Mac What is the scope of Code Signing?

Sydde

macrumors 68020
Original poster
Aug 17, 2009
2,112
2,426
IOKWARDI
I have a small plist my app uses for reference, to contain some OS-related constants that there is a remote possibility could change at some point in the future. Because it should probably not ever be touched, I tucked it away in the MacOS subfolder so that anyone trying to localize files will probably not notice its existence and not mess with it. My question is, in this Code Signing environment, what is checked by the system for consistency? If that file were altered out of necessity, would it break the app?
 

robbieduncan

Moderator emeritus
Jul 24, 2002
24,638
61
Harrogate
I believe that any change to any file within the .app wrapper will "break" the code signing. If you needed to change the file could you not just update the app and re-release?

Or if you really want to enable dynamic change in the file have your app check for a copy in ~/Library/Application Support/<You App Name>/ and use that if it's there and if not fall back on the copy in the app. In fact this is probably the "correct" solution.
 

gnasher729

macrumors P6
Nov 25, 2005
16,569
3,148
I have a small plist my app uses for reference, to contain some OS-related constants that there is a remote possibility could change at some point in the future. Because it should probably not ever be touched, I tucked it away in the MacOS subfolder so that anyone trying to localize files will probably not notice its existence and not mess with it. My question is, in this Code Signing environment, what is checked by the system for consistency? If that file were altered out of necessity, would it break the app?
Probably the easiest way to handle this is to put it into preferences with no UI. Then a user can change this from the command line. I'd say the subset of your users who can edit a .plist file in your application is about the same as the subset that can enter a command in Terminal.

Personally I much prefer the method of releasing a new version; I know others who very much prefer this method where a user with a problem can enter some magical line into Terminal to fix it.
 

Catfish_Man

macrumors 68030
Sep 13, 2001
2,579
1
Portland, OR
There's a way to exclude files from consideration by code signing. I don't recall exactly what the mechanism is, but it should be in the code signing docs.