Skip to content

Instantly share code, notes, and snippets.


Shane Lee twangboy

  • VMware
  • United States
View GitHub Profile
twangboy / OSX Code Signing and Notarization
Last active October 12, 2020 10:19
OSX Code Signing and Notarization for Salt OSX Packages
View OSX Code Signing and Notarization
Salt has been building OSX packages for many years now. We have been signing the installer (``.pkg``) files with a Developer ID Installer certificate. Apple now requires some additional signing and notarization in addition to signing the installer. This will allow the installer and Salt software to pass the gate keeper. I believe the process is as follows.
1. Build the app
2. Sign all the binaries in the app (python, pip, salt-*, etc) with the Developer ID Application certificate and use a secure timestamp
3. Build the package (I believe ours is a flat installer)
4. Sign the package with the Developer ID Installer certificate
5. Submit the installer for notarization
6. Staple the notarization to the package
This requires the use of new tooling
View PyMySQL, Shorter...
# Import third party libs
# Try to import MySQLdb
import MySQLdb
except ImportError:
# MySQLdb import failed, try to import PyMySQL
import pymysql