codesign

I am working on releasing my macOS arm64 app. My problem is that after the user downloads the dmg, double-clicking my.app in the dmg, a Gatekeeper pop-up box will appear with a warning that the developer cannot be verified. Question: Can an application signed with com.apple.security.cs.disable-library-validation be published as trusted? If yes, what steps have I missed? If not, can I get an official response from Apple? （Because I referred to this post, it seems to mention that it is possible to publish trusted software.I have looked up similar questions on the forum and tried many things, but nothing works. ） Here are my steps: Use the codesign to sign my.app. Because my app needs to access third-party dynamic libraries, entitlements.plist contains a com.apple.security.cs.disable-library-validation. After the codesign -dvvv check, the signature was successful.✅ Use the xcrun notarytool command to notarize my app, and the status is displayed as accepted.✅ Use xcrun stapler staple to attach t

we are trying to build MacOS Desktop app using electron code sign-in and notarization has completed basically it is angular application but still unable to open the desktop app getting below error pop-up : screenshot of it. CrashReporter Key: XXXX-XXXX-XXXX-XXXX-XXXX Hardware Model: MacBook Pro (Obfuscated) Process: xnode [5798] Path: /Applications/[App Path]/Contents/MacOS/xnode Identifier: ai.xnode.xnode Version: 1.0.0 (1.0.0.43313) Code Type: X86-64 (Native) Role: Default Parent Process: launchd [1] Coalition: ai.xnode.xnode [5056] Date/Time: [Redacted for Privacy] OS Version: macOS 14.6.1 (23G93) Release Type: User Report Version: 104 Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid)) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: CODESIGNING 1 Taskgated Invalid Signature Triggered by Thread: 0 Thread 0 Crashed: 0 dyld_path_missing 0x10dbb4010 _dyld_start + 0 1 main_executable_path_missing 0x10b395000 ??? Thread 0 crashed with X86 Thread State (64-bit): rax:

Platforms: Ventura and Big Sur Steps to Reproduce: Create new application and installer CSRs with keypairs Generate new certificates in Apple web portal Repackage certificates as .p12 using exported private keys since they are not referenced in keychain app by default. Import certificates into MacOS Keychain Set certificate access to Always Trust for all certificate uses Sign binary fails using codesign --force --sign Sign installer package succeeds using productsign --sign Additional Info: The private keys ware initially not recognized by the Keychain application resulting a certificate without a private key leaf beneath them. To resolve it I exported the private key and repackaged certificate as a .p12 file. Both certificates appear good when evaluated for code signing The installer certificate shows an intermediate and root while the application certificate does not Repackaging as .p12 with expected intermediate and root did not resolve the issue Installing all available intermediates and roots f

I just paid for 99$ a year and it's already 48hrs ago since I've paid. But when I click on my name it still says Pending and on the main landingpage on https://developer.apple.com/account it still says this Purchase your membership. To continue your enrollment, complete your purchase now Your purchase may take up to 48 hours to process. Do I need a membership to codesign and notarising my VST plugins? Cause that'a what I bought it for.

Hello, I've notarised my app like this: ` codesign codesign --force --deep --entitlements /Users/username/myapp/myapp.app/Contents/app.entitlements --sign Developer ID Application: Username (my team id) /Users/username/myapp/myapp.app codesign -v /Users/username/myapp/myapp.app ` ` create .zip file ditto -c -k --keepParent myapp.app myapp.zip ` ` submit binary to Apple xcrun notarytool submit Shalloville.zip --apple-id my icloud --password xxxx-xxxx-xxxx-xxxx --team-id my team id ` Is there anything wrong? I submitted the .zip file on 27/11 and it's still In Progress. Successfully received submission history. history -------------------------------------------------- createdDate: 2024-11-29T16:05:44.609Z id: eccf6248-4f2f-4cc1-bb90-88cf13aa08a0 name: Shalloville.zip status: In Progress -------------------------------------------------- createdDate: 2024-11-27T08:57:56.373Z id: 7d9887dc-6bf8-4e39-bcbe-0f22d02dce4f name: Shalloville.zip status: In Progress ----------------------------

