Search results for

“codesign”

3,223 results found

Post

Replies

Boosts

Views

Activity

Exported OSX app for testing triggers App Store login and fails to launch
Hi,I'm following these steps to create an app for testing purposes, by exporting a Development-Signed application: https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/BetaTestingYourMacApp/BetaTestingYourMacApp.htmlBut executing the generated app on a development device (running 10.12.3) triggers a sign-in dialog in the App Store app (The device was properly added to the portal):Then, If I login with my apple ID, the app fails to load with the error : is damaged and cannot be openedNotes:Running codesign --verbose=4 --deep --strict ./MyApp.app/ succeedsRunning spctl --assess --verbose ./MyApp.app/ fails with./MyApp.app/: rejectedThis is what I tried to do to work around the problem:1) Cleared and re-downloaded the profiles2) Made sure all test devices were propertly added3) I'm using the default, automatic 'Mac Team Provisionning Profile'. Tried with a manual profile to no avail.Any ideas?
Topic: Code Signing SubTopic: General Tags:
0
0
295
Feb ’17
codesign error
Hello,I have the next environment:Login macbook: C.J. Kootcode signing certificate: Koot Software Design ( in my keychain)app name: Plantenkennis (build with FiveMac (command line, not in Xcode)When I want to sign my app I use this command:codesign -s Koot Software Design -v PlantenkennisBut I get an error: ambiguous (matches Koot Software Design and Mac Developer: C.J. Koot (MFNVQX3C9R) in /Users/cjkoot/Library/Keychains/login.keychain-db)How do I solve this problem?Rene'
Topic: Code Signing SubTopic: General Tags:
2
0
2.0k
Feb ’17
Reply to codesign error
It looks ilke you have two certificates in your keychain (Koot Software Design and Mac Developer: C.J. Koot (MFNVQX3C9R)) which match your search term “Koot Software Design”. You can either delete one of those certificates or supply a more specific search term.One option here is to supply a SHA-1 hash of the specific certificate you want to use. The codesign man page has the details. You can see the SHA-1 hash of a certificate in Keychain Access. Double click the certificate and scroll to the bottom. You’ll find a section labelled Fingerprints, which contains SHA-1 and MD5 hashes of the certificate.Share and Enjoy — Quinn “The Eskimo!” Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com
Topic: Code Signing SubTopic: General Tags:
Feb ’17
Codesign Fatal Error Xcode 8.2.1
I moved a 3 year old Xcode Project from an old computer to my new computer. It is a project built in FxPlug framework. I updated all the code and got rid of all the errors except 1.Command /usr/bin/codesign failed with exit code 1I have read up on this and tried the suggestons which are:execute xattr -rc . both in DerivedData directory and Project directoryI have tried this several times and when i clean and try to build the error still exists. It seems that this issue is happening to a lot of people and the solution seems to only work for some based on my research. I am lost as to what to do any help would be greatly appreciated.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
1
0
491
Feb ’17
Reply to errSecInvalidOwnerEdit returned from SecItemDelete
Quinn, I have the same issue with a keychain in my app. It seems to happen when I move my application bundle in a different place on disk. For example: the app is launched from the ~/Downloads folder and a new keychain item is created. As far as the app stays in place I can update or delete my keychain item as I like. But after the app is moved to another path, like /Applications (or whatever) I only can read, but cannon remove the item from the keychain. I get errSecInvalidOwnerEdit error. I am definitely sure there are no issues with codesign. Would you please help? It seems to me that this observed differentiation of apps based on their launch path is extremely limited and inconvenient. IMO Keychain ACL should differentiate apps based on their identity, not their location. On Mac it's perfectly legal to duplicate apps, move them around and so on...Update: It seems like you have to rename the app bundle to reproduce this issue.
Topic: Privacy & Security SubTopic: General Tags:
Feb ’17
Developer ID Application/Installer: no identity found
I have two certifications in my keychain. One in my login keychain which is: Developer ID Installer: My CompanyI then have a second certification in my System keychain which is: Developer ID Application: My CompanyI am trying to codesign my installers. I have a script .app file called Step 2 Installer.app When I try to codesign my .app file I get the no identity found error. My keychains are definitely valid, not expired, and have their trust settings to be Always Trustedcodesign --force --sign Developer ID Application: My Company /Users/mycomputer/Developer/Packing Materials/Step 2 Installer 2.appAny help of suggestions would be greatly appreciated.
