codesign

My post-build script takes the developeridexport archive export, zips it up and uses notarytool to notarize it. I then add the .zip to a .dmg disk image. The next step is to codesign the disk image before notarizing that too. The issue is my Developer ID Application certificate is not accessible to the build host. (When I was doing this in Microsoft AppCenter (now defunct), it had a copy of my Developer ID Application certificate.) What steps do I need to take to get the disk image signed for notarization? Thanks! Lance

Hi,I have this error:https://drive.google.com/file/d/0B_mbl-uR8rqKbFZXYnNPcDBYVDQ/view?usp=sharingWhat is the problem?Thanks

Hello,I have the next environment:Login macbook: C.J. Kootcode signing certificate: Koot Software Design ( in my keychain)app name: Plantenkennis (build with FiveMac (command line, not in Xcode)When I want to sign my app I use this command:codesign -s Koot Software Design -v PlantenkennisBut I get an error: ambiguous (matches Koot Software Design and Mac Developer: C.J. Koot (MFNVQX3C9R) in /Users/cjkoot/Library/Keychains/login.keychain-db)How do I solve this problem?Rene'

I have app developed in electron.js and python and it works in ios 15 after codesigning but not in ios 14 or below I need to understand if theres a specific instruction that we need to while building the app or do I need to codesign in lower version? what can I do solve this issue??

Export entitlements.plist from the app using the codesign utility codesign -d --entitlements :entitlements.plist /path/to/.app/ Using above mentioned command doing signing of iOS application but during command run getting warning as below Warning: Specifying ':' in the path is deprecated and will not work in a future release Instead using : which argument to use to not see above mentioned warning XCode version used : 13.2

Hello,The Xcode team has made great improvments to Xcode codesign, especially for beginners.Still i am having some troubles using wildcard certificates.Wildcard certificates are, as for as I am concerned, convenience certificates that we, as an agency, use when we do not want to bother with the app ID (might not be declared on the client account yet, some developers might not have been invited yet, some might only backup for a few days), allowing us to develop on any code written in the company.Of course there were some drawbacks : any entitlement-related feature would not work but we were fully aware of this limitation.With Xcode 8 I am facing 2 issues :• First the iOS devices seems to check the existence if the bundle id before running. It means an app signed with a wildcard certificate but using an undeclared bundle (we append ours with .prod .preprod .stubs to be able to install all environments on a devices) will not run.• Second : Xcode will refuse to sign an app that as entitlements with a wil

A macOS Catalyst app with an added extension was successfully built with Xcode 12.1, submitted to the Mac App Store, and approved 2 weeks ago. This macOS Catalyst app was originally built and distributed last year with an Xcode version prior to Xcode 11.4, when the maccatalyst prefix was automatically added to builds. When trying to rebuild and update the project, unchanged except for version and build numbering, using Xcode 12.2, so that Apple Silicon support can be added, codesigning the new archive from the Organizer fails. The error message when trying to Distribute to App Store Connect from the Organizer is: Code signing rtl_tcp-SDR.app failed. View distribution logs for more information. The end of the IDEDistributionPipeline.log has this message: 2020-11-16 21:03:11 +0000tRunning /usr/bin/codesign '-vvv' '--force' '--sign' 'CD25FBC289AAC880348543822E408B045CD14EAC' '--entitlements' '/var/folders/96/wwd0fl953bg48jzn669wbg1m0000gp/T/XcodeDistPipeline.~~~YB05bp/entitlements~~~RoCzdR' '--

I created a simple HelloWorld test app and try to run it on my own device with a developer cert (paid). Everything seems to be ok and the certs are being managed automatically be XCode. No errors. Runs fine on several simulators as well as latest iOS versions and also on XCode-beta.The problem is: when I try to run it on my real (connected) device, I get this code signing error (/usr/bin/codesign receives an Illegal instruction signal and crashes).I browsed several forums and tried several things. None helped. Here is the XCode message (from XCode-10-beta, but same is true for XCode 9.4):...Signing Identity: iPhone Developer: xxx xxx (xxx)Provisioning Profile: iOS Team Provisioning Profile: * (xxxxxxxxxxx) /usr/bin/codesign --force --sign 82F025A538B4126E06BD4EAB2E3D8A570CAB680C --entitlements /Users/lothar/Library/Developer/Xcode/DerivedData/HelloWorld2-awursthwknjafwgsizbtcixufbmq/Build/Intermediates.noindex/HelloWorld2.build/Debug-iphoneos/HelloWorld2.build/HelloWorld2.app.xcent --timesta