Hello, After my developer Id had expired after 5 years, I created a new one, codesigned the app successfully, but could not notarize: xcrun notarytool submit mac_release/flow5.zip --keychain-profile XFLR5 --wait Conducting pre-submission checks for flow5.zip and initiating connection to the Apple notary service... Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct I don't think I was using an app specific password before, but the last time I went through this process was 5 years ago. Thanks in advance for any help.

Hello, I cannot build a signed app that will both be accepted by Testflight and run locally. Only one or the other! I'm singing my .app and building the package thus: CODESIGN_ID=Apple Distribution: company (number) INSTALLSIGN_ID=3rd Party Mac Developer Installer: company (number) codesign --force --deep --entitlements plist.xcent -o runtime --timestamp --sign $CODESIGN_ID myapp.app productbuild --sign $INSTALLSIGN_ID --timestamp --component myapp.app /Applications myapp.pkg With entitlements: com.apple.security.get-task-allow com.apple.security.app-sandbox com.apple.security.network.client com.apple.security.files.user-selected.read-write com.apple.security.inherit com.apple.application-identifier TEAM.com.COMPANY.APPNAME com.apple.developer.team-identifier TEAM/string> If I leave out the last two entitlements com.apple.application-identifier and com.apple.developer.team-identifier, the package validates and runs locally. It can be uploaded but it is NOT accepted by Testflight. When i

Hi, I need to create a new Developer ID installer certificate as I cannot locate the private key on my old computer. I need to revoke the certificate. I have the Account holder and admin rights but I can't see the revoke option. And when I try to create a new certificate, the panel response is There is already an existing one. Again, I need to install a new Developer ID installer certificate on the KeyChain of my new computer with its private key. I can't codesign and complete my work at the moment ! I have sent several support e-mails but no single response ! Any guidance is much appreciated. thank you.

I try to notarize my package, everything works except one signature of a binary. But the output of codesign seems fine. Notary log: logFormatVersion: 1, jobId: 350315e0-38ae-4224-a13b-1c4dc20c1cb7, status: Invalid, statusSummary: Archive contains critical validation errors, statusCode: 4000, archiveFilename: VocalNet_Installer.pkg, uploadDate: 2024-11-26T18:07:57.042Z, sha256: fc59a3c2c3669f641a18d6e6df9b91e9369f8cf9cd827d5a75762beb99dfbcfe, ticketContents: null, issues: [ { severity: error, code: null, path: VocalNet_Installer.pkg/SLink.pkg Contents/Payload/Applications/SLink.app/Contents/MacOS/SLink, message: The signature of the binary is invalid., docUrl: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735, architecture: arm64 } ] } Codesign output: Executable=/Users/200gaga/Main/VocalNet/SLink.app/Contents/MacOS/SLink Identifier=SLink Format=app bundle with Mach-O thin (arm64) CodeDirectory v=20500

I'm trying to sign a build coming from a gitlab runner, but for some reason security find-identity is yielding no results during the pipeline. Hitting the runner via SSH shows the results as I would expect, as well as VNCing into the runner and using the terminal. whoami on all 3 shows the same result My current attempt is to build the keychain on the fly so that I can ensure I have access to the identity, and it succeeds in building the keychain and importing the certs, but find-identity still shows zero results in the pipeline. - security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH - security list-keychains -d user -s $KEYCHAIN_PATH /Users/######/Library/Keychains/login.keychain-db /Library/Keychains/System.keychain - security set-keychain-settings $KEYCHAIN_PATH - security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH - security import $SIGNING_KEY_DECODED -P $P12_PASSWORD -A -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign - > # escape : CERT_IDENTITY=########## security set-ke