“codesign”

Hello, After my developer Id had expired after 5 years, I created a new one, codesigned the app successfully, but could not notarize: xcrun notarytool submit mac_release/flow5.zip --keychain-profile XFLR5 --wait Conducting pre-submission checks for flow5.zip and initiating connection to the Apple notary service... Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct I don't think I was using an app specific password before, but the last time I went through this process was 5 years ago. Thanks in advance for any help.

Hello, I cannot build a signed app that will both be accepted by Testflight and run locally. Only one or the other! I'm singing my .app and building the package thus: CODESIGN_ID=Apple Distribution: company (number) INSTALLSIGN_ID=3rd Party Mac Developer Installer: company (number) codesign --force --deep --entitlements plist.xcent -o runtime --timestamp --sign $CODESIGN_ID myapp.app productbuild --sign $INSTALLSIGN_ID --timestamp --component myapp.app /Applications myapp.pkg With entitlements: com.apple.security.get-task-allow com.apple.security.app-sandbox com.apple.security.network.client com.apple.security.files.user-selected.read-write com.apple.security.inherit com.apple.application-identifier TEAM.com.COMPANY.APPNAME com.apple.developer.team-identifier TEAM/string> If I leave out the last two entitlements com.apple.application-identifier and com.apple.developer.team-identifier, the package validates and runs locally. It can be uploaded but it is NOT accepted by Testflight. When i

Hi, I need to create a new Developer ID installer certificate as I cannot locate the private key on my old computer. I need to revoke the certificate. I have the Account holder and admin rights but I can't see the revoke option. And when I try to create a new certificate, the panel response is There is already an existing one. Again, I need to install a new Developer ID installer certificate on the KeyChain of my new computer with its private key. I can't codesign and complete my work at the moment ! I have sent several support e-mails but no single response ! Any guidance is much appreciated. thank you.

I try to notarize my package, everything works except one signature of a binary. But the output of codesign seems fine. Notary log: logFormatVersion: 1, jobId: 350315e0-38ae-4224-a13b-1c4dc20c1cb7, status: Invalid, statusSummary: Archive contains critical validation errors, statusCode: 4000, archiveFilename: VocalNet_Installer.pkg, uploadDate: 2024-11-26T18:07:57.042Z, sha256: fc59a3c2c3669f641a18d6e6df9b91e9369f8cf9cd827d5a75762beb99dfbcfe, ticketContents: null, issues: [ { severity: error, code: null, path: VocalNet_Installer.pkg/SLink.pkg Contents/Payload/Applications/SLink.app/Contents/MacOS/SLink, message: The signature of the binary is invalid., docUrl: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735, architecture: arm64 } ] } Codesign output: Executable=/Users/200gaga/Main/VocalNet/SLink.app/Contents/MacOS/SLink Identifier=SLink Format=app bundle with Mach-O thin (arm64) CodeDirectory v=20500

I'm trying to sign a build coming from a gitlab runner, but for some reason security find-identity is yielding no results during the pipeline. Hitting the runner via SSH shows the results as I would expect, as well as VNCing into the runner and using the terminal. whoami on all 3 shows the same result My current attempt is to build the keychain on the fly so that I can ensure I have access to the identity, and it succeeds in building the keychain and importing the certs, but find-identity still shows zero results in the pipeline. - security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH - security list-keychains -d user -s $KEYCHAIN_PATH /Users/######/Library/Keychains/login.keychain-db /Library/Keychains/System.keychain - security set-keychain-settings $KEYCHAIN_PATH - security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH - security import $SIGNING_KEY_DECODED -P $P12_PASSWORD -A -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign - > # escape : CERT_IDENTITY=########## security set-ke

I have an internal customer who is trying to submit an IPA to TestFlight via a Jenkins pipeline, and they are submitting their IPA to our central code signing service first. But they're seeing failures in their logs such as: { id : bb07c32d-b4d6-48c4-abfe-390a46dec3ca, status : 409, code : STATE_ERROR.VALIDATION_ERROR.90179, title : Asset validation failed, detail : Invalid Code Signing. The executable 'Payload/their.app/Frameworks/Pods_their.framework/Pods_their' must be signed with the certificate that is contained in the provisioning profile. } I obtained the signed IPA file, and examined one of the items flagged as incorrectly signed with codesign -d -vvvv. I see the correct team identifier in the output, along with the correct (Distribution) authority. I unbundled the IPA with ditto -xk, extracted the plist from the embedded provisioning file with security cms -D -i, and examined the lone developer certificate with plutil -extract DevelopCertificates.0 and certtool d. The subject name fields cor

We're build a pkg with three apps in it from the command line. There is one primary app and two supporting apps. We build a folder structure inside a temp directory like below (some folder names replaced with generic ones): mkdir -p ./tmp/Applications/.hiddenfolder/ mkdir -p ./tmp/Library/Application Support/Company/ mkdir -p ./tmp/Library/Preferences/ mkdir -p ./tmp/Library/Logs/Company/ mkdir -p ./tmp/Library/LaunchAgents/ mkdir -p ./tmp/Library/Company/ mkdir -p ./tmp/Library/LaunchDaemons/ #Grant Logs Folder Read-Write Access to All chmod a+rw ./tmp/Library/Logs/Company/ chmod a+rw ./tmp/Library/Application Support/Company/ We then build and sign each app dependency and place them into the temporary folder. For each app we're calling: xcodebuild -workspace $PROJECT -scheme $TARGET -configuration Release -derivedDataPath $WORKING clean build codesign --force --deep -o runtime --entitlements ../$TARGET/$APPLICATION.entitlements --sign $DEVKEY $WORKING/Build/Products/Release/$APPLICATION.app cp -R $

I have already posted asking about this: [quote='768005021, CynthiaSun, /thread/768005, /profile/CynthiaSun'] Codesigned and notarized app cannot directly write files inside the app bundle... [/quote] But there are still some doubts that have not been answered. We use Qt to develop an application on the macOS platform, and we are attempting to perform code signing and notarization to ensure our the application is trusted by Apple. However, there are a few things that seem weird regarding this statement: App bundles are read-only by design. Let me provide more details. Currently, when our application starts, it needs to create folder (e.g. Temp) in the root directory of the executable For example: Myapp.app/Contents/MacOS/Myapp ---> Myapp.app/Contents/MacOS/Temp The folder is designed for storing runtime logs or config files for our application. In the past, users may also modify the settings inside target folder if needed. However, the strange thing is that after the application is codesigned

I'm trying to distribute my macOS application (a .dmg file) to customers, and I've followed all the steps to sign and notarize the application. However, when I try to install the .dmg containing the app, Gatekeeper rejects it with the error AppName cannot be opened because developer is not verified. Even though I’ve signed the app with my Developer ID, notarized it, and verified the signature using codesign, I am still encountering issues when attempting to install or open the app on a clean macOS environment. Here’s the error I see when using spctl to check the .dmg: spctl --assess --type open --verbose=4 output/App.dmg output/App.dmg: rejected source=Insufficient Context When trying: spctl -a -t open -vvv --context context:primary-signature output/App.dmg output/Unbounded.dmg: accepted source=Notarized Developer ID origin=Developer ID Application: My .app is signed and notarised by electron builder and I explicitly signed and notarised dmg too but still not working