In response to a DTS request, I was trying to determine if a bug I reported was still in Sierra. I Installed Sierra on a thumb drive, rebooted, launched XCode 7.3.1, tried to run my code. It wouldn't codesign. I tried fix and ended up with a dialog with an option to reset. Turns out that that action revoked my developer certificate. Now I get an email from Apple saying I will have to regenerate all my provisioning profiles. $%U&*!Nowhere was I warned that reset was equivalent to revoke certificate.(Apparently, the text bots here did not like my use of the word h-e-l-l in the title.)So much for Sierra making codesigning easier.
Search results for
codesign
3,114 results found
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
I got a reply on my SO post that fixed this for me http://stackoverflow.com/questions/37801465/codesign-failed-on-10-12-sierra/38071473#38071473Launch Keychain Access, go to Preferences... and click Reset My Default Keychain
Topic:
App & System Services
SubTopic:
Core OS
Tags:
codesign -dvvv BignoteHID2.kextExecutable=/Library/Extensions/BignoteHID2.kext/Contents/MacOS/BignoteHID2Identifier=com.islkorea.kext.bignote2Format=bundle with Mach-O thin (x86_64)CodeDirectory v=20200 size=210 flags=0x0(none) hashes=3+3 location=embeddedHash type=sha1 size=20CDHash=e0f774fc6fd4ce5b446be8418a56ae69293d09d6Signature size=4241Authority=Developer ID Application: ISLKorea Co., Ltd (REQYHZKQGZ)Authority=Developer ID Certification AuthorityAuthority=Apple Root CASigned Time=2016. 7. 2. 오전 12:06:44Info.plist entries=21TeamIdentifier=REQYHZKQGZSealed Resources version=2 rules=12 files=0Internal requirements count=1 size=220sudo kextutil BignoteHID2.kextDiagnostics for /Library/Extensions/BignoteHID2.kext:Code Signing Failure: code signature is invalidERROR: invalid signature for com.islkorea.kext.bignote2, will not loadWhat's problem?
When signing an application and not using a Developer ID certificate, what is the proper way to have stable designated requirements so that you don't get keychain prompts after renewing a certificate?When using a non-Developer ID code signing certificate, codesign will use default designated requirements of 'identifier = bundle-id and certificate leaf = HSHA1 hash of cert'. Since the SHA1 hash will change on certificate renewal, the DR will be different. I think this is what's leading to these prompts. Is this correct? What's the best way to prevent this?
I'm hitting this error Every Time, and it only happens after I re-sign my app.Essentially I build my app Ad-Hoc with an Ad-Hoc profile to use for internal testing and such (and the inital build works perfectly), and then I re-sign the app for production (also adding the beta entitlements at that time). Once it's re-signed, the app will run perfectly on newer devices (64bit, iPhone 5S and up), but gives a startup crash on older devices (32bit, iPhone 5 and down).Jul 7 11:01:02 Company-iPhone-4S SpringBoard[48] : SecTrustEvaluate [leaf IssuerCommonName SubjectCommonName] Jul 7 11:01:02 Company-iPhone-4S SpringBoard[48] : SecTrustEvaluate [leaf IssuerCommonName SubjectCommonName] Jul 7 11:01:02 Company-iPhone-4S SpringBoard[48] : SecTrustEvaluate [leaf IssuerCommonName SubjectCommonName] Jul 7 11:01:02 Company-iPhone-4S securityd[86] : secTaskDiagnoseEntitlements MISSING keychain entitlements: no stored taskRef found Jul 7 11:01:02 Company-iPhone-4S securityd[86] : secTaskDiagnoseEntitlements MISSING keychain en
Topic:
Privacy & Security
SubTopic:
General
Tags:
I have the same issue - I tried adding a different CFbundleIdentifier to the plist file but I am unable to change the Identifier of the jre/bin/javaI codesign the jave executeable using terminal, my signing key and a plist file similar to the steps at this post http://stackoverflow.com/questions/20856864/how-can-i-code-sign-a-bundled-executable-file-in-a-mac-app-using-xcode5. Everything works except this duplication of the Bundle Identifier.I am not the only one with this problem CFBundleIdentifier Collision - The Info.plist CFBundleIdentifier value 'net.java.openjdk.cmd' of 'java' is already in use by another application http://stackoverflow.com/questions/34613483/itms-90511-cfbundleidentifier-collisionPlease assist in how to change the CFBundleIdentifier or is it not something that can be changed?If I force the change using codesign -s (Vertificate) - i (A new budnle indetifier) then the java executeable becomes useless...@sselvia1 how did yo manage to fix this?
Topic:
App Store Distribution & Marketing
SubTopic:
App Review
Tags:
Hello,I have a strange problem.After upgrading an App, on some devices, it crashes at boot and the log says: EXC_BAD_ACCESS (SIGKILL - CODESIGNING).The certificates are ok, and the same binary works on other devices with the same iOS version.I converted the App to xcode 7, autogenerate new certificate and the App works again.In xcode 7 with the old certificate the App crashes.All the certificates are valid.This happens only with some devices (2 of 40).Thanks.Santino
>and don’t have to rely on XCode 5.1.1.Point is, it's not your call. Xcode 6.x is the minimum allowed when doing store submittals now, so if that's your goal, you don't have a choice but to walk away from Xcode 5.x. >And, also how do I transfer the signing identities if they are revoked?Revoked/expired/invalids aren't transferrred, they are renewed.Many things have changed for codesigning since 5.1.1 was originally used, including the recommended preference of automatic provisioning. I suggest you get busy w/Xcode 7.3.1, and deal with details as they arise.
