Search results for

“codesign”

3,222 results found

Post

Replies

Boosts

Views

Activity

Reply to "Application damaged and can't be opened' error prompt on 15.6.1 Sequoia
Hello Quinn, a couple of follow up questions on this issue. My application currently requires elevated privileges or “sudo” to verify the codesign using the codesign —verify --strict command. Will this cause the Apple Gatekeeper to throw this prompt? If that is the case, why is this prompt not shown on all of the macOS machines if Gatekeeper is unable to read our application due to restricted permissions?
Topic: Code Signing SubTopic: General Tags:
Jan ’26
Codesigning failing with "A timestamp was expected but was not found." from multiple locations in Australia
We are seeing Apple code signing failures when retrieving secure timestamps from several locations (but not all locations) in Australia. This has been happening since Friday July 17th 2020 We're seeing this issue with multiple apps and certificates from different organisations During codesigning, in some configurations, a request is sent to an Apple timestamp authority server to authenticate the time of signing. This is failing for (some of) us. tcpdump and wireshark revealed that for my home network, the server is timestamp-reno01.apple.com (17.179.249.1). Requests are sent via http over port 80, but traffic is TLS encrypted (https://developer.apple.com/forums/thread/96154 has some interesting details). In Wireshark, I can see the SYN being sent, but no ACK is ever received, and after some tcp retries, signing fails. This only happens during code signing. I can telnet directly to port 80 on 17.179.249.1), and get a connection, which makes no real sense. Out of six locations in Australia (5 home offi
Topic: Code Signing SubTopic: General Tags:
3
0
3.1k
Jul ’20
Reply to Pkg installation package uploaded to macstore email prompt ITMS-90296
I tried using a third-party app (Pacivist) to open the app in pkg, nd export the app locally,then followed your instructions to perform the following actions: 1、 Run codesign against the results app to confirm that its signature is valid: % codesign --verify -vvv /path/to/your.app The results obtained: PS:I noticed an error message IFlytek heard. app: a sealed resource is missing or invalid File missing:/Users/pploo2/Desktop/icon/1/iFlytek heard. app/Contents/Resources/tj_S1/_MACOSX/ node_modules I don't know if this is the key to the problem ITMS-90926. 2. Run codesign again to check that you have App Sandbox enabled: % codesign --display --entitlements - /path/to/your.app The results obtained: You can see that there is sandbox=true here Now back to the first step, I performed operations on the app before packaging it as pkg and found that there were no missing related issues
Topic: App Store Distribution & Marketing SubTopic: App Store Connect Tags:
Nov ’24
Command CodeSign failed with a nonzero exit code
I have not been able to open any of my apps since I uploaded my latest update midOctober 2023. Previously I have tried everything on forums from removing derived data, adding new options in build folder and more. Since then I have wasted hours trying to open any app from my iCloud / hard disk and I wonder if part of the problem is caused by backing up to iCloud, as I can open from an external hard disk. It takes almost as long to upload from hard disk than cloud so whole thing annoying, does this add clues to this frustrating problem ? Also when I opened one of my apps it had made hundreds of unassigned assets that all had to be removed individually. I have no idea how to continue with my work I have three other apps in progress, but am halted at present but such a stupid small detail. // here is full commet /Users/ruwickigmail.com/Desktop/0-APPS-2023/InstaAnimates/InstaAnimates.xcodeproj: warning: Unable to find a target which creates the host product for value of $(TEST_HOST) '/Users/ruwickigmail.com/Deskto
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
1
0
757
Oct ’24
Reply to App with camera access crashes when launched from Finder but runs from Terminal
Dear Fritzt, In addition to the access usage description in the Info.plist you also need to add the key com.apple.security.device.camera set to true in the Entitlements.plist. If you are signing the code manually, you have to pass the Entitlements.plist to the codesign tool like : codesign --timestamp --deep --entitlements Entitlements.plist --keychain --sign MyApplication.app -f -o runtime For more information, you can have a look at this great blog post by David Fernandez : https://www.theimpostersyndrome.dev/posts/macospackaging/
Topic: Media Technologies SubTopic: Audio Tags:
Mar ’22
Reply to macOS TCC Accessibility permission granted, yet the Accessibility APIs sporadically (!) return no data
Do you know of a good way to determine whether a given app mattress a particular designated requirement? From the command line, use codesign -v -R. See the codesign man page for the details. At the API level, call SecCodeCheckValidityWithErrors passing the requirement to the (optional) requirement parameter. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Topic: App & System Services SubTopic: Core OS Tags:
