codesign

Hello! I'm relatively new (started a week ago) to creating MacOS applications. I had built an application in Python for Windows devices, and now I'm looking to distribute the beta to some friends who use Mac devices. I don't intend to put the app on the App Store, so I think that means I won't need to sandbox it. I've figured out how to adapt all of the functionality of the app to work on MacOS. I'm able to get the app to run successfully after using py2app and setting the required permissions in my .plist file. However, I'm trying to sign and notarize the functioning application and I'm hitting some challenges. I've tried a few combinations of things, but to no avail and I'm hoping someone can help me. I start by running the following to build my .app bundle: python setup.py py2app from setuptools import setup import os APP = ['App Name.py'] DATA_FILES = [ ('static', ['path/to/icons', 'path/to/styles']), ('static/fonts/Inter', ['path/to/font']), ] OPTIONS = { 'argv_emulation': True, 'iconfile': 'App Name.icn

I've used PyInstaller to create an arm mach-o of a hello world python file. I then tried to sign the file using codesign and got the following error: language main executable failed strict validation When I create an x86_64 mach-o using the same method the codesign works without any issues. I'm using an arm64 only python 3.9 and PyInstaller version 4.3 I've tried codesigning on both M1 and intel, and codesigning a hello world compiled from C file with gcc works. Also, I've tried looking at the file compiled with PyInstaller using otool and haven't seen any issues.

Developing a ios app in Unreal Engine 5. Everything was alright. Until it wasn’t. Build to iOS device. Click. Cooking. Building… “ERROR: CodeSign Failed” D4mn it! hahaha Here’s the log: UATHelper: Packaging (IOS): Command CodeSign failed with a nonzero exit code UATHelper: Packaging (IOS): ** BUILD FAILED ** UATHelper: Packaging (IOS): The following build commands failed: UATHelper: Packaging (IOS): CodeSign /Users/jordansktorres/My Drive/PROJECTS/CRUZEIRO-DO-SUL/ValenteGO/ValenteGO_V1/Binaries/IOS/Payload/ValenteGO_V1.app (in target ‘ValenteGO_V1’ from project ‘ValenteGO_V1’) UATHelper: Packaging (IOS): (1 failure) UATHelper: Packaging (IOS): Took 12,659139s to run env, ExitCode=65 UATHelper: Packaging (IOS): ERROR: CodeSign Failed UATHelper: Packaging (IOS): (see /Users/jordansktorres/Library/Logs/Unreal Engine/LocalBuildLogs/Log.txt for full exception trace) UATHelper: Packaging (IOS): AutomationTool executed for 0h 1m 51s UATHelper: Packaging (IOS): AutomationTool exiti

I am using Xcode Cloud to build my Mac Catalyst app for Developer ID Distribution as a DMG package that must be codesigned and notarized. I have a ci_post_xcodebuild.sh script that runs after the Archive action. This needs to perform the following tasks: Produce a DMG from the provided exported archive located at CI_DEVELOPER_ID_SIGNED_APP_PATH Codesign that DMG using the same certificate identity that Xcode Cloud used when automatic code signing the exported archive using cloud signing. Notarize that code signed dmg with the notary service Generate a Sparkle appcast.xml file Upload the DMG and appcast.xml file to s3 The issue I am having is that I do not have access to the cloud signing keychain identity that Xcode Cloud uses to automatically codesign the exported archive. I check for identities and none are found. Running: security find-identity -v -p codesigning There are no code signing identities available. Make sure you have a Developer ID (Application) certificate (w

I have a framework in my project that is composed of a main framework binary, with a number of dylibs that it depends on bundled with it: MyFramework.framework/ Versions/ A/ Frameworks/ foo.dylib bar.dylib Resources/ ... MyFramework _CodeSignature/ ... It is signed to run locally before being bundled into my main app project. Unfortunately, when embedding and signing the framework into my app, codesign is skipping re-signing the dylibs, which causes my hardened app to reject them from being loaded. Am I doing something wrong, or is this a bug?

Hi,I am codesigning my macOS app from terminal (after adding some resources I don't want to copy using Xcode build phases). When I verify the signature using codesign --verify, this is OK, but when I run spctl --assess, I get a sealed resource is missing or invalid.How can I know which resource is missing or invalid? What does spctl checks that codesign don't?Thanks

Issue 1) When I select Generic iOS Device and run Product Archive I get an error Command CodeSign failed with a nonzero exit code Issue 2) When I select a simulator e.g. iPhone 11 Pro Max , the option Archive under Product menu is not highlighted anymore.

