static framework and code signing

Code Signing Certificates, Identifiers & Profiles
K. Hiroshi OP
Created 2w
Replies 2
Boosts 0
Views 249
Participants 2

Hello.

I am developing our company's SDK for iOS as a third-party library. This SDK consists of a static library and header files wrapped within a framework (and wrapping the target-specific frameworks in xcframework).

  1. I understand that codesign is required even for static frameworks, is it correct?
  2. Should I update the distributed files when the certificate expires? Does this depend on whether it is static or dynamic?
  3. When is the signature verified?
Answered by DTS Engineer in 891021022
1- I understand that codesign is required even for static frameworks, is it correct?

No. It’s recommended, but not required.

2- Should I update the distributed files when the certificate expires? Does this depend on whether it is static or dynamic?

One of my colleagues has been researching this specific, so I’m going to ask them to chime in with the details.

3- When is the signature verified?

By Xcode at build time.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  2
Boosts  0
Views  249
Participants  2
DTS Engineer OP
Apple
2w
Recommended
1- I understand that codesign is required even for static frameworks, is it correct?

No. It’s recommended, but not required.

2- Should I update the distributed files when the certificate expires? Does this depend on whether it is static or dynamic?

One of my colleagues has been researching this specific, so I’m going to ask them to chime in with the details.

3- When is the signature verified?

By Xcode at build time.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

DTS Engineer OP
Apple
1w
Accepted Answer
One of my colleagues has been researching this

It seems that the results of their result got integrated into the docs, and specifically Creating a multiplatform binary framework bundle. Note the recommendation to use the --timestamp option. This gives the framework a secure timestamp, meaning that Xcode won’t be troubled by an expired certificate (rather, it ensures that the certificate was valid at the time that the XCFramework was signed).

For more about secure timestamps, albeit in a different context, see TN3161 Inside Code Signing: Certificates.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

static framework and code signing
First post date Last post date
 
 
Q