Apr ’22
Reply to How do you codesign with a SmartCard
My understanding is that this should work, although I must admit to having never actually done it in practice. The best way to specify an exact signing identity to use is to pass a SHA-1 hash of the identity’s certificate to codesign. See the discussion of this in the codesign man page. If you do that, does it work? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Topic: Code Signing SubTopic: General Tags:
Mar ’23
Reply to python "import foundation" crushes if the app is codesigned
Thanks a lot for the response. I could solve the problem with following entitlements file and following codesign command. codesign -s $SIGNING_IDENTITY_APP --verbose --force --deep --entitlements /Users/emre/Documents/MrProtect/app.entitlements --options=runtime --timestamp --preserve-metadata=entitlements,requirements,flags,runtime I do not know which change worked exactly, but it is working now. app.entitlements.txt
Topic: Code Signing SubTopic: General Tags:
Jul ’24
Reply to Apple Silicon app builds but cannot launch
I am running into the same problem with running an iPad app on my M1 MBP. I am seeing the same error message in both Xcode 13.x and Xcode 14 beta 3. I have tried deleting the built product and rerunning the project. I have tried switching from automatic codesigning to manually codesigning the project. I have tried changing the bundle identifier with both automatic and manual codesigning. I have even tried running it after removing the one library it uses (a Swift package). None of these actions has resolved the problem. This is very frustrating because I know the project ran as a Mac app successfully last time I tried a month ago. Has anybody come up with any further solutions to this problem that haven't yet been mentioned in this thread?
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Jul ’22
Reply to Unable to codesign my *.app (error: unable to build chain to self-signed root for signer)
Oh, one more thing: Why are you running codesign using sudo? That’s generally not necessary and can cause problems [1]. I recommend that you retest this as follows: Log in to the GUI of the Mac that has the Apple Development: Amritpal Singh (…) identity in its keychain. In Terminal, run security find-identity -v -p codesigning (without the sudo) to confirm that it’s available. Then use codesign (again without the sudo) to sign a simple test tool. What do you see in that case? Yes, without sudo I able to signed the image. $ codesign --deep -s Apple Development: Amritpal Singh (KC65BTVN4Z) ./HyperBIM-v0.36.app $ codesign -d --verboset./HyperBIM-v0.36.app Executable=/APP/HyperBIM-v0.36.app/Contents/MacOS/HyperBIM-v0.36 Identifier=Creoox AG Format=app bundle with generic CodeDirectory v=20200 size=201 flags=0x0(none) hashes=1+3 location=embedded Signature size=4816 Signed Time=03-Nov-2020 at 8:21:29 PM Info.plist entries=17 TeamIdentifier=787KY3SBUJ Sealed Resources ve
Topic: Code Signing SubTopic: General Tags:
Nov ’20
Reply to segmentation fault codesign -s "Developer ID Application: Teamxxxxx"
When I try to codesign my app I am facing this issue & below is the command I am using pkothapeta@CCILTM03 CipherCloud % codesign -s Developer ID Application: CipherCloud Inc (ZGNQHYL3AG) --timestamp --options runtime -f --entitlements ./Sources/CipherCloud/CipherCloud.entitlements --deep ./build/CipherCloud.app Output: ./build/CipherCloud.app: replacing existing signature zsh: segmentation fault codesign -s Developer ID Application: CipherCloud Inc (ZGNQHYL3AG) runtim Please find the Crash Report & entitlements files from below ref: https://drive.google.com/file/d/14-Idpug-OZeAXxs8NvtlwOd5czIqBurB/view?usp=sharing https://drive.google.com/file/d/18CI3cbouP4dQyESvd54BDeor8yeaFVdC/view?usp=sharing
Topic: Code Signing SubTopic: Notarization Tags:
Aug ’21
Reply to GateKeeper rejects my app in 10.11.4, which was working fine until 10.11.3
Thanks for your reply.It's written in Delphi. libcgunwind.1.0.dylib is reuired for the 'standard' unwinding of C exceptions.I tried moving this dylib to the Contents/Frameworks folder. This doesn't solve the obsolete resource envelope problem when trying to codesign the bundle. codesign -dvvv --deep /Users/Giel/Desktop/MyApp.app gives the same result (it reports a different dylib path of course).
Topic: Privacy & Security SubTopic: General Tags:
Jun ’16
Reply to Checking DMG notarization. Rejected, but works fine
Sometimes codesign for a DMG doesn't work correctly: codesign -s Developer ID Application: COMPANY --timestamp -i MyApp MyApp.dmg I got an error: The timestamp service is not available. and DMG was not completely signed. APP bundle was signed correctly (a minute earlier) and notarized (several minutes later). I re-launched the script again and next time DMG was signed rightly.
Topic: Code Signing SubTopic: Notarization Tags:
Mar ’21
Reply to "Application damaged and can't be opened' error prompt on 15.6.1 Sequoia
Hello Quinn, a couple of follow up questions on this issue. My application currently requires elevated privileges or “sudo” to verify the codesign using the codesign —verify --strict command. Will this cause the Apple Gatekeeper to throw this prompt? If that is the case, why is this prompt not shown on all of the macOS machines if Gatekeeper is unable to read our application due to restricted permissions?
