Code signing with helper script

Hello, I’m hoping someone else can help me here…

I have developed a couple of small utility applications in Applescript Studio for my school district. For better or worse these are usually just a GUI overtop of some shell commands or a shell script that allows the user to easily do something they otherwise couldn’t do as a student user.

We are in an OS X server managed environment where I limit the applications that can be run by the student users, which has caused me some problems with my Applescript Studio applications. When I add the application to allowed apps list in WorkGroup Manager it let’s the application run, but not any of the scripts within the application’s Resources folder. I’ve even tried adding code signing to try and stamp everything.

I have gotten this working once simply by allowing everything within a folder to run, and then making sure to collect all my Applescript Studio apps into one folder with very restrictive permissions (since I don’t want the students adding Limewire or something similar to the folder to get run priviledges),but this also prevents students from using the Sparkle updater (since they don’t have permissions to mod the folder the apps are contained in).

Is there any way to sign the entire app, including the shell scripts in the resource folder? Or another methodology of doing this? For some of my smaller scripts I’m migrating them into the Applescript code, but in a couple of cases I’m calling fairly complex scripts and trying to bring in escape characters and such makes things way to complex.


Thanks in advance, Jeff.