“codesign”

Hi Quinn, Thanks for the information! I tried the link you mentioned, but no luck so far. I tried the following so far: Add com.apple.security.cs.allow-unsigned-executable-memory to the entitlements.plist file. Normalise the Entitlements Property List Re-codesign the .app folder. Notarize and staple the .app folder I tried syspolicy_check distribution my_app.app and got the following App passed all pre-distribution checks and is ready for distribution. But when I try to run the app from the terminal, I still got zsh: trace trap ./path_to_my_app error. When I tried to launch the app by double clicking the .app file, it would exist immediately without launching it.

Below are the Info.plist, entitlements, and App Store profiles for our driver and client app. So, as a quick side comment, when looking into an issue like this, it's critical to look at the actual Info.plist file, not just the Xcode project settings. I happened to have been sent your DEXT by one of our evangelists, but without the actual data, I probably wouldn't have thought of this. In any case, here is the CFBundleVersion of your development DEXT: CFBundleVersion = 1 And here is your TestFlight version: CFBundleVersion = 3433099.287482533 You can read the full details here, but that second version simply will not work in a DEXT/KEXT. I suspect that's the problem here, but covering a few odds and ends: Our driver’s Info.plist specifies both idVendor and idProduct, but our entitlements and provisioning profiles currently include only the idVendor. Do we need to request approval or entitlement inclusion for the idProduct as well? No. There are actually two mechanisms at work here that operate independently. Y

When I initially obtained my Developer ID Application and Developer ID Installer Certificates, they were put in the Certificates under the System Keychain. I don't remember choosing this storage location. The associated private keys were stored in Keys / login. And since codesign was happy with finding my credentials stored this way, but you're saying to Export them they needed to go in MyCertificates, this raises the 2 questions: How do I move my Developer ID Certificates into MyCertificates? How was it decided to install them in the wrong place?

I’m glad you got this sorted. I can’t help you with jpackage, but the general suggestions in Creating distribution-signed code for macOS still apply: Use security find-identity to locate the correct code signing identity. See the doc for the exact command. Note down the SHA-1 hash of that identity. When you go to sign code, pass that SHA-1 hash to codesign. That uniquely identifies the identity, so there’s no ambiguity. I’m not sure if jpackage supports this SHA-1 mechanism but, if not, I encourage you to file an enhancement request against it for that support. It really helps with automated workflows like this. Indeed, if you look at how Xcode invokes codesign [1], you’ll see it that it uses the SHA-1 hash exclusively. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com [1] I have an example of that in Command [something] failed with a nonzero exit code.

It looks like you started a couple of new threads for these issues: Keychain Access won't let me Export to a .p12 file Codesign --force not signing 3rd Pty binaries Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

When you get an error like this, codesign usually outputs something helpful to the build report. I explain how to get at that in Command [something] failed with a nonzero exit code. What are you seeing? Sign to Run Locally should be fine in this context, but I generally recommend that you use Apple Development signing. You don’t have to pay to join the Apple Developer Program to use that. Rather, use your existing Apple Account to log in to Xcode > Settings > Accounts and Xcode will set up a Personal Team. IMPORTANT The Personal Team feature has significant limitations. For the details, see Developer > Support > Choosing a Membership. However, those limits are primarily relevant to iOS. Mac developers generally don’t even notice (-: Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='848635022, Darrilla, /thread/791996?answerId=848635022#848635022, /profile/Darrilla'] I have sent you a PM on the DTS support request with a link to download the file [/quote] Got it. Thanks! The issue here is a Developer ID certificate mismatch. Recall from TN3125 Inside Code Signing: Provisioning Profiles that your provisioning profile ties together the who, what, where, when, and how your code can run. Everything in your profile looks fine except the who. It seems your account has two Developer ID Application certificates, and your ‘app’ is signed with one but your profile authorises the other. Contrast this: % codesign -d --extract-certificates YourApp.app … % openssl x509 -inform der -in codesign0 -text Certificate: Data: Version: 3 (0x2) Serial Number: 6277427490450603824 (0x571de70b17947f30) … with this: % security cms -D -i YourApp.app/Contents/embedded.provisionprofile -o profile.plist % plutil -extract DeveloperCertificates.0 raw -o - profile.plist | base64 -D > profile.cer % ope

[quote='848428022, intown, /thread/792209?answerId=848428022#848428022, /profile/intown'] Is there anyway I can get some assistance. [/quote] It’s hard to say without knowing more about the problem you’re experiencing. If this is a technical problem, then I recommend that you open a new thread here on the forums with the details [1]. Please pay careful attention to the topic, subtopic, and tags you choose, because many of us use that info to find relevant questions. For more info on how to use the forums effectively, see Quinn’s Top Ten DevForums Tips. OTOH, if this is a non-technical problem then the Apple Developer Forums might not be the right option. In that case, post a short summary of the issue here and I’ll see if I can offer a path forward. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com [1] Unless the problem happens to be about codesigning timestamps on IPv6 networks in Europe, but that seems unlikely. But, hey, if it doe