“codesign”

I have a Qt desktop app that I was shipping to users as a dmg on macOS. But now I'll need to kind of rebrand the app to different users, that rebranding involves changing the name and the icon of the app I'm not sure how feasible that is on macOS but here's what I'm thinking: First I'll include all apps for all brands inside the app resources, and instead of shipping the app directly, I will ship and installer (either .pkg or a custom made installer app) that will be responsible for downloading the main app and also setting some environmental variables somewhere so that I can choose the icon from the resources based on the env var values. And then either change the app icon and name from the installer itself, or implement something inside the app that makes it change the icon and name on launch (both icon in finder and in dock) but maybe one of those methods (or both) will break the codesign/notarization of the app so I want to avoid that too I'm not sure if someone has done this before or how feasib

Project Background: I developed a Mac project using Electron and VSCode Successfully uploaded the packaged pkg using Transporter, However, I will receive an email informing me that there are some issues with the project: ITMS-90296: App sandbox not enabled - The following executors must include the 'com. apple. security. app sandbox' entitlement with a Boolean value of true in the entitlement property list: [[com. electron. iflyrecclient. pkg/Payload/iFlytek Listen. app/Contents/MacOS/iFlytek Listen]] ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at' iFlytek hears. app 'is missing an application identifier but has an application identifier in the provisioning profile for the bundle.' Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight.' Here is my packaging process: Generate an app using the electron packager tool Sign the app using @ electron osx sign (version

Problem summary I have a macOS helper app that is launched from a sandboxed main app. The helper: has com.apple.security.app-sandbox = true and com.apple.security.inherit = true in its entitlements, is signed and embedded inside the main app bundle (placed next to the main executable in Contents/MacOS), reports entitlement_check = 1 (code signature contains sandbox entitlement, implemented via SecStaticCode… check), sandbox_check(getpid(), NULL, 0) returns 1 (runtime sandbox enforcement present), APP_SANDBOX_CONTAINER_ID environment variable is not present (0). Despite that, Cocoa APIs return non-container home paths: NSHomeDirectory() returns /Users/<me>/ (the real home). [[NSFileManager defaultManager] URLsForDirectory:inDomains:] and URLForDirectory:inDomain:appropriateForURL:create:error: return paths rooted at /Users/<me>/ (not under ~/Library/Containers/<app_id>/Data/...) — i.e. they look like non-sandboxed locations. However, one important exception: URLForDirectory:... for NSItemRepl

Hey! I am developing a macOS application with the help of an external vendor, who is supplying me with a closed-source XCFramework. In Xcode, when I import their XCFramework bundle, when running the app, or opening a SwiftUI preview, or interacting with the app in any form, I get the familiar dialog: [SDK name].framework Not Opened - Apple could not verify [SDK name].framework is free from malware that may harm your Mac or compromise privacy. (Regardless, the application can run on my machine.) But indeed, their cross-platform iOS/macOS XCFramework is not notarized at all (using spctl -a -t install), plus the macOS binary embedded is not code signed correctly (using codesign -d). The XCFramework itself is production code signed with a Developer ID certificate, however I believed the above issues to be valid. Now, I asked the vendor to provide a correctly distributed (so code signed and notarized) framework, however they pointed out that when I embed and sign the product in my app, it will be re-signe

My post-build script takes the developeridexport archive export, zips it up and uses notarytool to notarize it. I then add the .zip to a .dmg disk image. The next step is to codesign the disk image before notarizing that too. The issue is my Developer ID Application certificate is not accessible to the build host. (When I was doing this in Microsoft AppCenter (now defunct), it had a copy of my Developer ID Application certificate.) What steps do I need to take to get the disk image signed for notarization? Thanks! Lance

I'm working on a Mac app that receives a process ID via NSXPCConnection, and I'm trying to figure out the best way to determine whether that process is a native macOS app like Safari—with bundles and all—or just a script launched by something like Node or Python. The executable is signed with a Team ID using codesign. I was thinking about getting the executable's path as one way to handle it, but I’m wondering if there’s a more reliable method than relying on the folder structure.

I am experiencing a persistent issue when trying to sign my application, PhotoKiosk.app, using codesign. The process consistently fails with the error errSecInternalComponent, and my troubleshooting indicates the problem is with how the system accesses or validates my certificate's trust chain, rather than the certificate itself. Error Details and Configuration: codesign command executed: codesign --force --verbose --options=runtime --entitlements /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/entitlements.plist --sign Developer ID Application: Sérgio Mordente (G75SJ6S9NC) /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/dist/PhotoKiosk.app Error message received: Warning: unable to build chain to self-signed root for signer (null) /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/dist/PhotoKiosk.app: errSecInternalComponent Diagnostic Tests and Verifications Performed: Code Signing Identity Validation: I ran the command security find