Search results for

“codesign”

3,222 results found

Post

Replies

Boosts

Views

Activity

crash of /bin/sh - CODESIGNING 4 Launch Constraint Violation - Coalition: com.protection.agent.boot
With latest Beta version macOS Ventura 13.1 - build 22C5033e, we see crashes of /bin/sh, with termination reason CODESIGNING 4 Launch Constraint Violation, and Coalition: com.protection.agent.boot That com.protection.agent.boot is the one we use to run our processes on boot of the computer. This is the first time we see this. With previous versions of macOS Ventura, it worked perfectly fine. Any help is appreciated. I attach the crashes, just in case they help. Translated Report (Full Report Below) Incident Identifier: 2A4A3954-27A3-4E36-A5A8-F76C8B91CAB2 CrashReporter Key: 5FAD36CD-4264-FA3F-6E57-875BCEBABE11 Hardware Model: MacBookPro17,1 Process: sh [810] Path: /bin/sh Identifier: sh Version: ??? Code Type: ARM-64 (Native) Role: Unspecified Parent Process: launchd [1] Coalition: com.protection.agent.boot [519] Date/Time: 2022-10-28 09:06:33.2164 +0200 Launch Time: 2022-10-28 09:06:33.1059 +0200 OS Version: macOS 13.1 (22C5033e) Release Type: User Report Version: 104 Exception Type: EXC_CRASH (SIGK
Topic: App & System Services SubTopic: Core OS Tags:
4
0
2.7k
Oct ’22
Reply to Is there any way to disable sandboxing/notarization/codesigning on an existing app? (already built)
How is this done on an already-compiled (re-signed) app though? There is no entitlements file in the app bundle to delete/edit. The .entitlements file is an input to the code signing machinery. It doesn’t actually ship with the resulting code. Rather, the entitlements end up getting baked into the code signature. I'm getting an empty response from codesign -d --entitlements :- PATHTOAPP. Is that sufficient to know that it's out of the sandbox … ? Yes. A sandboxed app will show something like this: % codesign -d --entitlements - /Applications/PCalc.app Executable=/Applications/PCalc.app/Contents/MacOS/PCalc [Dict] [Key] com.apple.security.app-sandbox [Value] [Bool] true … Note that modern versions of codesign don’t render the entitlements as XML. To do that, add the --xml flag. And then run the result through a pretty printer: % codesign -d --entitlements - --xml /Applications/PCalc.app | plutil -convert xml1 -o - - … … com.apple.security.app-sandbox … Share and Enjoy —
Topic: App & System Services SubTopic: Core OS Tags:
Mar ’22
Reply to Couldn't open Widget
Okay finally found the problem. I was codesigning my app by hand (which had never been a problem before) since I had an intricate set of frameworks the app relied upon, and needed to hand copy them using a Copy / Runscript post-build script. Any way, it seems starting Xcode 7 at least, this no longer works as expected. The app works and codesign says the app has been signed correctly, but clearly something is happening behind the scenes that's breaking the codesignature. I ended up removing all my manual codesigning stuff and simply using Xcode's 'Copy Framework' post build step and checked 'Sign on Copy'. It's now finally working as expected.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Sep ’15
Reply to codesign py2app bundle format unrecognized, invalid, or unsuitable
Oops code block above was missing the last few lines. (new to this forum, how is it that I cant edit my post???) sign_command = [ codesign, -s, certificate_common_name, --force, --timestamp, -v, file_path ] if hardened_runtime: sign_command.append(--options=runtime) success, message = run_command(sign_command) if success: verify_command = [codesign, --verify, --verbose=4, file_path] success, verify_message = run_command(verify_command) return success, message + verify_message else: return success, message
Topic: Code Signing SubTopic: Notarization
Jun ’24
macOS app built with Unity hangs upon launch after signing with codesign command in Terminal
I am trying to submit a macOS app built with Unity to the Mac App Store. I followed the instructions mentioned in the Unity documentation, Delivering your application to the Mac App Store.I am able to run the Build command for macOS and get a .app bundle for my app. I am also able to launch it and it runs fine. However, after running the following codesign command (as mentioned in the linked document above), the app freezes upon launch and has to be force quitted. This is the codesign command line that I am running:codesign -o runtime -f --deep -s '3rd Party Mac Developer Application: DEVELOPER NAME' --entitlements GAMENAME.entitlements /AppPath/GAMENAME.appI have a paid (Individual) developer license with Apple, and have properly set up the certificates in keychain as mentioned in the document. I also managed to check that the app bundle was signed by running the command line:codesign -dv --verbose=4 GAMENAME.appRunning the above command displays that it's signed with my 3rd Party Mac App D
