mirror of
https://github.com/Yubico/yubioath-flutter.git
synced 2024-12-23 02:01:36 +03:00
Update documentation for Helper.
This commit is contained in:
parent
43f93aff8c
commit
ef381d0cc4
16
README.adoc
16
README.adoc
@ -7,20 +7,20 @@ https://flutter.dev/desktop
|
||||
Development has been done using the "Install from git" method of installing the
|
||||
SDK, from the "beta" channel.
|
||||
|
||||
You will also need to provide a compiled version of ykman-rpc, as described in
|
||||
You will also need to provide a compiled version of the Helper, as described in
|
||||
the next section.
|
||||
|
||||
|
||||
=== Building ykman-rpc
|
||||
=== Building the Yubico Authenticator Helper
|
||||
Requirements: Python >= 3.8 and Poetry.
|
||||
|
||||
The GUI requires a compiled version of ykman-rpc to run, which is built from
|
||||
the sources in ykman-rpc/ in this repository. This needs to be build prior to
|
||||
running `flutter build` or `flutter run`, by running `build-ykman.sh` (or
|
||||
`build-ykman.bat` on Windows).
|
||||
The GUI requires a compiled version of Helper to run, which is built from the
|
||||
sources in helper/ in this repository. This needs to be build prior to running
|
||||
`flutter build` or `flutter run`, by running `build-helper.sh` (or
|
||||
`build-helper.bat` on Windows).
|
||||
|
||||
NOTE: You will need to re-run `ykman-build.sh` if changes have been made to
|
||||
ykman-rpc's code, or if `flutter clean` has been run.
|
||||
NOTE: You will need to re-run `ykman-helper.sh` if changes have been made to
|
||||
Helper's code, or if `flutter clean` has been run.
|
||||
|
||||
|
||||
=== Running the app
|
||||
|
@ -1,7 +1,7 @@
|
||||
== Packaging for MacOS
|
||||
Building the ykman CLI locally will result in an adhoc-signed build, which
|
||||
works for local development, but not for distribution. Before distributing it
|
||||
needs to be re-signed. Build the CLI by running `build-ykman.sh`, see the main
|
||||
Building the Helper locally will result in an adhoc-signed build, which works
|
||||
for local development, but not for distribution. Before distributing it needs
|
||||
to be re-signed. Build the Helper by running `build-helper.sh`, see the main
|
||||
README for details.
|
||||
|
||||
To distribute the app you will need the Yubico MacOS signing key. The method of
|
||||
@ -14,22 +14,22 @@ To distribute the app outside of the App Store, we need to sign it and Notarize
|
||||
it. For Notarization to work, we must enable "hardened runtime" by setting the
|
||||
`--options runtime` when signing.
|
||||
|
||||
==== Signing the ykman CLI
|
||||
==== Signing the Yubico Authenticator Helper
|
||||
The following commands can be done to re-sign the files using the Yubico
|
||||
signing key:
|
||||
|
||||
# Sign the main binary, with the entitlements:
|
||||
codesign -f --timestamp --options runtime --entitlements macos/ykman.entitlements --sign 'Application' build/macos/ykman-rpc/ykman-rpc
|
||||
codesign -f --timestamp --options runtime --entitlements macos/helper.entitlements --sign 'Application' build/macos/helper/authenticator-helper
|
||||
|
||||
# Sign the dylib and so files, without entitlements:
|
||||
codesign -f --timestamp --options runtime --sign 'Application' $(find build/macos/ykman-rpc/ -name "*.dylib" -o -name "*.so")
|
||||
codesign -f --timestamp --options runtime --sign 'Application' $(find build/macos/helper/ -name "*.dylib" -o -name "*.so")
|
||||
|
||||
# Sign the Python binary (if it exists), without entitlements:
|
||||
codesign -f --timestamp --options runtime --sign 'Application' build/macos/ykman-rpc/Python
|
||||
codesign -f --timestamp --options runtime --sign 'Application' build/macos/helper/Python
|
||||
|
||||
==== Signing the GUI
|
||||
After signing the CLI, make a release build of the GUI and then re-sign it with
|
||||
the Yubico key:
|
||||
After signing the Helper, make a release build of the GUI and then re-sign it
|
||||
with the Yubico key:
|
||||
|
||||
codesign --timestamp --options runtime --sign 'Application' --entitlements macos/Runner/Release.entitlements --deep "build/macos/Build/Products/Release/Yubico Authenticator.app"
|
||||
|
||||
@ -71,19 +71,19 @@ Choose the folder you just created.
|
||||
|
||||
|
||||
=== Signing for the App Store
|
||||
All binaries must have sandbox enabled for the Apple App Store, but the ykman
|
||||
All binaries must have sandbox enabled for the Apple App Store, but the Helper
|
||||
binary doesn't work when sandboxed AND hardened. Luckily, App Store binaries do
|
||||
not need to be hardened. Thus, we need to sign the ykman executable with
|
||||
not need to be hardened. Thus, we need to sign the Helper executable with
|
||||
sandbox enabled, but NOT as a hardened build. The App Store build also uses a
|
||||
different code signing key than the standalone distribution.
|
||||
|
||||
==== Signing the ykman CLI
|
||||
Follow the same steps as for "standalone", with the exception of signing the `ykman` binary:
|
||||
==== Signing the Yubico Authenticator Helper
|
||||
Follow the same steps as for "standalone", with the exception of signing the `authenticator-helper` binary:
|
||||
|
||||
# Sign the main binary, with sandbox enabled, without hardened runtime:
|
||||
codesign -f --timestamp --entitlements macos/ykman-sandbox.entitlements --sign 'Application' build/macos/ykman/ykman
|
||||
codesign -f --timestamp --entitlements macos/helper-sandbox.entitlements --sign 'Application' build/macos/helper/authenticator-helper
|
||||
|
||||
NOTE: This sandboxed ykman will not run on its own, it has to be run as a
|
||||
NOTE: This sandboxed Helper will not run on its own, it has to be run as a
|
||||
subprocess to the main application.
|
||||
|
||||
Once you have the signed .app, (no Notarization required) build the package for AppStore submission:
|
||||
|
Loading…
Reference in New Issue
Block a user