在OSX上,对可执行文件进行代码签名以避免防火墙警告对话框。

huangapple go评论84阅读模式
英文:

OSX: Code-sign executable to avoid firewall warning dialog

问题

OSX El Capitan和Go 1.6

我想要的比标题听起来的要简单。

OSX防火墙禁止任何未知应用程序接受连接。当任何此类程序启动时,用户会收到一个对话框,询问是否允许该可执行文件接受连接。然后会记住用户的选择。

当使用node进行开发时,上述方法很好用,因为实际的可执行文件是一个单一的二进制文件,用户只需要允许/拒绝一次。

当使用go(或任何其他编译语言)进行开发时,每次创建的可执行文件都是不同的。这意味着每次启动服务器时我都会收到对话框。

避免此对话框的一种方法是使用在OSX中生成的自签名证书对可执行文件进行签名。一旦我们有了证书,我们只需对可执行文件进行签名并允许/拒绝一次。即使可执行文件二进制文件发生更改,代码签名也会被记住。

所以,我的问题是:

有没有办法在运行编译后的二进制文件之前,让go运行签名命令?

英文:

OSX El Capitan and Go 1.6

What I want is simpler than it sounds from the title.

The OSX firewall disallows any unknown application from accepting connections. When any such program starts, the user is presented with a dialog whether or not the said executable should be permitted to receive connections. The user's choice is then remembered.

The above works fine when for example one develops with node where the actual executable is a single binary and the user just needs to allow/deny it once.

When developing in go (and any other compiled language) the created executable is different every time. Which means I get the dialog every single time I start my server.

One way to avoid this dialog is to sign the executable with a self-signed certificate one generates in OSX itself. Once we have the certificate we simply sign the executable and allow/deny it once. Code signatures are always remembered even if the executable binary changes.

So, my question is:

Is there a way to make go run the signing command before running the compiled binary?

答案1

得分: 9

更简单的方法是在本地主机上显式启动服务器,例如:

http.ListenAndServe("localhost:8080", nil)

我最近写了一篇关于这个的小文章:

suppressing-accept-incoming-network-connections-warnings-on-osx

英文:

Even easier: start the server explicitly on localhost, like:

http.ListenAndServe("localhost:8080", nil)

I wrote a little piece on this recently:

suppressing-accept-incoming-network-connections-warnings-on-osx

答案2

得分: 3

傻我了。我花了5分钟写问题,2分钟找到答案并编写了解决方案的脚本。我会在这里发布它,以防有人遇到同样的问题。

binary=$GOPATH/pkg/kliron/hiss/hiss.a   
go build -o $binary hiss/main.go
codesign -f -s klironCode $binary --deep   
$binary "$@"

只需使用go build即可。

英文:

Silly me. Took me 5 minutes to write the question and 2 minutes to find the answer and write the script that solves it. I'll post it here in case anybody stumbles on the same problem.

binary=$GOPATH/pkg/kliron/hiss/hiss.a   
go build -o $binary hiss/main.go
codesign -f -s klironCode $binary --deep   
$binary "$@"

Just use go build.

huangapple
  • 本文由 发表于 2016年2月27日 19:04:46
  • 转载请务必保留本文链接:https://go.coder-hub.com/35668907.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定