We have a .app created from unity player. This app works fine till we do code sign. When we do successful code sign all required dependencies app doesn't launch. we are using following command. codesign -f --timestamp --option=runtime -s Dev ID ABC.app After checking various post on apple developer forum, we found https://developer.apple.com/forums/thread/132109 and it suggest to provide exception for hardened runtime. We followed the same and as suggested by Apple Support Engineer we tried all suggested runtime exception from link - https://developer.apple.com/documentation/security/hardened_runtime and found only this Allow Unsigned Executable Memory Entitlement(com.apple.security.cs.allow-unsigned-executable-memory) added, we are able to sign and launch app. but Notarization process fails. Could anyone suggest on following : How we can fix our development code so we don't have to provide this exception. What could be the issue, in our case? Is it possible to sign and notarization with this excepti

Have been days I am stuck on this, really hoping someone can help. I have added Widget to my existing AppKit project (macOS), and all works fine. However when I try to archive, it keeps failing at this error: 2020-11-14 23:58:29 +0000t/var/folders/gv/cqghcvl50690hwhk3bbpf7pr0000gn/T/XcodeDistPipeline.~~~HAVL4T/Root/Applications/XXXX.app/Contents/PlugIns/Mac WidgetExtension.appex: replacing existing signature 2020-11-14 23:58:29 +0000t/var/folders/gv/cqghcvl50690hwhk3bbpf7pr0000gn/T/XcodeDistPipeline.~~~HAVL4T/Root/Applications/XXXX.app/Contents/PlugIns/Mac WidgetExtension.appex: code object is not signed at all 2020-11-14 23:58:29 +0000t/usr/bin/codesign exited with 1 Have tried: Clearing and removing all certificates Upgrading to Big Sur Removed and recreate Widget Target Manually creating provisioning profiles

Displaying attribute for a private key I see a number of applications that are allowed to access it without needing a password e.g. racoon; Keychain Access.app; Certificate Assitant.app etc.. I want to add /usr/bin/codesign to the list but the gui window that pops up when I click on + doesn't seem to allow me to do that :( How do I do it please

I'm using my 3rd Party Developer and 3rd Party Installer certs to codesign an app bundle and then the package for that app for non-MAS distribution. Both operations report success and running codesign -vv /Applications/application.app reports:/Applications/application.app: valid on disk/Applications/application.app: satisfies its Designated RequirementHowever, when I transfer the PKG file to a server and then download it onto another system, Gatekeeper tells me that the app is from an unidentified developer. I have verified my certificates in Keychain Access and they match what is included with my developer account on developer.apple.com.Anyone have pointers as to what to check next?

I'm using Xcode 15 , I'm working in at project Command CodeSign failed with a nonzero exit code I got this error

Hello! I am having trouble with a Developer ID Application certificate that I have clearly added to the Keychain with Keychain Access not being recognized by codesign or DMG Canvas. Here is the command that DMG Canvas uses to see if there are any certificates for signing: $ /usr/bin/security find-identity -p codesigning Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found This shows that no certificates are found but there definitely are some. I installed this cert to both the System and login keychains, I tried to the Local Items keychain but this failed with an error I will display below. This image (names redacted) clearly shows the certs are there, valid, and not expired (behind the error) and also shows the error popup for when I try to add the cert to the Local Items keychain: Essentially I am asking why does Keychain Access say that I have the certificates but nothing can find it in order to sign applications. Thank you!

I saw this issue last Summer, but ignored it because it didn't interfere with development. Whenever I submit our Achived app or try to export for dev team, code signing fails with Code signing A failed. In the associated logs, this is what I see: 2020-11-11 18:38:44 +0000tRunning /usr/bin/codesign '-vvv' '--force' '--sign' 'ZZZZZZZ' '--entitlements' '/var/folders/vg/32z4zj4949x0r2tr6xtg1rg00000gn/T/XcodeDistPipeline.~~~1xAU4n/entitlements~~~xhX9bY' '--preserve-metadata=identifier,flags,runtime' '/var/folders/vg/32z4zj4949x0r2tr6xtg1rg00000gn/T/XcodeDistPipeline.~~~1xAU4n/Root/Applications/MyApp.app/Contents/Frameworks/MyKit.framework/Versions/A' 2020-11-11 18:38:44 +0000t/var/folders/vg/32z4zj4949x0r2tr6xtg1rg00000gn/T/XcodeDistPipeline.~~~1xAU4n/Root/Applications/MyApp.app/Contents/Frameworks/MyKit.framework/Versions/A: replacing existing signature 2020-11-11 18:38:44 +0000t/var/folders/vg/32z4zj4949x0r2tr6xtg1rg00000gn/T/XcodeDistPipeline.~~~1xAU4n/Root/Applications/MyApp.app/Contents/Frameworks/My

Hi, I have a question regarding expired codesign certificate. Will users able to install my old app from a DMG when a codesign certficate gets expired? I sign the app bundle and then sign the DMG package. After reading this official information: https://developer.apple.com/support/certificates/ I don't understand it clearly. Apple declares that installed app continues to work, but users can no longer launch installer packages for your Mac applications. Does it mean that app from a DMG also cannot be mounted and copied to Applications by users? Quote: Developer ID Installer Certificate (Mac applications) If your certificate expires, users can no longer launch installer packages for your Mac applications that were signed with this certificate. Previously installed apps will continue to run however new installations won't be possible until you have re-signed your installer package with a valid Developer ID Installer certificate. If your certificate is revoked, users will no longer be able to in