“codesign”

I am working on releasing my macOS arm64 app. My problem is that after the user downloads the dmg, double-clicking my.app in the dmg, a Gatekeeper pop-up box will appear with a warning that the developer cannot be verified. Question: Can an application signed with com.apple.security.cs.disable-library-validation be published as trusted? If yes, what steps have I missed? If not, can I get an official response from Apple? （Because I referred to this post, it seems to mention that it is possible to publish trusted software.I have looked up similar questions on the forum and tried many things, but nothing works. ） Here are my steps: Use the codesign to sign my.app. Because my app needs to access third-party dynamic libraries, entitlements.plist contains a com.apple.security.cs.disable-library-validation. After the codesign -dvvv check, the signature was successful.✅ Use the xcrun notarytool command to notarize my app, and the status is displayed as accepted.✅ Use xcrun stapler staple to attach t

I got a error when validate App as flow Asset validation failed App sandbox not enabled. The following executables must include the com.apple.security.app-sandbox entitlement with a Boolean value of true in the entitlements property list: [( com.xxx.yyy.pkg/Payload/xxx.app/Contents/MacOS/zzz )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. (ID: dc264017-f236-4e89-a100-e69c7f0fb318) zzz is a command tool build by make, I need codesign it. #1. use two lines below, run succes, but get 'App sandbox not enabled' problem codesign -s TTT1 -f -v --timestamp --options runtime dist/m_arm64/zzz codesign -s TTT1 -f -v --timestamp --options runtime dist/m_x64/zzz #2. use two lines below, reduce 'App sandbox not enabled' , but run zzz get 'zsh: trace trap' codesign -s TTT2 -o runtime --entitlements zzz.entitlements -f dist/debug/zzz codesign -s TTT2 -o runtime --entitlements zzz.entitlemen

I’m developing an app on .NET8 for macOS and encountered an issue during App Review with feedback: An error showed upon launch. The app cannot be opened because the developer cannot be verified. This may be due to an issue with your app’s Gatekeeper conformance. Additionally, the provided screenshot showed this message: Application is damaged and can't be opened. Delete and reinstall from App Store. Here’s the process I follow to create the package: Build the application. Sign it using the following command: codesign --force --verify --verbose --deep --options runtime --timestamp --entitlements ../Entitlements.plist -s '3rd Party Mac Developer Application: [ID]' Demo.app Create the package using this command: productbuild --component Demo.app /Applications --sign '3rd Party Mac Developer Installer: [ID]' Demo.pkg After installing the app from TestFligt it doesn’t show the errors. Could someone please advise on what might be causing this issue and how I can fix it? The Entitlements.plist file contains

I made a simple Python based app for macOS using this code (empty lines removed): import tkinter as tk window = tk.Tk() label = tk.Label(text=n I am a macOS app n) label.pack() window.mainloop() Next I made it an .app using PyInstaller with this command (identity and paths shortened): pyinstaller --noconfirm --onedir --windowed --osx-bundle-identifier org.tk_test.tk_test --codesign-identity path/to/tk-test.py It worked like a charm and I was also able to notarize and staple the app for distribution. ... 4748 INFO: Signing the BUNDLE... 24899 INFO: Building BUNDLE BUNDLE-00.toc completed successfully. I wanted to repeat the process to do some more testing and now without any reason I cannot sign the .app anymore (identity and paths shortened). Of course, I cleared the folder before trying: ... 5263 INFO: Signing the BUNDLE... 23050 WARNING: Error while signing the bundle: codesign command (['codesign', '-s', '', '--force', '--all-architectures', '--timestamp', '--options=runtime', '

we are trying to build MacOS Desktop app using electron code sign-in and notarization has completed basically it is angular application but still unable to open the desktop app getting below error pop-up : screenshot of it. CrashReporter Key: XXXX-XXXX-XXXX-XXXX-XXXX Hardware Model: MacBook Pro (Obfuscated) Process: xnode [5798] Path: /Applications/[App Path]/Contents/MacOS/xnode Identifier: ai.xnode.xnode Version: 1.0.0 (1.0.0.43313) Code Type: X86-64 (Native) Role: Default Parent Process: launchd [1] Coalition: ai.xnode.xnode [5056] Date/Time: [Redacted for Privacy] OS Version: macOS 14.6.1 (23G93) Release Type: User Report Version: 104 Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid)) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: CODESIGNING 1 Taskgated Invalid Signature Triggered by Thread: 0 Thread 0 Crashed: 0 dyld_path_missing 0x10dbb4010 _dyld_start + 0 1 main_executable_path_missing 0x10b395000 ??? Thread 0 crashed with X86 Thread State (64-bit): rax:

I try to notarize my package, everything works except one signature of a binary. But the output of codesign seems fine. Notary log: logFormatVersion: 1, jobId: 350315e0-38ae-4224-a13b-1c4dc20c1cb7, status: Invalid, statusSummary: Archive contains critical validation errors, statusCode: 4000, archiveFilename: VocalNet_Installer.pkg, uploadDate: 2024-11-26T18:07:57.042Z, sha256: fc59a3c2c3669f641a18d6e6df9b91e9369f8cf9cd827d5a75762beb99dfbcfe, ticketContents: null, issues: [ { severity: error, code: null, path: VocalNet_Installer.pkg/SLink.pkg Contents/Payload/Applications/SLink.app/Contents/MacOS/SLink, message: The signature of the binary is invalid., docUrl: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735, architecture: arm64 } ] } Codesign output: Executable=/Users/200gaga/Main/VocalNet/SLink.app/Contents/MacOS/SLink Identifier=SLink Format=app bundle with Mach-O thin (arm64) CodeDirectory v=20500

Hello, I've notarised my app like this: ` codesign codesign --force --deep --entitlements /Users/username/myapp/myapp.app/Contents/app.entitlements --sign Developer ID Application: Username (my team id) /Users/username/myapp/myapp.app codesign -v /Users/username/myapp/myapp.app ` ` create .zip file ditto -c -k --keepParent myapp.app myapp.zip ` ` submit binary to Apple xcrun notarytool submit Shalloville.zip --apple-id my icloud --password xxxx-xxxx-xxxx-xxxx --team-id my team id ` Is there anything wrong? I submitted the .zip file on 27/11 and it's still In Progress. Successfully received submission history. history -------------------------------------------------- createdDate: 2024-11-29T16:05:44.609Z id: eccf6248-4f2f-4cc1-bb90-88cf13aa08a0 name: Shalloville.zip status: In Progress -------------------------------------------------- createdDate: 2024-11-27T08:57:56.373Z id: 7d9887dc-6bf8-4e39-bcbe-0f22d02dce4f name: Shalloville.zip status: In Progress ----------------------------

Hello! I encountered an issue while packaging and uploading the project to the Mac store. I received an email stating: ITMS-90296: App Sandbox not enabled - The following executors must include the 'com. apple. security. app sandbox' entitlement with a Boolean value of true in the entitlement property list: [[com. electron. iflyrecclient. pkg/Payload/iFlytek Listen. app/Contents/MacOS/iFlytek Listen]] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. Though you are not required to fix the following issues, we wanted to make you aware of them: ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at' iFlytek hears. app 'is missing an application identifier but has an application identifier in the provisioning profile for the bundle.' Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight

I work on a macOS application that functions as a daemon. To test it, I: Compile executables. Use pkgbuild and productbuild to build an application bundle. Use codesign and notarytool to sign and notarize the app. Install the app with /usr/sbin/installer -target LocalSystem -pkg .... This often overwrites the previous version of the app. Sometimes, the installation fails at the postinstall stage, when it can not find the application's install directory. We explicitly check for this error in our script: if ! [ -d $APP_INSTALL_DIR/Contents ]; then echo directory ${APP_INSTALL_DIR}/Contents is missing exit 1 fi This is unexpected! Even worse, some of our customers have occasionally seen the same issue! We use a postinstall script in order to install files into the /Library/LaunchDaemons and /Library/ LaunchAgents directories, and start the agent with launchctl bootstrap. Our preinstall script makes sure that the previous version of our application is fully uninstalled (so there is no confusion), and we

I'm trying to sign a build coming from a gitlab runner, but for some reason security find-identity is yielding no results during the pipeline. Hitting the runner via SSH shows the results as I would expect, as well as VNCing into the runner and using the terminal. whoami on all 3 shows the same result My current attempt is to build the keychain on the fly so that I can ensure I have access to the identity, and it succeeds in building the keychain and importing the certs, but find-identity still shows zero results in the pipeline. - security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH - security list-keychains -d user -s $KEYCHAIN_PATH /Users/######/Library/Keychains/login.keychain-db /Library/Keychains/System.keychain - security set-keychain-settings $KEYCHAIN_PATH - security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH - security import $SIGNING_KEY_DECODED -P $P12_PASSWORD -A -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign - > # escape : CERT_IDENTITY=########## security set-ke

Platforms: Ventura and Big Sur Steps to Reproduce: Create new application and installer CSRs with keypairs Generate new certificates in Apple web portal Repackage certificates as .p12 using exported private keys since they are not referenced in keychain app by default. Import certificates into MacOS Keychain Set certificate access to Always Trust for all certificate uses Sign binary fails using codesign --force --sign Sign installer package succeeds using productsign --sign Additional Info: The private keys ware initially not recognized by the Keychain application resulting a certificate without a private key leaf beneath them. To resolve it I exported the private key and repackaged certificate as a .p12 file. Both certificates appear good when evaluated for code signing The installer certificate shows an intermediate and root while the application certificate does not Repackaging as .p12 with expected intermediate and root did not resolve the issue Installing all available intermediates and roots f