Topic: Developer Tools & Services SubTopic: Developer Forums Tags:
0
0
783
Feb ’17
Resign existing IPA
Hi,we develop and distribute several enterprise app. Most of them are stable products so we don't need to make any change or any new release during the year.Every year, before the provisioning profile expiration, we use a resign script like this one:unzip ./$IPA_NAME_toresign.ipa rm -r ./Payload/$APP_NAME/_CodeSignature /usr/bin/codesign -d --entitlements :entitlements.plist ./Payload/$APP_NAME /usr/bin/codesign -f -s $CERTIFICATE_NAME --no-strict --entitlements ./entitlements.plist Payload/$APP_NAME zip -qr ./$IPA_NAME.ipa ./PayloadThis year this procedure didn't work and the one of the resigned app was unable to start after the expiration dateIs there something no more valid in this procedure?Thank youAndrea
Topic: Developer Tools & Services SubTopic: General Tags:
0
0
2.8k
Feb ’17
Signature disappears after sending the dmg online?!
Hello,I sign my dmg file with 'codesign -s <myCompany> --deep XXX.dmg', it works and 'codesign --verify --verbose XXX.dmg' even returns the valid on disk message.However, if I send my dmg online and redownload it immediately, 'codesign --verify --verbose XXX.dmg' says code object is not signed at all. I can resign the dmg as if it had never been signed.Please, why the **** is the signature lost when the file is moved to another machine and how can I keep it?This is preventing me to deploy my dmg! I need to send it to the server so people can download & use it!Thank you for your time,Regards,Paul
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
0
0
362
Feb ’17
SecKey API returned: -25304,
Showing Recent Errors OnlyCodeSign /Users/*/Library/Developer/Xcode/DerivedData/*-fcxkcbsmnmxoatfvnjyminfaqwkk/Build/Products/Debug-iphoneos/*.app cd /Users/* export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate export PATH=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin Signing Identity: iPhone Developer: Provisioning Profile: iOS Team Provisioning Profile: com.* (a4dec20b-43ac-4fc6-8c95-c1b3196473d1) /usr/bin/codesign --force --sign 6C370053C12675D8C67CF905D5195BC69EAC8225 --entitlements /Users/*/Library/Developer/Xcode/DerivedData/Resume-fcxkcbsmnmxoatfvnjyminfaqwkk/Build/Intermediates/Resume.build/Debug-iphoneos/*/*.xcent --timestamp=none /Users/Elenion/Library/Developer/Xcode/DerivedData/*-fcxkcbsmnmxoatfvnjyminfaqwkk/Build/Products/Debug-iphoneos/*SecKey API returned: -25304, (null)/U
Topic: Developer Tools & Services SubTopic: Xcode Tags:
0
0
1.6k
Feb ’17
Firewall dialog whenever Simulator runs
My iOS app listens for network connections via NSNetServiceListenForConnections. Every time I run my app in the Xcode Simulator, I get the firewall dialog that asks, Do you want the application to accept incoming connections? Every time I click Allow, but the firewall doesn't seem to remember, and I get the dialog again next time I run the simulator, even when I haven't rebuilt the app. Is there any way to get the firewall to remember the app and stop asking every time the simulator runs? I've tried a bunch of different things to try to work around the problem, adding firewall exceptions for Xcode and the Simulator and their executables, even adding a Run Pre-action script in the Xcode scheme to codesign the app with a Developer ID cert, but nothing helps.I could of course turn off the firewall, but the firewall works fine with every listening app on the system except in the SImulator.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
0
0
1.1k
Feb ’17
Signing app in XCode: specified item could not be found in the keychain
When archiving an app in XCode (Product > Archive) I get the following error:CodeSign /Users/xxx/Library/Developer/Xcode/DerivedData/name-xxx/Build/Intermediates/ArchiveIntermediates/name/InstallationBuildProductsLocation/Applications/name.app cd /Users/xxx/Documents/name/App/platforms/ios export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate export PATH=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin Signing Identity: iPhone Developer: xxx xxx (S5L8942T98) Provisioning Profile: iOS Team Provisioning Profile: xxx (xxx) /usr/bin/codesign --force --sign xxx --entitlements /Users/xxx/Library/Developer/Xcode/DerivedData/name-xxx/Build/Intermediates/ArchiveIntermediates/name/IntermediateBuildFilesPath/name.build/Release-iphoneos/name.build/name.app.xcent --timestamp=none /Users/xxx/Library/Dev
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
3
0
6.2k
Feb ’17
Reply to XPC restricted to processes with the same code signing?
