py2appsigner 0.6.60

Scripts to Code Sign py2app applications

Rationale

These utilities help me sign Python applications built with py2app. This project is a Python rewrite of the one I implemented using Bash scripts. See the CodeSigningScripts repository. The source article for this code and the shell scripts is still here. The motivation to do this in Python was that supporting different Python versions necessitated implementing version specific scripts when signing the Python libraries and applications. I thought that was unsustainable.

The goals for this project are:

• Consistent CLI interface across Python versions
• Installable in a developer's virtual environment
• Default the signing parameters to environment variables. This allows for short CLI invocations. However, still allow CLI parameter overrides
• Use the built-in keychain to store the notarization tool application ID. This avoid having to either key-in or recall from the bash history a long, long application ID.

Installation

pip install py2appsigner

Dependencies

This project uses Click for CLI handling

Required Environment Variables

The above commands depend on the following environment variables.

PROJECTS_BASE             -  The local directory where the python projects are based
PROJECT                   -  The name of the project;  It should be a directory name
IDENTITY                  - Your Apple Developer ID 

An example, of a PROJECTS_BASE is:

export PROJECTS_BASE="${HOME}/PycharmProjects" 

This should be set in your shell startup script. For example .bash_profile.

The PROJECT environment variable should be set on a project by project basis. I recommend you use direnv to manage these. An example of a .envrc follows:

export PROJECT=pyutmodel
source pyenv-3.10.6/bin/activate

Python Console Scripts

Sign the internal zip file

py2appSign -p 3.11 -d pyut -a Pyut  zipsign

Sign the application

py2appSign -p 3.11 -d pyut -a Pyut  appsign

Notarize the application

appNotarize -d pyut -a Pyut --verbose

Staple the application

appStaple -d pyut -a Pyut --verbose

Verify application signing

appVerify -d pyut -a Pyut

Utility Scripts

Notarization History

notaryTool history

Specify a profile name

notaryTool -p NOTARY_TOOL_APP_ID history

Stores the history in the file notaryHistory.log.

Notary Details

notaryTool information -i <submission id)

e.g. 5f57fc1e-23d3-42ab-b0ad-ec1d2635c4ad

Specify a profile name

notaryTool -p NOTARY_TOOL_APP_ID information -i <submission id>

e.g. 5f57fc1e-23d3-42ab-b0ad-ec1d2635c4ad

Stores the output in the file notary-{submission id}.log

---

Written by Humberto A. Sanchez II (C) 2023

---

Note

For all kind of problems, requests, enhancements, bug reports, etc., please drop me an e-mail.

I am concerned about GitHub's Copilot project

I urge you to read about the Give up GitHub campaign from the Software Freedom Conservancy.

While I do not advocate for all the issues listed there I do not like that a company like Microsoft may profit from open source projects.

I continue to use GitHub because it offers the services I need for free. But, I continue to monitor their terms of service.

Any use of this project's code by GitHub Copilot, past or present, is done without my permission. I do not consent to GitHub's use of this project's code in Copilot.