivially on macOS so you can automate build and signing steps remotely from ubuntu, windows and all manner of other OS so that you can deploy from the platform of your choice on demand.
I can’t speak for Ask Ubuntu or Linux in general, but one person stated that Apple has open sourced the tools and that wouldn’t surprise me that the signing framework is based on standard cryptographic protocols and certificate structure and only peripherally has hooks into the macOS keychain for eliminating the need to store keys on the filesystem directly.