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jan ’26
Codesigning failing with "A timestamp was expected but was not found." from multiple locations in Australia
We are seeing Apple code signing failures when retrieving secure timestamps from several locations (but not all locations) in Australia. This has been happening since Friday July 17th 2020 We're seeing this issue with multiple apps and certificates from different organisations During codesigning, in some configurations, a request is sent to an Apple timestamp authority server to authenticate the time of signing. This is failing for (some of) us. tcpdump and wireshark revealed that for my home network, the server is timestamp-reno01.apple.com (17.179.249.1). Requests are sent via http over port 80, but traffic is TLS encrypted (https://developer.apple.com/forums/thread/96154 has some interesting details). In Wireshark, I can see the SYN being sent, but no ACK is ever received, and after some tcp retries, signing fails. This only happens during code signing. I can telnet directly to port 80 on 17.179.249.1), and get a connection, which makes no real sense. Out of six locations in Australia (5 home offi
Topic: Code Signing SubTopic: General Tags:
Replies
3
Boosts
0
Views
3.1k
Activity
Jul ’20
Reply to Pkg installation package uploaded to macstore email prompt ITMS-90296
I tried using a third-party app (Pacivist) to open the app in pkg, nd export the app locally,then followed your instructions to perform the following actions: 1、 Run codesign against the results app to confirm that its signature is valid: % codesign --verify -vvv /path/to/your.app The results obtained: PS:I noticed an error message IFlytek heard. app: a sealed resource is missing or invalid File missing:/Users/pploo2/Desktop/icon/1/iFlytek heard. app/Contents/Resources/tj_S1/_MACOSX/ node_modules I don't know if this is the key to the problem ITMS-90926. 2. Run codesign again to check that you have App Sandbox enabled: % codesign --display --entitlements - /path/to/your.app The results obtained: You can see that there is sandbox=true here Now back to the first step, I performed operations on the app before packaging it as pkg and found that there were no missing related issues
Topic: App Store Distribution & Marketing SubTopic: App Store Connect Tags:
Replies
Boosts
Views
Activity
Nov ’24
Command CodeSign failed with a nonzero exit code
Whenever i run on a generic ios device, i encounter this problem. Please help... Heres a screenshot error from the build log - https://developer.apple.com/forums/content/attachment/572c593a-da61-47ee-ba22-795a138eddc0
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
0
Boosts
0
Views
256
Activity
Jun ’20
Command CodeSign failed with a nonzero exit code
I have not been able to open any of my apps since I uploaded my latest update midOctober 2023. Previously I have tried everything on forums from removing derived data, adding new options in build folder and more. Since then I have wasted hours trying to open any app from my iCloud / hard disk and I wonder if part of the problem is caused by backing up to iCloud, as I can open from an external hard disk. It takes almost as long to upload from hard disk than cloud so whole thing annoying, does this add clues to this frustrating problem ? Also when I opened one of my apps it had made hundreds of unassigned assets that all had to be removed individually. I have no idea how to continue with my work I have three other apps in progress, but am halted at present but such a stupid small detail. // here is full commet /Users/ruwickigmail.com/Desktop/0-APPS-2023/InstaAnimates/InstaAnimates.xcodeproj: warning: Unable to find a target which creates the host product for value of $(TEST_HOST) '/Users/ruwickigmail.com/Deskto
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
1
Boosts
0
Views
757
Activity
Oct ’24
Reply to App with camera access crashes when launched from Finder but runs from Terminal
Dear Fritzt, In addition to the access usage description in the Info.plist you also need to add the key com.apple.security.device.camera set to true in the Entitlements.plist. If you are signing the code manually, you have to pass the Entitlements.plist to the codesign tool like : codesign --timestamp --deep --entitlements Entitlements.plist --keychain --sign MyApplication.app -f -o runtime For more information, you can have a look at this great blog post by David Fernandez : https://www.theimpostersyndrome.dev/posts/macospackaging/
Topic: Media Technologies SubTopic: Audio Tags:
Replies
Boosts
Views
Activity
Mar ’22
Reply to macOS TCC Accessibility permission granted, yet the Accessibility APIs sporadically (!) return no data
Do you know of a good way to determine whether a given app mattress a particular designated requirement? From the command line, use codesign -v -R. See the codesign man page for the details. At the API level, call SecCodeCheckValidityWithErrors passing the requirement to the (optional) requirement parameter. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Apr ’22
