-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Instructions for producing a signed app #64
Comments
Apologies, I haven't gotten around to properly documenting it. It's a bit involved, but below are some very brief instructions that hopefully will help. First, you'll need a paid for Apple Developer account, with a application signing key available on your machine, and then set a few environment variables to relevant values, and run the emacsbuilder You can view the help info for the package command by running Then you should be able to sign, package and notarize a folder containing a
If it helps, the relevant part in my GitHub Actions setup for nightly builds is here. The only thing the |
Thanks. The symptom is that the app won't launch, and I get a crash report SIGKILL (Code Signature Invalid), so I can't even allow the app in the security and privacy settings. |
Right, yeah. It seems M1 machines refuse to run unsigned code altogether. On Intel-based Macs it seems to be aware of what binaries were built locally, so they're automatically trusted. I don't have a M1 machine myself yet though, so my knowledge is mostly second hand right now. |
Indeed running Contents/MacOS/bin/emacs from the command line also gets killed. However, a hand-coded hello-world.c compiled with /usr/bin/gcc works ok. This article has a nice explanation: https://eclecticlight.co/2021/01/26/when-you-dont-have-permission-to-run-an-app-on-an-m1-mac/. And links to another of the author's articles with a solution, https://eclecticlight.co/2019/01/17/code-signing-for-the-concerned-3-signing-an-app/. If you do this:
it will launch. |
@isoboroff @jimeh I just met the same issue yesterday, and I use the same command to fix the issue. Instead of manually codesigning the |
I had not realized ad-hoc signing without any paid developer certificates was possible. I'll have a look at automatically doing that on non-Intel Macs when I finally get an Apple Silicon machine later this month. |
The README says that code sign instructions are coming soon. Even a pointer to what you have to set up and pass to the
go run ./cmd/emacs-builder package
would be great!I'm building on an M1 machine, otherwise I would slack off and use the Homebrew cask.
The text was updated successfully, but these errors were encountered: