[OS X Emacs] Aquamacs code signing makes some hacks difficult
david.reitter at gmail.com
Sun Jun 23 21:47:03 EDT 2013
On Jun 23, 2013, at 8:11 PM, Jamie Taylor <Jamie.Taylor at pobox.com> wrote:
> As of version 2.5, Aquamacs is signed. That means the OS won't pester
> you about launching unsigned code. That's good. It also means it's
> impossible to hack up files inside the app, which is exactly what I've
> done to my copy. That's bad.
For the record, changes to the .app bundle have never been recommended. Your specific use case (Info.plist for spotlight indexing) seems reasonable though.
> indexing of scheme source code files, and associate the .ss and .scm file
> extensions with Aquamacs.
That association can be done in Finder as well.
> With the latest release, doing this will cause the OS to
> refuse to launch the app.
Aquamacs 2.5, as signed, starts up just fine after changes to the Info.plist - provided these changes were made after the initial startup on that machine.
What you want to do is to reproduce a binary bundle that has been modified to your needs, and have it run on other machines. And if it doesn't do that, it works as designed - because the signature guarantees to the user that the signer has signed this particular code (i.e., I put my name on it).
> 1) build from source myself (but I'm lazy, and it makes it harder to
> recommend the tool to my co-workers)
It's not difficult.
While I encourage everyone to hack Aquamacs, I suggest people do so in a way that lets you submit your improvements to the project so everyone can benefit.
So, building it yourself is a good thing. ./configure; make install works, and so does the special build script that does a little more on top of that (in aquamacs/build).
It doesn't have many dependencies - primarily, it needs XCode (or a standard GNU toolchain), and I'd recommend "autotools".
> 2) re-sign the app after my edits with a default or dummy signature
> (I'm not exactly sure which). The command line for that is
> codesign -f -s - /Applications/Aquamacs.app
> This makes the OS give different warnings when launching the app the first
> time, but they are ones you can bypass.
Can't you simply delete the _CodeSignature directory from within the .app bundle?
> 3) Ask for a distribution that isn't signed in the first place (presumably
> in addition to the signed distribution)
Unlikely to happen for the release, but you may always download the unsigned nightly build:
> and of course probably what I should have done some time ago
> 4) see if I can get the changes incorporated into the default distribution
Scheme files should definitely be supported. Please send me a patch!
http://aquamacs.org -- Aquamacs: Emacs on Mac OS X
http://aquamacs.org/donate -- Could we help you? Return the favor and support the Aquamacs Project!
More information about the MacOSX-Emacs