Can one restrict XPC communications to only occur between processes that share the same code signing identity? Yes. Well, you probably don’t want the same core signing identity (in general, each separate executable should have its own identity) but rather you want to evaluate code signing requirements for the client, and you can definitely do that. There are two basic tools for this: Various properties on the XPC connection (like NSXPCConnection’s auditSessionIdentifier, processIdentifier, effectiveUserIdentifier, and effectiveGroupIdentifier properties, and the equivalent C functions to get these values from an xpc_connection_t) Various security APIs, most notably the code signing API () The exact way in which you combine these is up to you, but here’s an example of how you might restrict access to your service to just your app: When a client makes a connection to your service, get the process ID of the client from that connection. If you’re using NSXPCConnection, you should do this in your -listener:shouldA
Topic: App & System Services SubTopic: Processes & Concurrency Tags:
Feb ’17
Reply to mac app id do not have the key APP Group
1. I am applying for APP ID I found some difference between OSX and iOS in iOS it has the key of APP Groups but in OSX do not have the key of APP GroupI’m having a hard time parsing your text, but I believe you’re referring to the app group prefix here. And yes, there is a difference: on macOS the app group identifier is prefixed by the the Team ID, whereas that’s not the case on iOS. For example, here’s what I see when I dump the entitlements of my macOS test app:$ codesign -d --entitlements :- build/Debug/QNEPacketTunnel.app … <dict> … <key>com.apple.security.application-groups</key> <array> <string>VR9NTVC6BB.com.example.apple-samplecode.QNE-macOS</string> </array> </dict> </plist>And here’s the output for the iOS version of that app:$ codesign -d --entitlements :- build/Debug-iphoneos/QNEPacketTunnel.app … <dict> … <key>com.apple.security.application-groups</key> <array> <string>group.com.example.apple-sa
Topic: App & System Services SubTopic: Networking Tags:
Feb ’17
Exported OSX app for testing triggers App Store login and fails to launch
Hi,I'm following these steps to create an app for testing purposes, by exporting a Development-Signed application: https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/BetaTestingYourMacApp/BetaTestingYourMacApp.htmlBut executing the generated app on a development device (running 10.12.3) triggers a sign-in dialog in the App Store app (The device was properly added to the portal):Then, If I login with my apple ID, the app fails to load with the error : is damaged and cannot be openedNotes:Running codesign --verbose=4 --deep --strict ./MyApp.app/ succeedsRunning spctl --assess --verbose ./MyApp.app/ fails with./MyApp.app/: rejectedThis is what I tried to do to work around the problem:1) Cleared and re-downloaded the profiles2) Made sure all test devices were propertly added3) I'm using the default, automatic 'Mac Team Provisionning Profile'. Tried with a manual profile to no avail.Any ideas?
Topic: Code Signing SubTopic: General Tags:
Replies
0
Boosts
0
Views
295
Activity
Feb ’17
codesign error
Hello,I have the next environment:Login macbook: C.J. Kootcode signing certificate: Koot Software Design ( in my keychain)app name: Plantenkennis (build with FiveMac (command line, not in Xcode)When I want to sign my app I use this command:codesign -s Koot Software Design -v PlantenkennisBut I get an error: ambiguous (matches Koot Software Design and Mac Developer: C.J. Koot (MFNVQX3C9R) in /Users/cjkoot/Library/Keychains/login.keychain-db)How do I solve this problem?Rene'
Topic: Code Signing SubTopic: General Tags:
Replies
2
Boosts
0
Views
2.0k
Activity
Feb ’17
Reply to codesign error
It looks ilke you have two certificates in your keychain (Koot Software Design and Mac Developer: C.J. Koot (MFNVQX3C9R)) which match your search term “Koot Software Design”. You can either delete one of those certificates or supply a more specific search term.One option here is to supply a SHA-1 hash of the specific certificate you want to use. The codesign man page has the details. You can see the SHA-1 hash of a certificate in Keychain Access. Double click the certificate and scroll to the bottom. You’ll find a section labelled Fingerprints, which contains SHA-1 and MD5 hashes of the certificate.Share and Enjoy — Quinn “The Eskimo!” Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Feb ’17
Codesign Fatal Error Xcode 8.2.1
I moved a 3 year old Xcode Project from an old computer to my new computer. It is a project built in FxPlug framework. I updated all the code and got rid of all the errors except 1.Command /usr/bin/codesign failed with exit code 1I have read up on this and tried the suggestons which are:execute xattr -rc . both in DerivedData directory and Project directoryI have tried this several times and when i clean and try to build the error still exists. It seems that this issue is happening to a lot of people and the solution seems to only work for some based on my research. I am lost as to what to do any help would be greatly appreciated.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
1
Boosts
0
Views
491
Activity
Feb ’17
Reply to errSecInvalidOwnerEdit returned from SecItemDelete
Quinn, I have the same issue with a keychain in my app. It seems to happen when I move my application bundle in a different place on disk. For example: the app is launched from the ~/Downloads folder and a new keychain item is created. As far as the app stays in place I can update or delete my keychain item as I like. But after the app is moved to another path, like /Applications (or whatever) I only can read, but cannon remove the item from the keychain. I get errSecInvalidOwnerEdit error. I am definitely sure there are no issues with codesign. Would you please help? It seems to me that this observed differentiation of apps based on their launch path is extremely limited and inconvenient. IMO Keychain ACL should differentiate apps based on their identity, not their location. On Mac it's perfectly legal to duplicate apps, move them around and so on...Update: It seems like you have to rename the app bundle to reproduce this issue.
