Add a bit to the readme about how to do self-signed certs

99designs · Sep 2, 2017 · ba5a63e · ba5a63e
1 parent 701eeca
commit ba5a63e
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -30,7 +30,7 @@ $(BIN)-windows-386.exe: $(SRC)
 	GOOS=windows GOARCH=386 go build -o $@ -ldflags="$(FLAGS)" .
 
 release: $(BIN)-linux-amd64 $(BIN)-darwin-amd64 $(BIN)-windows-386.exe
-	codesign -s $(CERT) $(BIN)-darwin-amd64
+	codesign -s "$(CERT)" $(BIN)-darwin-amd64
 
 clean:
 	rm -f $(BIN)-*-*
diff --git a/README.md b/README.md
@@ -110,6 +110,19 @@ Developed with golang, to install run:
 go get github.com/99designs/aws-vault
 ```
 
+## Self-signing your binary
+
+Binaries that call Keychain need to be signed, otherwise they always show the "allow access" prompt. Releases are signed by 99designs certificates, but if you are actively developing and want to mimic the behaviour of a signed release you can generate a self-signed code signing certificate.
+
+Check out Apple's guide on it [here](http://web.archive.org/web/20090119080759/http://developer.apple.com/documentation/Security/Conceptual/CodeSigningGuide/Procedures/chapter_3_section_2.html), or find it in `Keychain Access > Certificate Assistant > Create Certificate > Code Signing Certificate`.  
+
+You can then sign your binary like this:
+
+```bash
+make build
+codesign -s "Name of my certificate" ./aws-vault
+```
+
 ## References and Inspiration
 
  * https://github.com/pda/aws-keychain