These utilities help me sign Python applications built with py2app. This project is a Python rewrite of the one I implemented using Bash scripts. See the CodeSigningScripts repository. The source article for this code and the shell scripts is still here. The motivation to do this in Python was that supporting different Python versions necessitated implementing version specific scripts when signing the Python libraries and applications. I thought that was unsustainable.
The goals for this project are:
- Consistent CLI interface across Python versions
- Installable in a developer's virtual environment
- Default the signing parameters to environment variables. This allows for short CLI invocations. However, still allow CLI parameter overrides
- Use the built-in keychain to store the notarization tool application ID. This avoid having to either key-in or recall from the bash history a long, long application ID.
Installation
pip install py2appsigner
This project uses Click for CLI handling
The above commands depend on the following environment variables.
PROJECTS_BASE - The local directory where the python projects are based
PROJECT - The name of the project; It should be a directory name
IDENTITY - Your Apple Developer ID
An example, of a PROJECTS_BASE is:
export PROJECTS_BASE="${HOME}/PycharmProjects"
This should be set in your shell startup script. For example .bash_profile
.
The PROJECT environment variable should be set on a project by project basis. I recommend you use direnv to manage these. An example of a .envrc follows:
export PROJECT=pyutmodel
source pyenv-3.10.6/bin/activate
py2appSign -p 3.11 -d pyut -a Pyut zipsign
py2appSign -p 3.11 -d pyut -a Pyut appsign
appNotarize -d pyut -a Pyut --verbose
appStaple -d pyut -a Pyut --verbose
appVerify -d pyut -a Pyut
notaryTool history
notaryTool -p NOTARY_TOOL_APP_ID history
Stores the history in the file notaryHistory.log
.
notaryTool information -i <submission id)
e.g. 5f57fc1e-23d3-42ab-b0ad-ec1d2635c4ad
notaryTool -p NOTARY_TOOL_APP_ID information -i <submission id>
e.g. 5f57fc1e-23d3-42ab-b0ad-ec1d2635c4ad
Stores the output in the file notary-{submission id}.log
Written by Humberto A. Sanchez II (C) 2023
For all kind of problems, requests, enhancements, bug reports, etc., please drop me an e-mail.
I am concerned about GitHub's Copilot project
I urge you to read about the Give up GitHub campaign from the Software Freedom Conservancy.
While I do not advocate for all the issues listed there I do not like that a company like Microsoft may profit from open source projects.
I continue to use GitHub because it offers the services I need for free. But, I continue to monitor their terms of service.
Any use of this project's code by GitHub Copilot, past or present, is done without my permission. I do not consent to GitHub's use of this project's code in Copilot.