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
2
0
4.2k
Nov ’19
Reply to Not able to install enterprise build in iOS 15 beta version
We're also affected by this, but the Using the Latest Code Signature Format article only mentions needing to code-sign with 10.14 or later. We build and codesign on 10.15, but when I do look at the output of codesign -dv, I do indeed see the version of 20400. Is it possible this article needs to be updated? I'm confused why the version would be still 20400 on Catalina while the article suggests that signing on 10.14 or later should produce a v20500 CodeSignature format.
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Jun ’21
Reply to install_name_tool vs. codesign
There’s a reason why --remove-signature is not in the codesign man page. It’s useful, but it’s not perfect. If --remove-signature is causing problems, I recommend that you: Just ignore the warning from install_name_tool. When you’re done, re-sign the library using codesign with the -f flag. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Topic: Developer Tools & Services SubTopic: General Tags:
Mar ’24
crash of /bin/sh - CODESIGNING 4 Launch Constraint Violation - Coalition: com.protection.agent.boot
With latest Beta version macOS Ventura 13.1 - build 22C5033e, we see crashes of /bin/sh, with termination reason CODESIGNING 4 Launch Constraint Violation, and Coalition: com.protection.agent.boot That com.protection.agent.boot is the one we use to run our processes on boot of the computer. This is the first time we see this. With previous versions of macOS Ventura, it worked perfectly fine. Any help is appreciated. I attach the crashes, just in case they help. Translated Report (Full Report Below) Incident Identifier: 2A4A3954-27A3-4E36-A5A8-F76C8B91CAB2 CrashReporter Key: 5FAD36CD-4264-FA3F-6E57-875BCEBABE11 Hardware Model: MacBookPro17,1 Process: sh [810] Path: /bin/sh Identifier: sh Version: ??? Code Type: ARM-64 (Native) Role: Unspecified Parent Process: launchd [1] Coalition: com.protection.agent.boot [519] Date/Time: 2022-10-28 09:06:33.2164 +0200 Launch Time: 2022-10-28 09:06:33.1059 +0200 OS Version: macOS 13.1 (22C5033e) Release Type: User Report Version: 104 Exception Type: EXC_CRASH (SIGK
Topic: App & System Services SubTopic: Core OS Tags:
Replies
4
Boosts
0
Views
2.7k
Activity
Oct ’22
Reply to Unable to validate with app sandbox issues
Both. The previous codesign output was for the containing app and this is for the extension: com.apple.security.app-sandboxcom.apple.security.files.user-selected.read-onlycom.apple.security.get-task-allow
Topic: Code Signing SubTopic: Entitlements Tags:
Replies
Boosts
Views
Activity
Feb ’25
Reply to Is there any way to disable sandboxing/notarization/codesigning on an existing app? (already built)
How is this done on an already-compiled (re-signed) app though? There is no entitlements file in the app bundle to delete/edit. The .entitlements file is an input to the code signing machinery. It doesn’t actually ship with the resulting code. Rather, the entitlements end up getting baked into the code signature. I'm getting an empty response from codesign -d --entitlements :- PATHTOAPP. Is that sufficient to know that it's out of the sandbox … ? Yes. A sandboxed app will show something like this: % codesign -d --entitlements - /Applications/PCalc.app Executable=/Applications/PCalc.app/Contents/MacOS/PCalc [Dict] [Key] com.apple.security.app-sandbox [Value] [Bool] true … Note that modern versions of codesign don’t render the entitlements as XML. To do that, add the --xml flag. And then run the result through a pretty printer: % codesign -d --entitlements - --xml /Applications/PCalc.app | plutil -convert xml1 -o - - … … com.apple.security.app-sandbox … Share and Enjoy —
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Mar ’22
Reply to Couldn't open Widget
Okay finally found the problem. I was codesigning my app by hand (which had never been a problem before) since I had an intricate set of frameworks the app relied upon, and needed to hand copy them using a Copy / Runscript post-build script. Any way, it seems starting Xcode 7 at least, this no longer works as expected. The app works and codesign says the app has been signed correctly, but clearly something is happening behind the scenes that's breaking the codesignature. I ended up removing all my manual codesigning stuff and simply using Xcode's 'Copy Framework' post build step and checked 'Sign on Copy'. It's now finally working as expected.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
Boosts
Views
Activity
Sep ’15
Reply to codesign py2app bundle format unrecognized, invalid, or unsuitable