Topic:
Developer Tools & Services
SubTopic:
Xcode
Tags:
On modern systems all KEXTs must be code signed with a Developer ID. Additionally, the Developer ID must be specifically enabled for KEXT development. You can learn more about that process on the Developer ID page. If your KEXT is having code signing problems, check that it’s signed with a KEXT-enabled Developer ID. Do this by looking at the certificate used to sign the KEXT. First, extract the certificates from the signed KEXT: % codesign -d --extract-certificates MyKEXT.kext Executable=/Users/quinn/Desktop/MyKEXT/build/Debug/MyKEXT.kext/Contents/MacOS/MyKEXT This creates a bunch of certificates of the form codesignNNN, where NNN is a number in the range from 0 (the leaf) to N (the root). For example: % ls -lh codesign* -rw-r--r--+ 1 quinn staff 1.4K 20 Jul 10:23 codesign0 -rw-r--r--+ 1 quinn staff 1.0K 20 Jul 10:23 codesign1 -rw-r--r--+ 1 quinn staff 1.2K 20 Jul 10:23 codesign2 Next, rename each of those certificates to include the .cer extension: % for i in codesign*; do mv $i $i
I am trying to achieve **Multipeer Connectivity** communications security through clients authentication using **X509 certificate**.To do so, I am generating the clients' certificates in my server using **node-forge**. First, the **X509** is created then it is transformed into a **PKCS12 base64 string** that is returned to the client.That is basically the code I am using : var username = client1 // Create key pair var pki = forge.pki; var keys = pki.rsa.generateKeyPair(2048); var cert = pki.createCertificate(); // Creating the certificate cert.publicKey = keys.publicKey; cert.serialNumber = '01'; // TODO : generate random number and have a little custom algo to verify it !! cert.validity.notBefore = new Date(); cert.validity.notAfter = new Date(); cert.validity.notAfter.setTime(cert.validity.notBefore.getTime() + msWeek); var subject = [{ name : commonName, value : username }, { name : organizationName, value : My Company }, { name : organizationalUnitName, value : MU }, { name : stateOrProvinceName, value :
Hi all,I am building a Mac app with the latest beta of MacOS and XCode 8. Everything was fine until I went to run my program (after successfully running it for hours) and then got this error:Command /usr/bin/codesign failed with exit code 1I've cleaned the build more than once. What can I do to fix this???Info:XCode Build: Version 8.0 beta 3 (8S174q)MacOS Build: 16A254gThanks,Dan Uff
When I run my Mac app on macOS 10.12 beta 3 using XCode-beta 8.0 with code signing enabled I get the following error.2016-07-30 14:53:51.066652 codesign[6168:909979] [security_exception] MacOS error: -67061 2016-07-30 14:53:51.066719 codesign[6168:909979] [security_exception] MacOS error: -67061 2016-07-30 14:53:51.066743 codesign[6168:909979] [security_exception] MacOS error: -67061 Command /usr/bin/codesign emitted errors but did not return a nonzero exit code to indicate failureAll of the Signing menus in my targets say this:And all of my Signing menus in Build Settings say Mac Developer.I hadn't done app development for a little bit so sometimes I think that messes up code-signing. Another thing that may be screwing up code-signing is the fact that I have worked on multiple iterations of this app all under the same name though as different XCode projects.Hope You Can Help,Ian M.PS: I am actually a teenager so I use an account set up by my dad so I can do development stu
Topic:
Code Signing
SubTopic:
Certificates, Identifiers & Profiles
Tags:
Signing Certificates
Provisioning Profiles
xcconfig might be a way for you to override the configuration.According to the WWDC 2016 talk on codesign changes, you are supposed to provide DEVELOPMENT_TEAM & PROVISIONING_PROFILE_SPECIFIER if you want to customize code signing. They said not to specify the identifier. You also don't want to specify the exact provisioning profile (uuid) since it can change. I do think the specifier is the way to go. So, based on your team id and the specifier, it's should figure out which provisioning profile to use automagically.I think it can be done by having something like this in your .xcconfig file//:configuration = Release DEVELOPMENT_TEAM = XXX111AAA PROVISIONING_PROFILE_SPECIFIER = My Release Provisioning Profile //:completeSettings = noneI got these lines of text by configuring to what I'd like in Xcode and Ctrl-C on those items in the build settings screen. I guess those comments do mean something in .xcconfig context.
Topic:
Code Signing
SubTopic:
Certificates, Identifiers & Profiles
Tags:
Following: ValidateLocallyThe relevant bit is:Test During the Development ProcessIn order to test your main application during the development process, you need a valid receipt so that your application launches. To set this up, do the following:Make sure you have Internet access so you can connect to Apple’s servers.Launch your application by double-clicking on it (or in some way cause Launch Services to launch it).After you launch your application, the following occurs:Your application fails to validate its receipt because there is no receipt present, and it exits with a status of 173.The system interprets the exit status and attempts to obtain a valid receipt. Assuming your application signing certificate is valid, the system installs a valid receipt for the application. The system may prompt you for your iTunes credentials.The system relaunches your application, and your application successfully validates the receipt.With this development receipt installed, you can launch your application by any method—for
After installing Xcode beta 4, I've noticed that Xcode is not signing any framework targets even though the build settings specify a Code Signing Identity. We are not currently using the Codesign On Copy functionality for embedded frameworks. Perhaps it would work if I changed to use that but I'm not ready to do that. Is this a bug or is this supposed to happen now?This is for a macOS app and I can repro this behavior on 10.11 and 10.12.
Topic:
Code Signing
SubTopic:
Certificates, Identifiers & Profiles
Tags:
Signing Certificates
Provisioning Profiles