Reply to How do you codesign with a SmartCard
My understanding is that this should work, although I must admit to having never actually done it in practice. The best way to specify an exact signing identity to use is to pass a SHA-1 hash of the identity’s certificate to codesign. See the discussion of this in the codesign man page. If you do that, does it work? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Mar ’23
Reply to python "import foundation" crushes if the app is codesigned
Thanks a lot for the response. I could solve the problem with following entitlements file and following codesign command. codesign -s $SIGNING_IDENTITY_APP --verbose --force --deep --entitlements /Users/emre/Documents/MrProtect/app.entitlements --options=runtime --timestamp --preserve-metadata=entitlements,requirements,flags,runtime I do not know which change worked exactly, but it is working now. app.entitlements.txt
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jul ’24
Reply to Apple Silicon app builds but cannot launch
I am running into the same problem with running an iPad app on my M1 MBP. I am seeing the same error message in both Xcode 13.x and Xcode 14 beta 3. I have tried deleting the built product and rerunning the project. I have tried switching from automatic codesigning to manually codesigning the project. I have tried changing the bundle identifier with both automatic and manual codesigning. I have even tried running it after removing the one library it uses (a Swift package). None of these actions has resolved the problem. This is very frustrating because I know the project ran as a Mac app successfully last time I tried a month ago. Has anybody come up with any further solutions to this problem that haven't yet been mentioned in this thread?
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
Boosts
Views
Activity
Jul ’22
Reply to Unable to codesign my *.app (error: unable to build chain to self-signed root for signer)
Oh, one more thing: Why are you running codesign using sudo? That’s generally not necessary and can cause problems [1]. I recommend that you retest this as follows: Log in to the GUI of the Mac that has the Apple Development: Amritpal Singh (…) identity in its keychain. In Terminal, run security find-identity -v -p codesigning (without the sudo) to confirm that it’s available. Then use codesign (again without the sudo) to sign a simple test tool. What do you see in that case? Yes, without sudo I able to signed the image. $ codesign --deep -s Apple Development: Amritpal Singh (KC65BTVN4Z) ./HyperBIM-v0.36.app $ codesign -d --verboset./HyperBIM-v0.36.app Executable=/APP/HyperBIM-v0.36.app/Contents/MacOS/HyperBIM-v0.36 Identifier=Creoox AG Format=app bundle with generic CodeDirectory v=20200 size=201 flags=0x0(none) hashes=1+3 location=embedded Signature size=4816 Signed Time=03-Nov-2020 at 8:21:29 PM Info.plist entries=17 TeamIdentifier=787KY3SBUJ Sealed Resources ve
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Nov ’20
Reply to segmentation fault codesign -s "Developer ID Application: Teamxxxxx"
When I try to codesign my app I am facing this issue & below is the command I am using pkothapeta@CCILTM03 CipherCloud % codesign -s Developer ID Application: CipherCloud Inc (ZGNQHYL3AG) --timestamp --options runtime -f --entitlements ./Sources/CipherCloud/CipherCloud.entitlements --deep ./build/CipherCloud.app Output: ./build/CipherCloud.app: replacing existing signature zsh: segmentation fault codesign -s Developer ID Application: CipherCloud Inc (ZGNQHYL3AG) runtim Please find the Crash Report & entitlements files from below ref: https://drive.google.com/file/d/14-Idpug-OZeAXxs8NvtlwOd5czIqBurB/view?usp=sharing https://drive.google.com/file/d/18CI3cbouP4dQyESvd54BDeor8yeaFVdC/view?usp=sharing
Topic: Code Signing SubTopic: Notarization Tags:
Replies
Boosts
Views
Activity
Aug ’21
Reply to GateKeeper rejects my app in 10.11.4, which was working fine until 10.11.3
Thanks for your reply.It's written in Delphi. libcgunwind.1.0.dylib is reuired for the 'standard' unwinding of C exceptions.I tried moving this dylib to the Contents/Frameworks folder. This doesn't solve the obsolete resource envelope problem when trying to codesign the bundle. codesign -dvvv --deep /Users/Giel/Desktop/MyApp.app gives the same result (it reports a different dylib path of course).
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jun ’16
Reply to Checking DMG notarization. Rejected, but works fine
Sometimes codesign for a DMG doesn't work correctly: codesign -s Developer ID Application: COMPANY --timestamp -i MyApp MyApp.dmg I got an error: The timestamp service is not available. and DMG was not completely signed. APP bundle was signed correctly (a minute earlier) and notarized (several minutes later). I re-launched the script again and next time DMG was signed rightly.
Topic: Code Signing SubTopic: Notarization Tags:
Replies
Boosts
Views
Activity
Mar ’21
Reply to codesign CLI throws error on OSX 12 (M1) and Xcode 12/13
It is a target build setting, not a parameter to codesign. Select the target in Xcode, select All and filter on bitcode
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
Boosts
Views
Activity
Jan ’22