You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The SingleFile bundler should use the managed Mach-O signer. The bundler uses codesign to both remove the signature and sign, and CreateAppHost uses the managed signer. If we enable ad-hoc singing on non-mac, we would have a signature in the singlefile apphost, but wouldn't be able to remove the signature before bundling or resign the final bundle, resulting in an executable with an invalid signature, which seems worse than unsigned.
At the very least, we should use the managed signer to remove the signature in the bundler.
The text was updated successfully, but these errors were encountered:
The SingleFile bundler should use the managed Mach-O signer. The bundler uses codesign to both remove the signature and sign, and CreateAppHost uses the managed signer. If we enable ad-hoc singing on non-mac, we would have a signature in the singlefile apphost, but wouldn't be able to remove the signature before bundling or resign the final bundle, resulting in an executable with an invalid signature, which seems worse than unsigned.
At the very least, we should use the managed signer to remove the signature in the bundler.
The text was updated successfully, but these errors were encountered: