[tor-dev] Apple App Store Redux

Ralf-Philipp Weinmann ralf at coderpunks.org
Sun Nov 17 09:38:26 UTC 2013

On Sun, Nov 17, 2013 at 09:15:58AM +0000, Georg Koppen wrote:
> Erinn Clark:
> > I am at this point in favor of signing OSX packages with their codesigning but
> How is this supposed to work with Gitian?

I don't see the problem. You can still verify the output of your Gitian build
against the signed version. After all, signing an app just adds an
LC_CODE_SIGNATURE load command plus associated data to your Mach-O files and a
Contents/_CodeSignature/CodeResources for the resources to your app bundle. To
verify you can simply remove both using command line tools and compare the
signed version against the local Gitian build process output.


More information about the tor-dev mailing list