Oops code block above was missing the last few lines. (new to this forum, how is it that I cant edit my post???) sign_command = [ codesign, -s, certificate_common_name, --force, --timestamp, -v, file_path ] if hardened_runtime: sign_command.append(--options=runtime) success, message = run_command(sign_command) if success: verify_command = [codesign, --verify, --verbose=4, file_path] success, verify_message = run_command(verify_command) return success, message + verify_message else: return success, message
Topic: Code Signing SubTopic: Notarization
Replies
Boosts
Views
Activity
Jun ’24
Reply to Warning: unable to build chain to self-signed root for signer "Mac Developer: Dylan M (*******)"
That did not work for me.This warning persists, but apparently the codesign is still accepted.spctl -a -t exec -vv /path/to/MyApp.appaccepted
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
Boosts
Views
Activity
Dec ’17
Reply to After entitlements add system-extension.install , The app cant run on Macos 10.15
I had tested on 10.15.7 13.0 11.0 12.3 13.3. All except 10.15.7 are valid. Sign using codesign command.
Topic: Code Signing SubTopic: Entitlements
Replies
Boosts
Views
Activity
Sep ’24
macOS app built with Unity hangs upon launch after signing with codesign command in Terminal
I am trying to submit a macOS app built with Unity to the Mac App Store. I followed the instructions mentioned in the Unity documentation, Delivering your application to the Mac App Store.I am able to run the Build command for macOS and get a .app bundle for my app. I am also able to launch it and it runs fine. However, after running the following codesign command (as mentioned in the linked document above), the app freezes upon launch and has to be force quitted. This is the codesign command line that I am running:codesign -o runtime -f --deep -s '3rd Party Mac Developer Application: DEVELOPER NAME' --entitlements GAMENAME.entitlements /AppPath/GAMENAME.appI have a paid (Individual) developer license with Apple, and have properly set up the certificates in keychain as mentioned in the document. I also managed to check that the app bundle was signed by running the command line:codesign -dv --verbose=4 GAMENAME.appRunning the above command displays that it's signed with my 3rd Party Mac App D
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
2
Boosts
0
Views
4.2k
Activity
Nov ’19
Reply to Not able to install enterprise build in iOS 15 beta version
We're also affected by this, but the Using the Latest Code Signature Format article only mentions needing to code-sign with 10.14 or later. We build and codesign on 10.15, but when I do look at the output of codesign -dv, I do indeed see the version of 20400. Is it possible this article needs to be updated? I'm confused why the version would be still 20400 on Catalina while the article suggests that signing on 10.14 or later should produce a v20500 CodeSignature format.
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
Boosts
Views
Activity
Jun ’21
Reply to install_name_tool vs. codesign
There’s a reason why --remove-signature is not in the codesign man page. It’s useful, but it’s not perfect. If --remove-signature is causing problems, I recommend that you: Just ignore the warning from install_name_tool. When you’re done, re-sign the library using codesign with the -f flag. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Topic: Developer Tools & Services SubTopic: General Tags:
Replies
Boosts
Views
Activity
Mar ’24
Reply to Struggling to constuct complete command line build
By the way, I tried using codesign but that just tells me that it is replacing the existing signature, presumably meaning that the bundle is already signed.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
Boosts
Views
Activity
Feb ’22
Reply to What are the technologies available to sign executable like .app file or .ipa file?
Hi,Thanks for the reply. So are you suggesting that codesign command line tools is the only way to do signing for mac application as of now?
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Oct ’19
Codesign error: when Don't Code sign option used.
I get the Dependancy Analysis Error:CodeSign error code signing is required by SDK but the settings in the project file state Don't Code Sign.What gives?I have checked the project setting text via jEdit and cannot see any reason.Anyone help me?
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
0
Boosts
0
Views
559
Activity
Sep ’17
Reply to After signing my app it no longer opens
Oh I am also using 3rd Party Mac Developer Application:when codesigning since I am trying to distribute to the app stroe
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jan ’17
Reply to Xcode 9.3 archive missing archived-expanded-entitlements.xcent file
Have the same issue.Apple, does it mean, this file is not needed in ipa anymore and you are puting entitlements using codesign only?
Topic: Developer Tools & Services SubTopic: Developer Forums Tags:
Replies
Boosts
Views
Activity
Apr ’18