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Feb ’17
Developer ID Application/Installer: no identity found
I have two certifications in my keychain. One in my login keychain which is: Developer ID Installer: My CompanyI then have a second certification in my System keychain which is: Developer ID Application: My CompanyI am trying to codesign my installers. I have a script .app file called Step 2 Installer.app When I try to codesign my .app file I get the no identity found error. My keychains are definitely valid, not expired, and have their trust settings to be Always Trustedcodesign --force --sign Developer ID Application: My Company /Users/mycomputer/Developer/Packing Materials/Step 2 Installer 2.appAny help of suggestions would be greatly appreciated.
Topic: Developer Tools & Services SubTopic: Developer Forums Tags:
Replies
0
Boosts
0
Views
783
Activity
Feb ’17
Resign existing IPA
Hi,we develop and distribute several enterprise app. Most of them are stable products so we don't need to make any change or any new release during the year.Every year, before the provisioning profile expiration, we use a resign script like this one:unzip ./$IPA_NAME_toresign.ipa rm -r ./Payload/$APP_NAME/_CodeSignature /usr/bin/codesign -d --entitlements :entitlements.plist ./Payload/$APP_NAME /usr/bin/codesign -f -s $CERTIFICATE_NAME --no-strict --entitlements ./entitlements.plist Payload/$APP_NAME zip -qr ./$IPA_NAME.ipa ./PayloadThis year this procedure didn't work and the one of the resigned app was unable to start after the expiration dateIs there something no more valid in this procedure?Thank youAndrea
Topic: Developer Tools & Services SubTopic: General Tags:
Replies
0
Boosts
0
Views
2.8k
Activity
Feb ’17
Signature disappears after sending the dmg online?!
Hello,I sign my dmg file with 'codesign -s <myCompany> --deep XXX.dmg', it works and 'codesign --verify --verbose XXX.dmg' even returns the valid on disk message.However, if I send my dmg online and redownload it immediately, 'codesign --verify --verbose XXX.dmg' says code object is not signed at all. I can resign the dmg as if it had never been signed.Please, why the **** is the signature lost when the file is moved to another machine and how can I keep it?This is preventing me to deploy my dmg! I need to send it to the server so people can download & use it!Thank you for your time,Regards,Paul
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
0
Boosts
0
Views
362
Activity
Feb ’17
SecKey API returned: -25304,
Showing Recent Errors OnlyCodeSign /Users/*/Library/Developer/Xcode/DerivedData/*-fcxkcbsmnmxoatfvnjyminfaqwkk/Build/Products/Debug-iphoneos/*.app cd /Users/* export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate export PATH=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin Signing Identity: iPhone Developer: Provisioning Profile: iOS Team Provisioning Profile: com.* (a4dec20b-43ac-4fc6-8c95-c1b3196473d1) /usr/bin/codesign --force --sign 6C370053C12675D8C67CF905D5195BC69EAC8225 --entitlements /Users/*/Library/Developer/Xcode/DerivedData/Resume-fcxkcbsmnmxoatfvnjyminfaqwkk/Build/Intermediates/Resume.build/Debug-iphoneos/*/*.xcent --timestamp=none /Users/Elenion/Library/Developer/Xcode/DerivedData/*-fcxkcbsmnmxoatfvnjyminfaqwkk/Build/Products/Debug-iphoneos/*SecKey API returned: -25304, (null)/U
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
0
Boosts
0
Views
1.6k
Activity
Feb ’17
Firewall dialog whenever Simulator runs
My iOS app listens for network connections via NSNetServiceListenForConnections. Every time I run my app in the Xcode Simulator, I get the firewall dialog that asks, Do you want the application to accept incoming connections? Every time I click Allow, but the firewall doesn't seem to remember, and I get the dialog again next time I run the simulator, even when I haven't rebuilt the app. Is there any way to get the firewall to remember the app and stop asking every time the simulator runs? I've tried a bunch of different things to try to work around the problem, adding firewall exceptions for Xcode and the Simulator and their executables, even adding a Run Pre-action script in the Xcode scheme to codesign the app with a Developer ID cert, but nothing helps.I could of course turn off the firewall, but the firewall works fine with every listening app on the system except in the SImulator.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
