codesign

We build a number of iOS apps using different distribution certificates on a headless build machine in a data center. It is a burden to have to accept a newly imported certificate because codesign causes a dialog to pop up requesting to authorize the private key We have tried a number of suggestions in various posts, including deleting the certificate and re-importing with security import using the -T flag to allow codesign. After doing this, and even though the ACL shows a very similar picture to the post authorized state, keychain still requires a dialog to be Allowed. What can be done, from the command line, to avoid this popup?

Hello, I have a problem signing the application. I'm trying to sign 3rd Party Mac Developer Installer, but it says Invalid: ➜ Desktop productbuild --component TechView.app /Applications --sign 3rd Party Mac Developer Installer: KARLOS KORTES () --product TechView.app/Contents/Info.plist TechView.pkg productbuild: Adding component at /Users/wildwolf/Desktop/TechView.app productbuild: Signing product with identity 3rd Party Mac Developer Installer: KARLOS KORTES () from keychain /Users/wildwolf/Library/Keychains/login.keychain-db productbuild: Adding certificate Apple Worldwide Developer Relations Certification Authority productbuild: Adding certificate Apple Root CA productbuild: Wrote product to TechView.pkg productbuild: Supported OS versions: [Min: 10.13, Before: None] ➜ Desktop xcrun notarytool submit TechView.pkg --key /Users/wildwolf/Desktop/AuthKey_26Z7J3RBZQ.p8 --key-id 26Z7J3RBZQ --issuer 2af626b1-ffca-4ec1-b9d0-cb1bbdc94742 --wait Conducting pre-submission checks for TechView.pkg and initiating conne

TL;DR - What have I messed up on this notarization workflow? I'm completely new to Apple development. I have been trying to notarize an application I have written, that is then packaged as a .dmg. I am trying to notarize it using the command line tools (as it is an existing app, and not written in Xcode/Swift). My steps so far are as follows: All libraries, frameworks, and other executables have been signed (.dylib, .so etc.). I have avoided using --deep as I understand this is not recommended. The above includes all similar files included within zip archives (the cross platform framework I use places some inside a zip container). I have unzipped, signed, and rezipped. I have signed the main executable within [NAME].app/MacOS and the [NAME].app with an .entitlements file, and a certificate. codesign --verify --verbose --sign $DEVELOPER_ID_APP_CERT --timestamp --force --entitlements $APP_NAME.entitlements $BUILD_DIR/$APP_NAME.app/Contents/MacOS/$APP_NAME codesign --verify --verbose --sign $DE

I'm developing an electron app using electron-builder I code-signed and notarized it and can confirm with codesign and spctl commands like below: % codesign --verify --deep --verbose ./MyApp.app ./MyApp.app: valid on disk ./MyApp.app: satisfies its Designated Requirement % spctl -a -vvv -t install ./MyApp.app ./MyApp.app: accepted source=Notarized Developer ID origin=Developer ID Application: XXXXX.,Ltd. (XXXX) But I cannot open it as if weren't signed. MyApp can't be openend If I try to open it in terminal with open command: The application cannot be opened for an unexpected reason, error=Error Domain=NSOSStatusErrorDomain Code=-10810 kLSUnknownErr: Unexpected internal error UserInfo={_LSFunction=_LSLaunchWithRunningboard, _LSLine=2735, NSUnderlyingError=0x600003aa0900 {Error Domain=RBSRequestErrorDomain Code=5 Launch failed. UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600003aa09c0 {Error Domain=NSPOSIXErrorDomain Code=1 Operation not permitted UserInfo={NSLocaliz

We would like to codesign up for the app that uses LuaJIT to be downloadable as the app with the identified developer on Apple silicon macOS. It means no targeting to the App Store which can be problematic due to LuaJIT usage. Looks like there is no problem making the application run with the signature, but the performance is really bad. All times are for running on an M2 chip, MacOS Sonoma 14.6. Our x86_64 build works fine. Reference LuaJIT benchmark takes around 0.15 seconds (seed 2, 100 runs). Same build for arm64 with ad-hoc signature, no entitlements, and needs around 1.8 seconds (seed 2, 100 runs) to run the same benchmark code. I created luajit_app in Xcode to investigate. It simply opens a window, you select Lua script, and it runs it and prints output to the text area. Signed by my developer ID, run from Xcode immediately after build: I see the same behaviors for the x86_64 build. It needs around 0.43 seconds (seed 2, 1000 runs) to finish the benchmark code. The arm64 build without added ent

I love the Container plugin for Firefox but typically after using it for a few days, it will crash with the following error (see below). Even if I terminate Firefox by Force Quitting, Firefox won't start without a system reboot (which is a pain), so would like to know how to reset Firefox without reboot if possible... Thanks!! Andy Translated Report (Full Report Below) Process: firefox [73163] Path: /Applications/Firefox.app/Contents/MacOS/firefox Identifier: org.mozilla.firefox Version: 130.0.1 (13024.9.13) Code Type: X86-64 (Native) Parent Process: launchd [1] User ID: 501 Date/Time: 2024-09-20 10:38:04.6231 -0500 OS Version: macOS 14.6.1 (23G93) Report Version: 12 Bridge OS Version: 8.6 (21P6074) Anonymous UUID: 4D1704B8-3621-6D5A-99A8-1B4D3A35CBD9 Sleep/Wake UUID: A2202F2B-230D-40A8-A716-512589C74CB9 Time Awake Since Boot: 78000 seconds Time Since Wake: 3453 seconds System Integrity Protection: enabled Crashed Thread: 0 Exception Type: EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid)) Exception Codes: UNK

I am signing my app using this command: codesign --verbose=4 --force --options=runtime --deep --timestamp --sign ${APP_IDENTITY} ${APP_FILE} --entitlements ./Protect.entitlements I have ensured that the necessary provisioning profiles are embedded in the IPA file. I am also verifying the signing using codesign -dvv ./JumpCloud Protect Staging.ipa and codesign --verify --deep --verbose ./JumpCloud Protect Staging.ipa Despite following the above steps, when I attempt to upload the IPA file to Transporter, I receive the following error message: Missing or invalid signature. The bundle 'com.jumpcloud.JumpCloud-Protect.staging' at bundle path 'Payload/JumpCloud Protect Staging.app' is not signed using an Apple submission certificate.

The archive build part works, and uses the correct entitlements file: [Key] com.apple.developer.networking.networkextension [Value] [Array] [String] app-proxy-provider-systemextension That's from codesign -dv --entitlements - ...../NetworkExtensionExperiment.app However, the distribution log shows Error Domain=DVTPortalProfileErrorDomain Code=4 Cannot create a Developer ID provisioning profile for com.kithrup.NetworkExtensionExperiment. UserInfo={NSLocalizedDescription=Cannot create a Developer ID provisioning profile for com.kithrup.NetworkExtensionExperiment., IDEDistributionIssueSeverity=3, NSLocalizedRecoverySuggestion=The Network Extensions capability is not available for Developer ID provisioning profiles. Disable this feature and try again., NSUnderlyingError=0x600013e719b0 {Error Domain=DVTPortalProfileTypeErrorDomain Code=0 Cannot create a Developer ID provisioning profile. UserInfo={UnsupportedFeatureNames=(n Network Extensionsn), NSLocalizedDescription=Cannot create a Developer ID provisio