Scripts to Code Sign py2app applications
Project description
Rationale
These utilities help me sign Python applications built with py2app. This project is a Python rewrite of the one I implemented using Bash scripts. See the CodeSigningScripts repository. The source article for this code and the shell scripts is still here. The motivation to do this in Python was that supporting different Python versions necessitated implementing version specific scripts when signing the Python libraries and applications. I thought that was unsustainable.
The goals for this project are:
- Consistent CLI interface across Python versions
- Installable in a developer's virtual environment
- Default the signing parameters to environment variables. This allows for short CLI invocations. However, still allow CLI parameter overrides
- Use the built-in keychain to store the notarization tool application ID. This avoid having to either key-in or recall from the bash history a long, long application ID.
Dependencies
This project uses Click for CLI handling
Required Environment Variables
The above commands depend on the following environment variables.
PROJECTS_BASE - The local directory where the python projects are based
PROJECT - The name of the project; It should be a directory name
IDENTITY - Your Apple Developer ID
An example, of a PROJECTS_BASE is:
export PROJECTS_BASE="${HOME}/PycharmProjects"
This should be set in your shell startup script. For example .bash_profile.
The PROJECT environment variable should be set on a project by project basis. I recommend you use direnv to manage these. An example of a .envrc follows:
export PROJECT=pyutmodel
source pyenv-3.10.6/bin/activate
Python Console Scripts
Sign the internal zip file
py2appSign --python-version 3.11 --project-directory pyut --application-name Pyut --verbose zipsign
Sign the application
py2appSign -p 3.11 -d pyut -a Pyut --verbose appsign
Notarize the application
appNotarize -d pyut -a Pyut --verbose
Staple the application
appStaple -d pyut -a Pyut --verbose
Verify application signing
appVerify -d pyut -a Pyut
Utility Scripts
Notarization History
notaryTool history
Specify a profile name
notaryTool -p NOTARY_TOOL_APP_ID history
Stores the history in the file notaryHistory.log.
Notary Details
notaryTool information -i <submission id) e.g. 5f57fc1e-23d3-42ab-b0ad-ec1d2635c4ad
Specify a profile name
notaryTool -p NOTARY_TOOL_APP_ID information -i <submission id> e.g. 5f57fc1e-23d3-42ab-b0ad-ec1d2635c4ad
Stores the output in the file notary-{submission id}.log
Written by Humberto A. Sanchez II (C) 2023
Note
For all kind of problems, requests, enhancements, bug reports, etc., please drop me an e-mail.
I am concerned about GitHub's Copilot project
I urge you to read about the Give up GitHub campaign from the Software Freedom Conservancy.
While I do not advocate for all the issues listed there I do not like that a company like Microsoft may profit from open source projects.
I continue to use GitHub because it offers the services I need for free. But, I continue to monitor their terms of service.
Any use of this project's code by GitHub Copilot, past or present, is done without my permission. I do not consent to GitHub's use of this project's code in Copilot.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for py2appsigner-0.6.10-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 81d4bb6e766d35999186cd28fb5bb92d4de48790ceeee716214c0b17173e232d |
|
| MD5 | 0efbab5c279302268b9aff69b2757a4d |
|
| BLAKE2b-256 | fc2678d79e4a50c7a96417fa51911f14b9f51271ca81d6709746a0a5810691a6 |