0
Boosts
0
Views
1.1k
Activity
Feb ’17
Signing app in XCode: specified item could not be found in the keychain
When archiving an app in XCode (Product > Archive) I get the following error:CodeSign /Users/xxx/Library/Developer/Xcode/DerivedData/name-xxx/Build/Intermediates/ArchiveIntermediates/name/InstallationBuildProductsLocation/Applications/name.app cd /Users/xxx/Documents/name/App/platforms/ios export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate export PATH=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin Signing Identity: iPhone Developer: xxx xxx (S5L8942T98) Provisioning Profile: iOS Team Provisioning Profile: xxx (xxx) /usr/bin/codesign --force --sign xxx --entitlements /Users/xxx/Library/Developer/Xcode/DerivedData/name-xxx/Build/Intermediates/ArchiveIntermediates/name/IntermediateBuildFilesPath/name.build/Release-iphoneos/name.build/name.app.xcent --timestamp=none /Users/xxx/Library/Dev
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
3
Boosts
0
Views
6.2k
Activity
Feb ’17
Reply to Code signature invalid on Mac OS X 10.10.x
Cause and solution: http://stackoverflow.com/questions/41865537/how-does-apples-codesign-utility-decide-which-sha-algorithms-to-sign-a-shared
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Feb ’17
Reply to XPC restricted to processes with the same code signing?
Can one restrict XPC communications to only occur between processes that share the same code signing identity? Yes. Well, you probably don’t want the same core signing identity (in general, each separate executable should have its own identity) but rather you want to evaluate code signing requirements for the client, and you can definitely do that. There are two basic tools for this: Various properties on the XPC connection (like NSXPCConnection’s auditSessionIdentifier, processIdentifier, effectiveUserIdentifier, and effectiveGroupIdentifier properties, and the equivalent C functions to get these values from an xpc_connection_t) Various security APIs, most notably the code signing API () The exact way in which you combine these is up to you, but here’s an example of how you might restrict access to your service to just your app: When a client makes a connection to your service, get the process ID of the client from that connection. If you’re using NSXPCConnection, you should do this in your -listener:shouldA
Topic: App & System Services SubTopic: Processes & Concurrency Tags:
Replies
Boosts
Views
Activity
Feb ’17
Reply to How can I sign Apple certificates with SHA-2 hashes?
Hey Ross, did you get an answer on this? Because this enterprise distribution cert is used to codesign apps and not for encrypting internet traffic, did you still have to adhere to the company's date for cuting over to SHA-2?
Topic: Developer Tools & Services SubTopic: General Tags:
Replies
Boosts
Views
Activity
Feb ’17
Reply to mac app id do not have the key APP Group
1. I am applying for APP ID I found some difference between OSX and iOS in iOS it has the key of APP Groups but in OSX do not have the key of APP GroupI’m having a hard time parsing your text, but I believe you’re referring to the app group prefix here. And yes, there is a difference: on macOS the app group identifier is prefixed by the the Team ID, whereas that’s not the case on iOS. For example, here’s what I see when I dump the entitlements of my macOS test app:$ codesign -d --entitlements :- build/Debug/QNEPacketTunnel.app … <dict> … <key>com.apple.security.application-groups</key> <array> <string>VR9NTVC6BB.com.example.apple-samplecode.QNE-macOS</string> </array> </dict> </plist>And here’s the output for the iOS version of that app:$ codesign -d --entitlements :- build/Debug-iphoneos/QNEPacketTunnel.app … <dict> … <key>com.apple.security.application-groups</key> <array> <string>group.com.example.apple-sa
Topic: App & System Services SubTopic: Networking Tags:
Replies
Boosts
Views
Activity
Feb ’17