“codesign”

Short description of the issue/suggestion: After upgrading to MacOS Sequoia and being required to code sign and notarize my app, cannot launch app even though code sign and notarization pass Please tell us about your environment: MacBookPro Chip Apple M2 Max 32 GB JavaPackager version: 1.7.6 OS version: macOS Sequoia 15.0.1 JDK version: jdk-1.8 Build tool: Maven Steps to reproduce the issue: -DMG Maven Build of Spring Boot /Java (version 8) application with fvarrui JavaPackager plugin using default universalJavaApplicationStub. Code signing and Notarization / Stapling PASS and App installs in Application folder, however cannot launch App. Although code sign and notarization pass, it is interesting that in the build output, prior to it submitting to Apple, there is an error stating that the App code sign could not be replaced. What is the expected behavior? -App launches when double clicking the application icon What have you tried to resolve / workaround the issue? -Install via package rather than DMG - same

I'm new to notarizing applications. I'm building an Electron application using electron-packager. The signing looks solid: codesign -vvv --deep --strict path/to/app.app # satisfies its Designated Requirement But checking notarization, looks like it didn't work. spctl --assess -vv path/to/app.app # source=Unnotarized Developer ID # origin=Developer ID Application: Tyson XXXX (XXXXX) I'm wondering how to fix the Unnotarized Developer ID. Thanks!

Hi, For the purposes of iteration speed in development builds, on an iPhone in development mode, I am attempting to use hot reloaded dylibs. The goal is that the app is rarely fully restarted and small code changes can be applied quickly, drastically reducing iteration speed. For this purpose I have a socket server on my Mac that sends changed dylibs to my app on my iPhone. This works great on Mac, however on iOS i am running into codesigning problems. I am using the following to codesign the dylib: codesign -f -s XXX --timestamp=none testlibrary-ios.dylib I am placing the downloaded dylib in this folder: const char* cachedirectoryPath = [NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES)[0] UTF8String]; dlopen gives me the following error: dlopen(/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib, 0x000A): tried: '/usr/lib/system/introspection/testlibrary-ios.dylib' (no such file, not in dyld

I'm having a problem with codesign for output from Pyinstaller The files are in ~/PycharmProjects/ALP_Document_Factory_II That folder contains the icon file, the entitlement file, and also contains a dist folder where Pyinstaller places the app file (ALP_Document_Factory_II.app) The generated app works and runs when I double click it. When I run codesign: codesign -s xxxxxxxx -f --entitlements entitlements.plist -o runtime dist/ALP_Document_Factory_II.app (xxxxxxx is where I place the hash of my credential) I get the following error message: No such file or directory Here is the Terminal copy... minus my Hash dickl45@Dicks-iMac3 ALP_Document_Factory_II % codesign -s xxxxxxxxxx -f --entitlements entitlements.plist -o runtime dist/ALP_Document_Factory_II.app dist/ALP_Document_Factory_II.app: No such file or directory Earlier I was able to use codesign and notarytool, but I must be doing something wrong that I can't see. Yours baffled MacOs 15.2

Hi, We are developing software that configures a network extension via a system extension on MacOS. The host application (run as service) enables network extension and system extension capabilities. It registers the network extension. The network extension has network extension capabilities and configures an app-group to be bundled into the service. What we have built is already working, i.e. we build, sign, notarize and ship the code (it's already running on hundreds of SIP enabled customer devices in production). But, we are currently falling back to manual profile management (i.e. download and import the profile) so that Xcode accepts the entitlements suffixed with -systemextention. Recently we are testing deployment on iOS devices. For iOS profiles we cannot overcome the issues with setting the profile manually, XCode complains about mismatching networkextension entitlements even when manually importing the profile. So I thought I get to the bottom of why automated signing is not working and hopefully ove

Hello, Now we support Apple applications and we are building applications on Mac laptops with regular updates. Our goal is to build an iOS app entirely through the command line using xcodebuild and other tools from Xcode Command Line Tools on a server with _macOS Sonoma (14.6.1) without a graphical user interface (only the command line)!!! We need to build and regularly update iOS applications on clients and our accounts and we are looking for a solution to fully automate the login process for these accounts. Our goal is to automate these processes on a server without involving a customer. Here’s what I need help with building and signing the app: What are the proper commands to build and sign the app using xcodebuild and put this application in Apple Store? Server has: xcode-select -version xcode-select version 2408. xcodebuild -version Xcode 16.1 Build version 16B40. In the first step, the certificates have been added to the keychain. We have two keychains. We can check it by running the command: security l

I've tried to sign/notarize/staple my Electron app via electron-builder, using electron-notarize. I tried it as well in cmd line - both times, same result. Code signing runs without a problem. Notarize (I did wait two days first time, now it's couple of minutes) Stapling - failure `Downloaded ticket has been stored at file:///var/folders/.... Could not validate ticket for.... The staple and validate action failed! Error 65. ` I've checked, and the tickets are downloaded to said folder. My process: `codesign --deep --force --options runtime --entitlements build/entitlements.mac.plist --sign Developer ID Application: Pete... dist/mac-arm64/Modelist.app` ditto -c -k --sequesterRsrc --keepParent dist/mac-arm64/Modelist.app dist/mac-arm64/Modelist.zip xcrun notarytool submit dist/mac-arm64/Modelist.zip --apple-id email --password app_specific_pass --team-id team_id --wait Conducting pre-submission checks for Modelist.zip and initiating connection to the Apple notary service... Submission ID receive

We are trying to get much more serious about our ability to audit signed code and trace it back to a signing event. We have a signing service that includes a bit of client code that provides a CryptoTokenKit extension to expose the signing certificate to codesign and Xcode. The private keys are held by the signing service and access is strictly controlled. The CTK extension is given a message/digest to sign, and from reading TN 3126, I believe this is representative of the code directory. For an audit trail, we can record some metadata about the signing request, such as Git repository, branch, commit SHA, etc., but the only value linked to the thing being signed is this blob. Later, if we have an app and want to link it back to the signing event, I can't figure out how to find this blob. It's not the CDHash or any other value I see in the output of codesign -d -vvvvvv. is there a way to recreate that blob given a signed artifact?