[OS X Emacs] Aquamacs code signing makes some hacks difficult

David Reitter david.reitter at gmail.com
Sun Jun 23 21:47:03 EDT 2013


On Jun 23, 2013, at 8:11 PM, Jamie Taylor <Jamie.Taylor at pobox.com> wrote:

> As of version 2.5, Aquamacs is signed.  That means the OS won't pester
> you about launching unsigned code.  That's good.  It also means it's
> impossible to hack up files inside the app, which is exactly what I've
> done to my copy.  That's bad.

For the record, changes to the .app bundle have never been recommended.  Your specific use case (Info.plist for spotlight indexing) seems reasonable though.


> indexing of scheme source code files, and associate the .ss and .scm file
> extensions with Aquamacs.

That association can be done in Finder as well.

>  With the latest release, doing this will cause the OS to 
> refuse to launch the app.

Aquamacs 2.5, as signed, starts up just fine after changes to the Info.plist - provided these changes were made after the initial startup on that machine.

What you want to do is to reproduce a binary bundle that has been modified to your needs, and have it run on other machines.  And if it doesn't do that, it works as designed - because the signature guarantees to the user that the signer has signed this particular code (i.e., I put my name on it).


> 1) build from source myself (but I'm lazy, and it makes it harder to
> recommend the tool to my co-workers)

It's not difficult.

While I encourage everyone to hack Aquamacs, I suggest people do so in a way that lets you submit your improvements to the project so everyone can benefit. 
So, building it yourself is a good thing.  ./configure; make install works, and so does the special build script that does a little more on top of that (in aquamacs/build).

It doesn't have many dependencies - primarily, it needs XCode (or a standard GNU toolchain), and I'd recommend "autotools".

> 2) re-sign the app after my edits with a default or dummy signature
> (I'm not exactly sure which).  The command line for that is 
>  codesign -f -s - /Applications/Aquamacs.app
> This makes the OS give different warnings when launching the app the first
> time, but they are ones you can bypass.


Can't you simply delete the _CodeSignature directory from within the .app bundle?

> 3) Ask for a distribution that isn't signed in the first place (presumably
> in addition to the signed distribution)

Unlikely to happen for the release, but you may always download the unsigned nightly build:

http://aquamacs.org/nightlies.shtml

> 
> and of course probably what I should have done some time ago
> 4) see if I can get the changes incorporated into the default distribution

+1.

Scheme files should definitely be supported.  Please send me a patch!


--
http://aquamacs.org -- Aquamacs: Emacs on Mac OS X
http://aquamacs.org/donate -- Could we help you? Return the favor and support the Aquamacs Project!


More information about the MacOSX-Emacs mailing list