You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by Peter Kovacs <le...@gmail.com> on 2016/10/22 05:17:26 UTC
need help with ASF's,Apple developer account
Hello ,
The given ressource i have no access to.
Can sombody support who has access to the internal Apache stuff and
check the ressource?
I would like to have access. How ever I am with you only for roughly one
and a half month.
Talking more then delivering ;) So I am unsure if you trust me enough to
give me the same.
(hehe. No issues if you dont.)
So I can drive the topic atm further. :)
Thanks the support
All the best
Peter
On 18.10.2016 15:04, Mark Thomas wrote:
> On 16/10/2016 17:46, Peter Kovacs wrote:
>> Hello Infra.
>>
>>
>> This Thread was: "Code signing available for OpenOffice"
>>
>> The Project OpenOffice would like to gain access to the ASF Developer
>> Account.
>>
>> Please name the requirements the Project has to share with you.
> https://reference.apache.org/pmc/appleappstore
>
> Mark
>
>>
>> Thank you for your support
>>
>>
>> All the Best
>>
>> Peter
>>
>>
>> On 11.10.2016 14:03, Mark Thomas wrote:
>>> On 10/10/2016 22:34, Andrea Pescetti wrote:
>>>> Jim Jagielski wrote:
>>>>>> On Oct 10, 2016, at 2:03 AM, Mark Thomas wrote:
>>>>>> We have separate a service for the Apple app store (and another for
>>>>>> the Google app store).
>>>>> Could you provide some info (or a pointer to info) regarding the
>>>>> App-store
>>>>> service, how it works, how to request access, etc..
>>>> Note that the current priority (in case this makes any difference) is to
>>>> get a valid signature that will be recognized by Gatekeeper. This is
>>>> probably a prerequisite for the App Store, but for the App Store we
>>>> would probably need further code changes that may come at a later stage.
>>> I don't think it makes a difference at this point. Access to the ASF's
>>> Apple developer account where we have a signing key for production
>>> applications is governed by the same process.
>>>
>>> Note you have the option of using the existing ASF-wide ID to sign the
>>> app or creating a specific OpenOffice ID.
>>>
>>> Regards,
>>>
>>> Mark
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: need help with ASF's,Apple developer account
Posted by Mark Thomas <ma...@apache.org>.
On 29/10/2016 00:12, Ariel Constenla-Haile wrote:
> On Fri, Oct 28, 2016 at 11:30:30PM +0200, Andrea Pescetti wrote:
>> Ariel Constenla-Haile wrote:
>>> These prerequisites are not trivial, our build process is already too
>>> cumbersome to make integrating
>>> https://reference.apache.org/pmc/codesigning appear as something
>>> trivial.
>>
>> That guide refers to the Symantec service for Windows code signing, not to
>> the signing services for MacOS X. For Windows we know that this would be
>> complex and it was investigated about two years ago. For MacOS X, as far as
>> I know, we never investigated the issue in depth (note: I'm only speaking of
>> pleasing Gatekeeper, not of entering the App Store which apparently would
>> pose bigger challenges).
>
> According to Mark's answer in this thread, the Symantec service covers
> Windows binaries and Java JARs and there is a separate web service for
> Apple code signing. I assume this implies also sending build artifacts
> over the internet to be signed by this web servicie. This is what I was
> pointing as no trivial at all, OpenOffice has already support for
> Windows signing (grok signtool) at build time with a local certificate,
> using a web service at build time does not look promising.
>
> I've found
> https://reference.apache.org/pmc/appleappstore
> https://issues.apache.org/jira/browse/LEGAL-174
> https://issues.apache.org/jira/browse/INFRA-11183
>
> @Mark: is there a documentation about the macOS signing service?
https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
and follow the links. From a quick look, you get a cert from Apple and
sign locally.
I'm not wildly happy about that approach. Infra regularly sees examples
of committers failing to secure private keys and I'm concerned about the
security of any locally held code signing key. That said, this looks to
be the only choice for macOS signing. For now it looks like we have to
make sure committers with signing keys understand the that they need to
look after those keys carefully.
(A significant advantage of the Symantec service is that it manages the
keys, uses a new key for every signing and allows per key/signing
revocations.)
