“codesign”

Thanks Eskimo! We will consider about using the codesigning API or another way to validate our script. And thanks nk_kennedy for the comments!

And FYI, I've filed 50442691 …Oh, one tidbit about this bug: If you pass --deep to codesign, the notarisation should then succeed. Alternatively, and this is what I generally prefer, you can run codesign twice, once for document.wflow and again for the outer app. And yes, I realise that it’s still not following the rules as per TN2206 )-:Share and Enjoy — Quinn “The Eskimo!” Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com

Same problem - started July 16th. Randomly getting either segmentation fault: 11 or A timestamp was expected but was not found errors when running codesign. MacOS 10.15.6, Xcode 11.6 Tried restarting, changing time server in System Preference > Date & Time, finally tried using --timestamp=http://timestamp.apple.com/ts01 parameter for codesign, no change - sometimes it works, sometimes it fails.

Quinn, Thanks for your reply and advices! I added codesign for a DMG image. And then spctl shows that DMG is correct: MyApp.dmg: accepted source=Notarized Developer ID It seems that many Mac developers (including me) were not aware that it also necessary to codesign DMG in addition to codesigning of APP bundle and notarization. 2. Probably I found a typo in your article Testing a Notarised Product. It says: Disk image spctl -a -t open -vvv --context context:primary-signature WaffleVarnish.dmg However this command shows nothing for any correctly notarized app (including my app, Chrome, Audacity, etc). If I add -v to your command: spctl -a -t open -vvv --context context:primary-signature WaffleVarnish.dmg -v It shows a result for Chrome: googlechrome.dmg: accepted source=Notarized Developer ID

Wow, thanks @eskimo — you were right... as always 😆 plutil reformatted my entitlements to the following, which then worked perfectly: com.apple.security.cs.disable-library-validation The changes were: entry outdented one tab a final line ending was added (they were already in Unix format according to Sublime Text) Somewhat annoyingly, I can use codesign -d --entitlements - --xml /path/to/binary to print the binary's entitlement as XML, but it's not in the pedantic format which codesign itself can read.

Another question. I build a special ZIP with APP bundle for Auto Update feature. This ZIP is being notarized. How I can check that APP bundle is notarized and a difference with only codesigned APP bundle? spctl -a -t exec -vvv MyApp.app always shows the same result for codesigned APP, regardless notarization: MyApp.app/: accepted source=Notarized Developer ID origin=Developer ID Application: COMPANY (RDPXXXXXX)

Earlier this was working in my current environment(Home) & all of the sudden when I do codesign this was getting crash in my system. This works in other environments

Try running spctl -av or codesign --verify on that app to see what kind of code signature it has. That might shed some light here.

Of course, that doesn't change the fact that codesign has no useful diagnostics, and does a horrible job of cleaning up after itself.... 😄

Duplicate of this question on StackOverflow: http://stackoverflow.com/questions/30963294/creating-ios-osx-frameworks-is-it-necessary-to-codesign-them-before-distributin

Using XCode 10, Any converted DAE file to SCN file I getCommand CodeSign failed with a nonzero exit codePlease Help

Thank you for your patience and expertise. Some clarifications are in order. [1] Backwards compatibility My app has been running on Windows since 1995. Last year we converted it to Qt in order to run on macOS as well. We sell to consumers, who sometimes cling to older version of macOS (eg. 10.12). In order to serve this market, we currently use Qt 5.12, which wants to run on macOS 10.15 at the latest. We will move forward as soon as we think we're not leaving too many customers behind. The binary executables created with Qt run on macOS 11 and 12. [2] notarytool and Xcode 13 I tried to upgrade from Xcode 12 to Xcode 13, and it said that Xcode 13 was not compatible with my version of macOS (10.15). Is there a different way to do it? [3] codesign I have run codesign -v -vvv --deep --strict /path/to/MyApp.app on my app. Every component says validated, and the final diagnosis is: /path/to/MyAppMyApp.app: valid on disk /path/to/MyApp.app: satisfies its Designated Requirement Is it necessary to un

No idea if I did something wrong initially, but I fixed it with these steps: Download repo from https://github.com/apple/unityplugins/tree/main Start building the libraries python3 build.py -p Core GameKit -m iOS macOS Let script codesign the libraries During the build process copy the line the shell script outputs to codesign (similar to this): codesign --force --sign ABCDEFGHIJKLMN1234567890 --timestamp=none --preserve-metadata=identifier,entitlements,flags --generate-entitlement-der /path/to/bundle After the build script finished, you can find the tarball at /unityplugins-main/Build/com.apple.unityplugin.core-3.1.1.tgz Unzip the tgz and modify the Info.plist in the unziped folder /package/NativeLibraries~/Release/iOS/AppleCoreNative.framework/Info.plist You should add the missing CFBundleShortVersionString like this: CFBundleShortVersionString 1.0 Afterwards, codesign the bundle again with the prompt copied at 2.2. Use this path from the unziped folder /package/NativeLib

I'm hitting the same problem as StarGazerI. I have a private framework that just has a single version of 1. Xcode throws an error while trying to sign Versions/A, which does not exist. This happens when Code Sign On Copy is checked in a Copy Files Build Phase.If I copy the failing codesign command and run it in Terminal on the same framework, it works if I use:/usr/bin/codesign --force --sign mykey --preserve-metadata=identifier,entitlements,flags --timestamp=none /Users/karl/Library/Developer/Xcode/DerivedData/CreateInstance-fzlvjftxqybywnftwjerjoginndb/Build/Products/Debug/foo.framework/Versions/1or/usr/bin/codesign --force --sign mykey --preserve-metadata=identifier,entitlements,flags --timestamp=none /Users/karl/Library/Developer/Xcode/DerivedData/CreateInstance-fzlvjftxqybywnftwjerjoginndb/Build/Products/Debug/foo.frameworkIt seems that Xcode is intent on expecting a Version/A in the framework, which is not strictly required according to the various Frameworks and codesign

I don’t understand this question. Since you can't export the private key from a smartcard, if this doesn't work, then the private key is useless, thus invalidated a developer ID cert. To clarify, my original attempt was with a DeveloperID cert, with private key generated on device. Now I'm trying with AppleDeveloper cert original in my system keychain. When you signed the program, did you get any warnings from codesign? Nothing What does the full output from codesign -d look like? CodeDirectory v=20400 size=4044 flags=0x0(none) hashes=121+2 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=a1b5e18c27bdb1df84f49c7ae0eff9b13681e86f CandidateCDHashFull sha256=a1b5e18c27bdb1df84f49c7ae0eff9b13681e86f674af2438e32b7bb37f6dadf Hash choices=sha256 CMSDigest=a1b5e18c27bdb1df84f49c7ae0eff9b13681e86f674af2438e32b7bb37f6dadf CMSDigestType=2 Launch Constraints: None CDHash=a1b5e18c27bdb1df84f49c7ae0eff9b13681e86f Signature size=4785 Authority=(unavailable) Info.plist=not bound TeamIdentif