View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0013532CMakeCMakepublic2012-09-12 11:332016-06-10 14:31
ReporterSean McBride 
Assigned ToKitware Robot 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionmoved 
PlatformOSOS Version
Product VersionCMake 2.8.9 
Target VersionCMake 2.8.12Fixed in Version 
Summary0013532: kitware-provided CMake installer/executables should be codesigned with 'Developer ID' for GateKeeper on OS X
DescriptionAs of Mac OS X 10.8, Apple & the OS now expect that all installers and apps be code signed. Summary:

http://arstechnica.com/apple/2012/07/os-x-10-8/14/ [^]
http://arstechnica.com/apple/2012/07/os-x-10-8/15/ [^]

If not, they warn and installation is more complicated, see attached.

Instructions on accomplishing what is needed:

https://developer.apple.com/resources/developer-id/ [^]
TagsNo tags attached.
Attached Filespng file icon CMake-not-signed.png [^] (62,055 bytes) 2012-09-12 11:33

 Relationships
related to 0015515closedKitware Robot Please digitally sign your installer files and/or add hashes 
related to 0015507closedBrad King CMake.App bundle is malformed which prevents code signing it 

  Notes
(0031017)
David Cole (manager)
2012-09-12 12:30
edited on: 2012-09-12 12:31

This one is probably not going to happen in time for 2.8.10, but thanks for the report. We'll discuss it.

I'll put it on the roadmap anyway, but it's likely we don't have enough time to address this before we do rc1 for 2.8.10...

(0031270)
David Cole (manager)
2012-10-18 11:17

These bugs were deferred from target version 2.8.10 to 2.8.11 based on the responses to this email thread on the CMake developer's mailing list:

  http://public.kitware.com/pipermail/cmake-developers/2012-October/005434.html [^]
(0032288)
Jean-Christophe Fillion-Robin (reporter)
2013-02-15 10:28

Cross-referencing - See also Slicer issue http://www.na-mic.org/Bug/view.php?id=2708 [^]
(0038556)
Eric Wing (reporter)
2015-04-20 12:29
edited on: 2015-04-20 12:30

After fixes discussed in http://www.cmake.org/Bug/view.php?id=15507, [^] this is my remaining script needed to code sign CMake.

#!/bin/zsh

# gets the script path
# script_path=${0:a}
# gets the directory in which the script resides
SCRIPT_DIR=${0:a:h}


CODE_SIGN_IDENTITY="Developer ID"

if [ -z $1 ]; then
    echo "Usage: codesign_cmake /path/CMake.app"
    exit 1
fi

CMAKE_DIR=$1

codesign --force --verbose --sign "$CODE_SIGN_IDENTITY" "$CMAKE_DIR"/Contents/Frameworks/QtCore.framework/Versions/4/QtCore
codesign --force --verbose --sign "$CODE_SIGN_IDENTITY" "$CMAKE_DIR"/Contents/Frameworks/QtGui.framework/Versions/4/QtGui
find "$CMAKE_DIR"/Contents/bin -type f -exec codesign --force --verbose --sign "$CODE_SIGN_IDENTITY" {} \;
find "$CMAKE_DIR"/Contents/MacOS -type f -exec codesign --force --verbose --sign "$CODE_SIGN_IDENTITY" {} \;

codesign --force --verbose --sign "$CODE_SIGN_IDENTITY" "$CMAKE_DIR"

(0038557)
Brad King (manager)
2015-04-20 12:38

For reference, since CMake 3.1 the OS X binaries are packaged with the CPack DragNDrop installer instead of PackageMaker:

 OS X: Package with DragNDrop instead of PackageMaker
 http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=dc3c2102 [^]

IIUC now one may drag CMake.app -> /Applications without this prompt. Then one can run the command-line tools immediately. It is only when running the cmake-gui that code signing is enforced by OS X.
(0040482)
Eric Wing (reporter)
2016-02-12 21:36

I am trying to sign CMake again to distribute to other users.

The situation has gotten worse.
Somewhere in the 10.9 timeframe, Apple tightened up the codesigning process. Among the changes are that improperly formed .framework bundles will cause an app to fail to be codesigned.

The Qt frameworks are malformed. The workaround I posted no longer works.
Qt 5.4 had the same problem. Various scripts around the net couldn't solve my Qt 5.4 problems and I had to upgrade to 5.5.1.

CMake is in a worse position since it is 4 based.

I'm not sure yet how to fix this.

I am using CMake 3.4.1. I would be happy to learn CMake has since fixed the issue.
(0040656)
Sean McBride (reporter)
2016-03-09 12:46

0015507 is now fixed, allowing CMake.app to actually be signed.

After 4 years now, any chance of the next release actually being signed? :)
(0042121)
Kitware Robot (administrator)
2016-06-10 14:28

Resolving issue as `moved`.

This issue tracker is no longer used. Further discussion of this issue may take place in the current CMake Issues page linked in the banner at the top of this page.

 Issue History
Date Modified Username Field Change
2012-09-12 11:33 Sean McBride New Issue
2012-09-12 11:33 Sean McBride File Added: CMake-not-signed.png
2012-09-12 12:30 David Cole Note Added: 0031017
2012-09-12 12:31 David Cole Note Edited: 0031017
2012-09-12 12:31 David Cole Target Version => CMake 2.8.10
2012-10-18 11:16 David Cole Target Version CMake 2.8.10 => CMake 2.8.11
2012-10-18 11:17 David Cole Note Added: 0031270
2013-02-15 10:29 Jean-Christophe Fillion-Robin Note Added: 0032288
2013-05-17 09:33 Robert Maynard Target Version CMake 2.8.11 => CMake 2.8.12
2015-04-09 10:20 Brad King Relationship added related to 0015507
2015-04-20 12:29 Eric Wing Note Added: 0038556
2015-04-20 12:30 Eric Wing Note Edited: 0038556
2015-04-20 12:38 Brad King Note Added: 0038557
2015-04-20 12:39 Brad King Relationship added related to 0015515
2016-02-12 21:36 Eric Wing Note Added: 0040482
2016-03-09 12:46 Sean McBride Note Added: 0040656
2016-06-10 14:28 Kitware Robot Note Added: 0042121
2016-06-10 14:28 Kitware Robot Status new => resolved
2016-06-10 14:28 Kitware Robot Resolution open => moved
2016-06-10 14:28 Kitware Robot Assigned To => Kitware Robot
2016-06-10 14:31 Kitware Robot Status resolved => closed


Copyright © 2000 - 2018 MantisBT Team