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: need help with ASF's,Apple developer account
Posted by Ariel Constenla-Haile <ar...@apache.org>.
On Fri, Oct 28, 2016 at 11:30:30PM +0200, Andrea Pescetti wrote:
> Ariel Constenla-Haile wrote:
> >These prerequisites are not trivial, our build process is already too
> >cumbersome to make integrating
> >https://reference.apache.org/pmc/codesigning appear as something
> >trivial.
>
> That guide refers to the Symantec service for Windows code signing, not to
> the signing services for MacOS X. For Windows we know that this would be
> complex and it was investigated about two years ago. For MacOS X, as far as
> I know, we never investigated the issue in depth (note: I'm only speaking of
> pleasing Gatekeeper, not of entering the App Store which apparently would
> pose bigger challenges).
According to Mark's answer in this thread, the Symantec service covers
Windows binaries and Java JARs and there is a separate web service for
Apple code signing. I assume this implies also sending build artifacts
over the internet to be signed by this web servicie. This is what I was
pointing as no trivial at all, OpenOffice has already support for
Windows signing (grok signtool) at build time with a local certificate,
using a web service at build time does not look promising.
I've found
https://reference.apache.org/pmc/appleappstore
https://issues.apache.org/jira/browse/LEGAL-174
https://issues.apache.org/jira/browse/INFRA-11183
@Mark: is there a documentation about the macOS signing service?
Regards
--
Ariel Constenla-Haile
Re: need help with ASF's,Apple developer account
Posted by Andrea Pescetti <pe...@apache.org>.
Ariel Constenla-Haile wrote:
> These prerequisites are not trivial, our build process is already too
> cumbersome to make integrating
> https://reference.apache.org/pmc/codesigning appear as something
> trivial.
That guide refers to the Symantec service for Windows code signing, not
to the signing services for MacOS X. For Windows we know that this would
be complex and it was investigated about two years ago. For MacOS X, as
far as I know, we never investigated the issue in depth (note: I'm only
speaking of pleasing Gatekeeper, not of entering the App Store which
apparently would pose bigger challenges).
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: need help with ASF's,Apple developer account
Posted by Peter Kovacs <le...@gmail.com>.
On 28.10.2016 20:45, Ariel Constenla-Haile wrote:
> Hello Peter,
Hello Ariel,
>
>
> This does not seem to be the first priority for delivering a signed
> macOS application, I can think of:
>
> 1) do you have a Mac?
I own a Macbook Air model 2009. Today its a Mac OO QA instance, when I
find the time for this activity. I do not use it for anything else.
> 2) do you build AOO in a Mac?
I currently try to build AOO on Linux. Since I believe it is easier then
to fight with the Apple rubbish at the same time. But when I can build
OO on Linux, I will try to build on Mac and Windows.
Currently I have problems with building OO at all. But I learn a lot
about the build infrastructure. (You always learn when things are not
working. My gentoo experience ;) )
> 3) do you know the AOO source code and build environment enough to
> integrate as a part of the build process the signing workflow
> currently supported by the ASF?
3)
3.1) I think basic understanding of the Code and Architecture of OO. It
is sufficient to understand where I am stuck and to find ressources on
the topic.
3.2) I have a rough understanding how the build Process works. I am
still trying to understand it thought. It is not enough to successfully
build at the moment however.
3.3) No I have no clue on what it takes to integrate the signing Process.
> These prerequisites are not trivial, our build process is already too
> cumbersome to make integrating
> https://reference.apache.org/pmc/codesigning appear as something
> trivial.
>
That sounds like we need a different build process first :/ - Well, No
Problem. I was thinking the same today. ;P
However I think that stuffing something at the end, is pretty trivial,
compared to stuffing something at the beginning. But as I said above I
have no clue. Maybe I am a bit naive here. Currently I try to work
around something in the Middle. Most interesting and difficult. Sadly I
do not have so much time as I want to.
Maybe I am worse volunteer developer you have in the community. But I do
belive, I am still better then Mr. "no body". =D
All the best
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: need help with ASF's,Apple developer account
Posted by Ariel Constenla-Haile <ar...@apache.org>.
