“codesign”

I'm trying to sign a build coming from a gitlab runner, but for some reason security find-identity is yielding no results during the pipeline. Hitting the runner via SSH shows the results as I would expect, as well as VNCing into the runner and using the terminal. whoami on all 3 shows the same result My current attempt is to build the keychain on the fly so that I can ensure I have access to the identity, and it succeeds in building the keychain and importing the certs, but find-identity still shows zero results in the pipeline. - security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH - security list-keychains -d user -s $KEYCHAIN_PATH /Users/######/Library/Keychains/login.keychain-db /Library/Keychains/System.keychain - security set-keychain-settings $KEYCHAIN_PATH - security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH - security import $SIGNING_KEY_DECODED -P $P12_PASSWORD -A -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign - > # escape : CERT_IDENTITY=########## security set-ke

Platforms: Ventura and Big Sur Steps to Reproduce: Create new application and installer CSRs with keypairs Generate new certificates in Apple web portal Repackage certificates as .p12 using exported private keys since they are not referenced in keychain app by default. Import certificates into MacOS Keychain Set certificate access to Always Trust for all certificate uses Sign binary fails using codesign --force --sign Sign installer package succeeds using productsign --sign Additional Info: The private keys ware initially not recognized by the Keychain application resulting a certificate without a private key leaf beneath them. To resolve it I exported the private key and repackaged certificate as a .p12 file. Both certificates appear good when evaluated for code signing The installer certificate shows an intermediate and root while the application certificate does not Repackaging as .p12 with expected intermediate and root did not resolve the issue Installing all available intermediates and roots f

We're build a pkg with three apps in it from the command line. There is one primary app and two supporting apps. We build a folder structure inside a temp directory like below (some folder names replaced with generic ones): mkdir -p ./tmp/Applications/.hiddenfolder/ mkdir -p ./tmp/Library/Application Support/Company/ mkdir -p ./tmp/Library/Preferences/ mkdir -p ./tmp/Library/Logs/Company/ mkdir -p ./tmp/Library/LaunchAgents/ mkdir -p ./tmp/Library/Company/ mkdir -p ./tmp/Library/LaunchDaemons/ #Grant Logs Folder Read-Write Access to All chmod a+rw ./tmp/Library/Logs/Company/ chmod a+rw ./tmp/Library/Application Support/Company/ We then build and sign each app dependency and place them into the temporary folder. For each app we're calling: xcodebuild -workspace $PROJECT -scheme $TARGET -configuration Release -derivedDataPath $WORKING clean build codesign --force --deep -o runtime --entitlements ../$TARGET/$APPLICATION.entitlements --sign $DEVKEY $WORKING/Build/Products/Release/$APPLICATION.app cp -R $

I just paid for 99$ a year and it's already 48hrs ago since I've paid. But when I click on my name it still says Pending and on the main landingpage on https://developer.apple.com/account it still says this Purchase your membership. To continue your enrollment, complete your purchase now Your purchase may take up to 48 hours to process. Do I need a membership to codesign and notarising my VST plugins? Cause that'a what I bought it for.

Hello, I cannot build a signed app that will both be accepted by Testflight and run locally. Only one or the other! I'm singing my .app and building the package thus: CODESIGN_ID=Apple Distribution: company (number) INSTALLSIGN_ID=3rd Party Mac Developer Installer: company (number) codesign --force --deep --entitlements plist.xcent -o runtime --timestamp --sign $CODESIGN_ID myapp.app productbuild --sign $INSTALLSIGN_ID --timestamp --component myapp.app /Applications myapp.pkg With entitlements: com.apple.security.get-task-allow com.apple.security.app-sandbox com.apple.security.network.client com.apple.security.files.user-selected.read-write com.apple.security.inherit com.apple.application-identifier TEAM.com.COMPANY.APPNAME com.apple.developer.team-identifier TEAM/string> If I leave out the last two entitlements com.apple.application-identifier and com.apple.developer.team-identifier, the package validates and runs locally. It can be uploaded but it is NOT accepted by Testflight. When i

Hi, I need to create a new Developer ID installer certificate as I cannot locate the private key on my old computer. I need to revoke the certificate. I have the Account holder and admin rights but I can't see the revoke option. And when I try to create a new certificate, the panel response is There is already an existing one. Again, I need to install a new Developer ID installer certificate on the KeyChain of my new computer with its private key. I can't codesign and complete my work at the moment ! I have sent several support e-mails but no single response ! Any guidance is much appreciated. thank you.

I have an internal customer who is trying to submit an IPA to TestFlight via a Jenkins pipeline, and they are submitting their IPA to our central code signing service first. But they're seeing failures in their logs such as: { id : bb07c32d-b4d6-48c4-abfe-390a46dec3ca, status : 409, code : STATE_ERROR.VALIDATION_ERROR.90179, title : Asset validation failed, detail : Invalid Code Signing. The executable 'Payload/their.app/Frameworks/Pods_their.framework/Pods_their' must be signed with the certificate that is contained in the provisioning profile. } I obtained the signed IPA file, and examined one of the items flagged as incorrectly signed with codesign -d -vvvv. I see the correct team identifier in the output, along with the correct (Distribution) authority. I unbundled the IPA with ditto -xk, extracted the plist from the embedded provisioning file with security cms -D -i, and examined the lone developer certificate with plutil -extract DevelopCertificates.0 and certtool d. The subject name fields cor

I have already posted asking about this: [quote='768005021, CynthiaSun, /thread/768005, /profile/CynthiaSun'] Codesigned and notarized app cannot directly write files inside the app bundle... [/quote] But there are still some doubts that have not been answered. We use Qt to develop an application on the macOS platform, and we are attempting to perform code signing and notarization to ensure our the application is trusted by Apple. However, there are a few things that seem weird regarding this statement: App bundles are read-only by design. Let me provide more details. Currently, when our application starts, it needs to create folder (e.g. Temp) in the root directory of the executable For example: Myapp.app/Contents/MacOS/Myapp ---> Myapp.app/Contents/MacOS/Temp The folder is designed for storing runtime logs or config files for our application. In the past, users may also modify the settings inside target folder if needed. However, the strange thing is that after the application is codesigned

I'm trying to use task_for_pid in a project but I keep getting error code 5 signaling some kind of signing error. Even with this script I cant seem to get it to work. #include #include #include #include #include #include int main(int argc, const char * argv[]) { task_t task; pid_t pid = argc >= 2 ? atoi(argv[1]) : 1; kern_return_t error = task_for_pid(mach_task_self(), pid, &task); printf(%d -> %x [%d - %s]n, pid, task, error, mach_error_string(error)); return error; } I've tried signing my executables using codesign and also tried building with Xcode with the Debugging Tool box checked under hardened runtime. My Info.plist file includes the SecTaskAccess key with the values allowed and debug. Hoping someone can point me towards what I'm missing here. Thanks!