Hello, in order to sign our app we run codesign tool as follows: /usr/bin/codesign --deep --timestamp -o runtime --force --keychain /fw_home/Library/Keychains/CPCERT.keychain --sign 'Developer ID Application: Check Point Software Technologies (TZ3UEPFYKD)' CMpub/lib/macosx/release/libimpers_kerb.dylib The command often fails with the following result: A timestamp was expected but was not found. The issue is intermittent and seems like depend on the location and time of the day. Thus in Tel-Aviv location the command tends to succeed at night hours but fails during the day. We took packet capture log on our firewall. When signing fails we see that codesign sends HTTP POST request to timestamp.apple.com and the server acknowledges receive of the packet. The server does not send back any data during 15 seconds and client side sends FIN packet to shutdown the connection. In case of successful signing we see that HTTP 200 code is received almost immediately. So, it seems that 15s is not e

Hi all,We're trying to package a new version of Multipass, a small cross-platform Linux VM manager. It's been working fine until recently, when the notarization service started erroring out on binaries unsigned, or those that don't have the hardened runtime enabled.We're using CPack to create a custom installer, so we have to do all the signing and notarization manually.Unfortunately the hypervisor we use (hyperkit) fails when ran with hardening:CODE SIGNING: 31277[hyperkit] vm_map_protect can't have both write and exec at the same timeWhile we investigate that problem, we wanted to add the appropriate entitlements to the signature, please tell me if there's something wrong with this:<?xml version=1.0 encoding=UTF-8?> <!DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> <plist version=1.0> <dict> <key>application-identifier</key> <string>com.canonical.multipass.hyperkit</string> <key>com.apple.security.cs.disab

This is a Math+CS Educational app written in Java. I have been able to distribute the Intel-Mac version downloaded as a .dmg (code-signed, notarized and stapled). I also need to support Apple silicon hw. I re-created the entire sw manufacturing structure on my M2 Macbook. I'm using the exact same command scripts that work on the older hardware. I am expecting the jpackage script to run the same way on the M2....but no. The first sign of trouble is I'm not getting an authentication password dialog , which I believe is thrown up by the MacOS when codesign asks to access my Keychain certificates. My keychain is setup the default way. Here is the error msg: [07:38:08.719] Running /usr/bin/codesign [07:38:08.749] java.io.IOException: Command [/usr/bin/codesign, -s, Developer ID Application: Pierre Bierre (SL7L4YU8GT), -vvvv, --timestamp, --options, runtime, --prefix, ST_DFG2D_ARM, /var/folders/v7/06pp2_5d6gz9593k96n2z0v40000gn/T/jdk.jpackage11705714069544945060/images/image-2753484488940

My AppleScript .app bundle contains a helper executable. Table 3 of TN2206 says that executables may be in either Contents/MacOS or Contents/Helpers, but Quinn's first reply in this post says that Contents/MacOS is better. So I put the helper in Contents/MacOS, alongside applet. I sign the AppleScript .app bundle for Developer ID and Hardened Runtime by running the codesign command with arguments recommended by Quinn in this post. Result: Notary Service rejects the .app bundle due to 3 issues with the helper: is not signed with a valid Developer ID certificate does not include a secure timestamp does not have the hardened runtime enabled (Possibly it still has a years-old signature without Developer ID and Hardened Runtime). So it seems that the the helper is not being (re-)signed. If, instead of signing the .app bundle, I run Quinn's codesign comand twice, once on the applet and once on the second executable, then Notary Service is happy with the bundle. I was hoping that, after all these y

hello guysi've built python application then compiled with Esky for OSX. then i want to submit it to apple store, i follow this tutorial http://dafoster.net/articles/2014/06/24/submitting-a-python-app-to-the-mac-app-store/and check with RB Check and the result :http://i.stack.imgur.com/ghuMc.pngwhen i codesign one of 2 frameworks use system names but are NOT signed by Apple i get error:/Contents/Frameworks/Python.framework: bundle format unrecognized, invalid...what i have to do?

I'm trying to add a small PNG file to my project and the build resuts in a codesign error:Debug/Example.app: resource fork, Finder information, or similar detritus not allowed Command /usr/bin/codesign failed with exit code 1I can add the same image as JPG format and the project compiles/runs just fine.What would cause this issue ... does Xcode for some reason dislike PNG images? I found this thread that sounded similar: https://forums.developer.apple.com/thread/68489but would like to understand what cuases this issue before I start running unknown utilities to fix things I can't explain.Thanks,

Hello! I'm relatively new (started a week ago) to creating MacOS applications. I had built an application in Python for Windows devices, and now I'm looking to distribute the beta to some friends who use Mac devices. I don't intend to put the app on the App Store, so I think that means I won't need to sandbox it. I've figured out how to adapt all of the functionality of the app to work on MacOS. I'm able to get the app to run successfully after using py2app and setting the required permissions in my .plist file. However, I'm trying to sign and notarize the functioning application and I'm hitting some challenges. I've tried a few combinations of things, but to no avail and I'm hoping someone can help me. I start by running the following to build my .app bundle: python setup.py py2app from setuptools import setup import os APP = ['App Name.py'] DATA_FILES = [ ('static', ['path/to/icons', 'path/to/styles']), ('static/fonts/Inter', ['path/to/font']), ] OPTIONS = { 'argv_emulation': True, 'iconfile': 'App Name.icn