Hello Peter,
On Fri, Oct 28, 2016 at 07:59:11PM +0200, Peter Kovacs wrote:
> *bump* call for help because of issue
>
> https://bz.apache.org/ooo/show_bug.cgi?id=127198
>
>
> On 22.10.2016 07:17, Peter Kovacs wrote:
> >Hello ,
> >
> >The given ressource i have no access to.
> >Can sombody support who has access to the internal Apache stuff and check
> >the ressource?
> >
> >I would like to have access. How ever I am with you only for roughly one
> >and a half month.
> >Talking more then delivering ;) So I am unsure if you trust me enough to
> >give me the same.
> >(hehe. No issues if you dont.)
> >
> >So I can drive the topic atm further. :)
This does not seem to be the first priority for delivering a signed
macOS application, I can think of:
1) do you have a Mac?
2) do you build AOO in a Mac?
3) do you know the AOO source code and build environment enough to
integrate as a part of the build process the signing workflow
currently supported by the ASF?
These prerequisites are not trivial, our build process is already too
cumbersome to make integrating
https://reference.apache.org/pmc/codesigning appear as something
trivial.
Regards
--
Ariel Constenla-Haile
Re: need help with ASF's,Apple developer account
Posted by Matthias Seidel <ma...@hamburg.de>.
Hello Peter,
> Note you have the option of using the existing ASF-wide ID to sign the
> app or creating a specific OpenOffice ID.
>
> Regards,
>
> Mark
I think that should be discussed...
regards, Matthias
BTW: https://bz.apache.org/ooo/show_bug.cgi?id=121478 was reopened.
Re: need help with ASF's,Apple developer account
Posted by Peter Kovacs <le...@gmail.com>.
*bump* call for help because of issue
https://bz.apache.org/ooo/show_bug.cgi?id=127198
On 22.10.2016 07:17, Peter Kovacs wrote:
> Hello ,
>
> The given ressource i have no access to.
> Can sombody support who has access to the internal Apache stuff and
> check the ressource?
>
> I would like to have access. How ever I am with you only for roughly
> one and a half month.
> Talking more then delivering ;) So I am unsure if you trust me enough
> to give me the same.
> (hehe. No issues if you dont.)
>
> So I can drive the topic atm further. :)
>
> Thanks the support
>
> All the best
> Peter
>
> On 18.10.2016 15:04, Mark Thomas wrote:
>> On 16/10/2016 17:46, Peter Kovacs wrote:
>>> Hello Infra.
>>>
>>>
>>> This Thread was: "Code signing available for OpenOffice"
>>>
>>> The Project OpenOffice would like to gain access to the ASF Developer
>>> Account.
>>>
>>> Please name the requirements the Project has to share with you.
>> https://reference.apache.org/pmc/appleappstore
>>
>> Mark
>>
>>>
>>> Thank you for your support
>>>
>>>
>>> All the Best
>>>
>>> Peter
>>>
>>>
>>> On 11.10.2016 14:03, Mark Thomas wrote:
>>>> On 10/10/2016 22:34, Andrea Pescetti wrote:
>>>>> Jim Jagielski wrote:
>>>>>>> On Oct 10, 2016, at 2:03 AM, Mark Thomas wrote:
>>>>>>> We have separate a service for the Apple app store (and another for
>>>>>>> the Google app store).
>>>>>> Could you provide some info (or a pointer to info) regarding the
>>>>>> App-store
>>>>>> service, how it works, how to request access, etc..
>>>>> Note that the current priority (in case this makes any difference)
>>>>> is to
>>>>> get a valid signature that will be recognized by Gatekeeper. This is
>>>>> probably a prerequisite for the App Store, but for the App Store we
>>>>> would probably need further code changes that may come at a later
>>>>> stage.
>>>> I don't think it makes a difference at this point. Access to the ASF's
>>>> Apple developer account where we have a signing key for production
>>>> applications is governed by the same process.
>>>>
>>>> Note you have the option of using the existing ASF-wide ID to sign the
>>>> app or creating a specific OpenOffice ID.
>>>>
>>>> Regards,
>>>>
>>>> Mark
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org