You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today we require that users run quill attach-chain <p12> to craft a new p12 file that has the full cert chain for use in signing. Without this signing verification will fail. Another way to do this is to bake the Apple certs directly into quill such that the full chain (if it does not already exist in the p12) could be looked up at runtime.
The codesign utility does something like this by looking up the remaining certs in the chain in the system keychain. This won't be possible for all end users of quill since they may not be running on a mac (there is no reason to assume that apple root certs will be on a linux box, for instance).
The text was updated successfully, but these errors were encountered:
wagoodman
changed the title
Should we bake the root Apple certs directly into quill?
Embed the Apple root and intermediate certificates directly into quill
Apr 11, 2023
Today we require that users run
quill attach-chain <p12>
to craft a new p12 file that has the full cert chain for use in signing. Without this signing verification will fail. Another way to do this is to bake the Apple certs directly into quill such that the full chain (if it does not already exist in the p12) could be looked up at runtime.The
codesign
utility does something like this by looking up the remaining certs in the chain in the system keychain. This won't be possible for all end users of quill since they may not be running on a mac (there is no reason to assume that apple root certs will be on a linux box, for instance).The text was updated successfully, but these errors were encountered: