Search results for

“codesign”

3,221 results found

Post

Replies

Boosts

Views

Activity

Having problem provisioning an Enterprise app
I apologize if this has been asked before, and I did do a search but couldn't find a fix for my exact problem.So for background, I have an app that is to be used for a small team of 3 people. Previously I had just used my developer credentials and released it via the old TestFlight app. But for the new version I'm going legit and using the company's Apple Enterprise account to sign it and will distrubute it on an intranet site. However I can't seem to build the thing.So I just got invited to the company's Enterprise account and I created a distribution profile and stuck it in XCode. When I build using it, I get:Failed to code sign App nameNo codesigning identities (i.e. certificate and private key pairs) that match the provisioning profile specified in your build settings (Name of profile) were found.And of course Fix Issue does nothing. Looking through the build settings I notice in the provisioning profile list there is an IOSTeam Provisioning Profile for my app as well. When I use this one, I'm ab
Topic: Developer Tools & Services SubTopic: General Tags:
3
0
1k
Aug ’15
os_trace doesn't ever show output
I'm trying to use the os_trace family of functions in my Mac OS X application. I wrote a simple test tool that uses os_trace in a simple background dispatch_async while the main thread rus dispatch_main, but I almost never see any results in either ostraceutil, lldb or crash reports. Every once in a while it works, but I cannot figure out what the randomness is.Usually I see messages like this in syslog: 8/23/15 9:39:56.530 PM diagnosticd[22663]: error evaluating process info - pid: 23561, punique: 23561I've made sure the build is signed, it's a release build, and I have an Info.plist embedded in the executable. codesign -vv reports the binary is signed and satisfies the designated requirement. ostraceutil -watch -process <pid> doesn't ever show anything, and ostraceutil -diagnostic -process <pid> only reports basic image information until I should start seeing trace messages--once trace messags should appear, ostraceutil -diagnostic shows nothing, not even image info.I can't see what els
Topic: App & System Services SubTopic: Processes & Concurrency Tags:
3
0
760
Aug ’15
Codesigning a static library
I tried to find information about codesigning a static library, but couldn't find anything. I tried to use codesign -s identity xxx.a from the terminal, but this didn't change the xxx.a file. So:-Is codesigning a static library even possible? (according to the apple docs, you should be able to codesign every type of code, so I assumed that it is possible)-If yes, can I codesign a static library via the terminal using only the .a file, or do I have to codesign it when compiling?Thanks,Markus
Topic: Developer Tools & Services SubTopic: Xcode Tags:
0
0
676
Aug ’15
"codesign verify" is happy but spctl rejected ?
When I use codesign with deep option to sign my app and includeded frameworks, codesign verifies as good.codesign --verbose=4 --deep -s Acme, Inc. ${appFolder} my-usb-ev-tokencodesign --verify --verbose=4 ${appFolder}.........app/TSR.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib--validated:/Users/edward3/Documents/projects/build-tsr-Desktop_Qt_5_5_0_clang_64bit-Release/tsr-app/TSR.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib/Users/edward3/Documents/projects/build-tsr-Desktop_Qt_5_5_0_clang_64bit-Release/tsr-app/TSR.app: valid on disk/Users/edward3/Documents/projects/build-tsr-Desktop_Qt_5_5_0_clang_64bit-Release/tsr-app/TSR.app: satisfies its Designated Requirementspctl --verbose --***** --type execute -v TSR.app/TSR.app/: rejectedorigin=Acme, Inc.I am distributing my app in a dmg for distribution outside the Mac app store.Any tips or suggestions on how to properly codesign is much appreciated,-EdOS X 10.10.5XCode 6.4
Topic: Code Signing SubTopic: General Tags:
2
0
7.4k
Aug ’15
Reply to Using Third-Party Development Tools
I too am not sure if they'll reject an app simply because it wasn't built with Xcode, but there's also the code signing requirement. I highly doubt that any third-party IDE will be able to process the Apple-issued signing assets. If an app isn't signed by you when you submit it, of course it'll get rejected. You could try running the codesign command line tool to do it yourself, but again, I'm not sure that will work.Besides, if you use a third-party IDE, you won't be able to use the Apple SDKs, which means that you'll likely miss out on everything special Apple hardware has to offer; on top of that, you wouldn't be able to have a truly cross-platform app anyway because iOS and Android are so fundamentally different.Here's my recommendation: split your app into its core (the back end) and its UI (the front end). The core you can write using C++ or whatever suits your fancy; the UI you should write using the preferred IDE for each platform. On Xcode you can compile the core and iOS-specific UI into th
Topic: Developer Tools & Services SubTopic: Developer Forums Tags:
Aug ’15
Reply to codesign of framework becomes invalid after reboot!
Try moving the built product to /Applications.... Once it's there (before reboot) verify that everything is in order with:spctl -v -a /Applications/MyApp.appWhich should verify the codesign on top of other things. If that's okay, reboot and repeat running spctl on it again once rebooted.Just to add spctl seems to get a better verbosity with the more vvvvv's you add to it... i.e.:spctl -vvvvvv -a /Applicaitons/MyApp.app
Topic: Code Signing SubTopic: General Tags:
Aug ’15
productsign is not able to find cert from keychain
We are trying to sign a Mac installer (.pkg file) using the following command.productsign --sign Developer ID Installer: MyCompany, Inc. unsigned_installer.pkg signed_package.pkgBut we are getting the following error.productsign: error: Could not find appropriate signing identity for “Developer ID Installer: MyCompany, Inc.”.When we try to find the certificates using security -v find-identity -p codesigning, we get the following output.Policy: Code SigningMatching identities1) 1234....6789 MyCompany, Inc. 1 identities foundValid identities only1) 1234....6789 MyCompany, Inc. 1 valid identities foundWhen tried as:productsign --sign commonName unsigned.pkg signed.pkgWe get error as :productsign: error: Could not find appropriate signing identity for “commonName”. An installer signing identity (not an application signing identity) is required for signing flat-style products.Can you give us any on how to troubleshoot and fix this issue?
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
8
0
11k
Sep ’15
Reply to Can my app get permission to rename one of its files when installed in Applications on OSX?
… you can rename files in a code signed application without breaking the code signature.That’s not my experience.$ codesign -vv RenameTest.app RenameTest.app: valid on disk RenameTest.app: satisfies its Designated Requirement $ mv RenameTest.app/Contents/Resources/MainMenu.nib RenameTest.app/Contents/Resources/foo.nib $ codesign -vv RenameTest.app RenameTest.app: a sealed resource is missing or invalid file added: /Users/quinn/Desktop/RenameTest/build/Debug/RenameTest.app/Contents/Resources/foo.nib file missing: /Users/quinn/Desktop/RenameTest/build/Debug/RenameTest.app/Contents/Resources/MainMenu.nibShare and Enjoy — Quinn The Eskimo! Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com
Topic: Privacy & Security SubTopic: General Tags:
Sep ’15
Reply to Can my app get permission to rename one of its files when installed in Applications on OSX?
If you rename a file in the app's bundle (I'm externally calling mv to do this) it seems quite happy. Same if you rename a file directly from the command line.e.gmv /test.app/Contents/Data/niceandsafefile.png /test.app/Contents/Data/FormatDiskIfHere.pngwhere the app is looking for that file to do its hidden nasty stuff. (I should point out that I wasn't doing that, I'm just seeing if I can think up a worst case scenario 🙂 )That seems to pass on the codesigning in that the app will happily run assuming it's happy with the filename in its code.
Topic: Privacy & Security SubTopic: General Tags:
Sep ’15
Reply to Keychain error -34018 (errSecMissingEntitlement)
Just to add some more color:I'm storing oauth2 creds in the keychain. From a fresh start, the following work:* Accessing an existing credential* Deleting a credential and storing a new one.Where I run into problems is in resuming app after being previously logged in, stepping out to settings, and returning. One feature of the internal build is that the identifier for the service to be used is stored in NSUserDefaults, so the user can go to iOS Settings and toggle their service endpoint. When the app resumes after this happends, I check to see if the service changed, and if it did, I force a logout and ask the user to sign in again.It is at this point I run into problems. After having previously been able to read/write the keychain, I get a -34018 for every keychain access. While the deletes happen almost immediately after the app resumes, the adds typically happen quite a while afterwards, since the user has to enter a name and password.I'm using accessibility specifier kSecAttrAccessibleAfterFirstUnlock. I h
Topic: Privacy & Security SubTopic: General Tags:
Sep ’15
Reply to Can my app get permission to rename one of its files when installed in Applications on OSX?
That seems to pass on the codesigning in that the app will happily run assuming it's happy with the filename in its code.Running isn’t really a good test of the code signature. You should either:validate the code signature, as I described in my earlier postput the app on a server somewhere, download it from there, and then see if it passes the Quarantine checkLast I checked OS X does not check the entire code signature of the app every time it launches the app; rather, the full check is done as part of the un-Quarantine process.Share and Enjoy — Quinn The Eskimo! Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com
Topic: Privacy & Security SubTopic: General Tags:
Sep ’15
Reply to entitlements.plist file in productbuild
Your entitlements property list file is not meant to be included in your final build product. Rather, it’s an input to the code signing machinery. If you enable the App Sandbox is the standard way (via the Capabilities tab of the target editor in Xcode), you’ll find that it a) adds the entitlements property list file, and b) sets the Code Signing Entitlements (CODE_SIGN_ENTITLEMENTS) building setting to point to that file. Then, when your build your app, you’ll see in the build log two steps, Process product packaging and Sign, that process that file and then use it as part of your code signing. Finally, to check the actual entitlements of a binary, do this:$ codesign -d --entitlements :- /path/to/binaryShare and Enjoy — Quinn The Eskimo! Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com
Topic: Code Signing SubTopic: General Tags:
Sep ’15
My app is signed (verified with spctl and codesign) but it still "can’t be opened because it is from an unidentified developer."
Hi,I am having trouble signing a .pkg that I have made. I have wrapped the .pkg in a .dmg, you can download it here: www.sptgps.com/GameTrakaInstaller.dmgI have verified that the .pkg is signed with a number of tools, output is below. I have read about the new version 2 signatures and I think that I am using one (even though my Sealed Resource=none.)I am using OS X Yosemite 10.10.5 (14F27).I am manually signing and building my application as it is a Java Web Start (jnlp) based application.My installer package does the following:1) installs java: (I have signed this .pkg)sudo installer -pkg java8u60.pkg -target /2) installs a USB driver: (I have signed this .pkg)sudo installer -pkg PIUSBGPSDriver-4.2.1b5.pkg -target /3) executes an application.jnlp filesudo javaws application.jnlpI know that all the moving parts are working, because if I bypass Gatekeeper everything runs smoothly.Any help would be greatly appreciated!Thank you,Andreas.Verification that root package is signed.$ spctl -a -t exec -vv GameTraka.pk
Topic: Developer Tools & Services SubTopic: Developer Forums Tags:
2
0
963
Sep ’15
Reply to Xcode 7 GM Not running after agreement
Xcode uses an XPC service with root privildges to agree to the license and install packages. This does exactly what you mentioned:`sudo xcodebuild -license`However, launchd will not load the XPC service if the code signature of Xcode is broken. 3rd party plugins are a likely culprit here.To verify that your copy of Xcode is not damaged, please run codesign -v --verbose=4 --deep --strict Xcode.appIf the code signature is broken, please delete Xcode and install it again. The Xcode team will attempt to detect this in the future so that it doesn't hang, and give proper instructions to get past the issue.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Sep ’15
Having problem provisioning an Enterprise app
I apologize if this has been asked before, and I did do a search but couldn't find a fix for my exact problem.So for background, I have an app that is to be used for a small team of 3 people. Previously I had just used my developer credentials and released it via the old TestFlight app. But for the new version I'm going legit and using the company's Apple Enterprise account to sign it and will distrubute it on an intranet site. However I can't seem to build the thing.So I just got invited to the company's Enterprise account and I created a distribution profile and stuck it in XCode. When I build using it, I get:Failed to code sign App nameNo codesigning identities (i.e. certificate and private key pairs) that match the provisioning profile specified in your build settings (Name of profile) were found.And of course Fix Issue does nothing. Looking through the build settings I notice in the provisioning profile list there is an IOSTeam Provisioning Profile for my app as well. When I use this one, I'm ab
Topic: Developer Tools & Services SubTopic: General Tags:
Replies
3
Boosts
0
Views
1k
Activity
Aug ’15
os_trace doesn't ever show output
I'm trying to use the os_trace family of functions in my Mac OS X application. I wrote a simple test tool that uses os_trace in a simple background dispatch_async while the main thread rus dispatch_main, but I almost never see any results in either ostraceutil, lldb or crash reports. Every once in a while it works, but I cannot figure out what the randomness is.Usually I see messages like this in syslog: 8/23/15 9:39:56.530 PM diagnosticd[22663]: error evaluating process info - pid: 23561, punique: 23561I've made sure the build is signed, it's a release build, and I have an Info.plist embedded in the executable. codesign -vv reports the binary is signed and satisfies the designated requirement. ostraceutil -watch -process <pid> doesn't ever show anything, and ostraceutil -diagnostic -process <pid> only reports basic image information until I should start seeing trace messages--once trace messags should appear, ostraceutil -diagnostic shows nothing, not even image info.I can't see what els
Topic: App & System Services SubTopic: Processes & Concurrency Tags:
Replies
3
Boosts
0
Views
760
Activity
Aug ’15
Codesigning a static library
I tried to find information about codesigning a static library, but couldn't find anything. I tried to use codesign -s identity xxx.a from the terminal, but this didn't change the xxx.a file. So:-Is codesigning a static library even possible? (according to the apple docs, you should be able to codesign every type of code, so I assumed that it is possible)-If yes, can I codesign a static library via the terminal using only the .a file, or do I have to codesign it when compiling?Thanks,Markus
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
0
Boosts
0
Views
676
Activity
Aug ’15
"codesign verify" is happy but spctl rejected ?
When I use codesign with deep option to sign my app and includeded frameworks, codesign verifies as good.codesign --verbose=4 --deep -s Acme, Inc. ${appFolder} my-usb-ev-tokencodesign --verify --verbose=4 ${appFolder}.........app/TSR.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib--validated:/Users/edward3/Documents/projects/build-tsr-Desktop_Qt_5_5_0_clang_64bit-Release/tsr-app/TSR.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib/Users/edward3/Documents/projects/build-tsr-Desktop_Qt_5_5_0_clang_64bit-Release/tsr-app/TSR.app: valid on disk/Users/edward3/Documents/projects/build-tsr-Desktop_Qt_5_5_0_clang_64bit-Release/tsr-app/TSR.app: satisfies its Designated Requirementspctl --verbose --***** --type execute -v TSR.app/TSR.app/: rejectedorigin=Acme, Inc.I am distributing my app in a dmg for distribution outside the Mac app store.Any tips or suggestions on how to properly codesign is much appreciated,-EdOS X 10.10.5XCode 6.4
Topic: Code Signing SubTopic: General Tags:
Replies
2
Boosts
0
Views
7.4k
Activity
Aug ’15
Reply to Using Third-Party Development Tools
I too am not sure if they'll reject an app simply because it wasn't built with Xcode, but there's also the code signing requirement. I highly doubt that any third-party IDE will be able to process the Apple-issued signing assets. If an app isn't signed by you when you submit it, of course it'll get rejected. You could try running the codesign command line tool to do it yourself, but again, I'm not sure that will work.Besides, if you use a third-party IDE, you won't be able to use the Apple SDKs, which means that you'll likely miss out on everything special Apple hardware has to offer; on top of that, you wouldn't be able to have a truly cross-platform app anyway because iOS and Android are so fundamentally different.Here's my recommendation: split your app into its core (the back end) and its UI (the front end). The core you can write using C++ or whatever suits your fancy; the UI you should write using the preferred IDE for each platform. On Xcode you can compile the core and iOS-specific UI into th
Topic: Developer Tools & Services SubTopic: Developer Forums Tags:
Replies
Boosts
Views
Activity
Aug ’15
Reply to codesign of framework becomes invalid after reboot!
Try moving the built product to /Applications.... Once it's there (before reboot) verify that everything is in order with:spctl -v -a /Applications/MyApp.appWhich should verify the codesign on top of other things. If that's okay, reboot and repeat running spctl on it again once rebooted.Just to add spctl seems to get a better verbosity with the more vvvvv's you add to it... i.e.:spctl -vvvvvv -a /Applicaitons/MyApp.app
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Aug ’15
Reply to XCTestCase in UITesting: containerURLForSecurityApplicationGroupIdentifier returns nil
Might it be because to get access to the container the app needs to be code-signed, which doesn't necessarily have to be the case when testing on Simulators? We have the exact same problem when we change provisioning profiles and forget to update them & build for simulator. Make sure the app is codesigned.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
Boosts
Views
Activity
Sep ’15
productsign is not able to find cert from keychain
We are trying to sign a Mac installer (.pkg file) using the following command.productsign --sign Developer ID Installer: MyCompany, Inc. unsigned_installer.pkg signed_package.pkgBut we are getting the following error.productsign: error: Could not find appropriate signing identity for “Developer ID Installer: MyCompany, Inc.”.When we try to find the certificates using security -v find-identity -p codesigning, we get the following output.Policy: Code SigningMatching identities1) 1234....6789 MyCompany, Inc. 1 identities foundValid identities only1) 1234....6789 MyCompany, Inc. 1 valid identities foundWhen tried as:productsign --sign commonName unsigned.pkg signed.pkgWe get error as :productsign: error: Could not find appropriate signing identity for “commonName”. An installer signing identity (not an application signing identity) is required for signing flat-style products.Can you give us any on how to troubleshoot and fix this issue?
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
8
Boosts
0
Views
11k
Activity
Sep ’15
Reply to Can my app get permission to rename one of its files when installed in Applications on OSX?
… you can rename files in a code signed application without breaking the code signature.That’s not my experience.$ codesign -vv RenameTest.app RenameTest.app: valid on disk RenameTest.app: satisfies its Designated Requirement $ mv RenameTest.app/Contents/Resources/MainMenu.nib RenameTest.app/Contents/Resources/foo.nib $ codesign -vv RenameTest.app RenameTest.app: a sealed resource is missing or invalid file added: /Users/quinn/Desktop/RenameTest/build/Debug/RenameTest.app/Contents/Resources/foo.nib file missing: /Users/quinn/Desktop/RenameTest/build/Debug/RenameTest.app/Contents/Resources/MainMenu.nibShare and Enjoy — Quinn The Eskimo! Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Sep ’15
Reply to Can my app get permission to rename one of its files when installed in Applications on OSX?
If you rename a file in the app's bundle (I'm externally calling mv to do this) it seems quite happy. Same if you rename a file directly from the command line.e.gmv /test.app/Contents/Data/niceandsafefile.png /test.app/Contents/Data/FormatDiskIfHere.pngwhere the app is looking for that file to do its hidden nasty stuff. (I should point out that I wasn't doing that, I'm just seeing if I can think up a worst case scenario 🙂 )That seems to pass on the codesigning in that the app will happily run assuming it's happy with the filename in its code.
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Sep ’15
Reply to Keychain error -34018 (errSecMissingEntitlement)
Just to add some more color:I'm storing oauth2 creds in the keychain. From a fresh start, the following work:* Accessing an existing credential* Deleting a credential and storing a new one.Where I run into problems is in resuming app after being previously logged in, stepping out to settings, and returning. One feature of the internal build is that the identifier for the service to be used is stored in NSUserDefaults, so the user can go to iOS Settings and toggle their service endpoint. When the app resumes after this happends, I check to see if the service changed, and if it did, I force a logout and ask the user to sign in again.It is at this point I run into problems. After having previously been able to read/write the keychain, I get a -34018 for every keychain access. While the deletes happen almost immediately after the app resumes, the adds typically happen quite a while afterwards, since the user has to enter a name and password.I'm using accessibility specifier kSecAttrAccessibleAfterFirstUnlock. I h
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Sep ’15
Reply to Can my app get permission to rename one of its files when installed in Applications on OSX?
That seems to pass on the codesigning in that the app will happily run assuming it's happy with the filename in its code.Running isn’t really a good test of the code signature. You should either:validate the code signature, as I described in my earlier postput the app on a server somewhere, download it from there, and then see if it passes the Quarantine checkLast I checked OS X does not check the entire code signature of the app every time it launches the app; rather, the full check is done as part of the un-Quarantine process.Share and Enjoy — Quinn The Eskimo! Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Sep ’15
Reply to entitlements.plist file in productbuild
Your entitlements property list file is not meant to be included in your final build product. Rather, it’s an input to the code signing machinery. If you enable the App Sandbox is the standard way (via the Capabilities tab of the target editor in Xcode), you’ll find that it a) adds the entitlements property list file, and b) sets the Code Signing Entitlements (CODE_SIGN_ENTITLEMENTS) building setting to point to that file. Then, when your build your app, you’ll see in the build log two steps, Process product packaging and Sign, that process that file and then use it as part of your code signing. Finally, to check the actual entitlements of a binary, do this:$ codesign -d --entitlements :- /path/to/binaryShare and Enjoy — Quinn The Eskimo! Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Sep ’15
My app is signed (verified with spctl and codesign) but it still "can’t be opened because it is from an unidentified developer."
Hi,I am having trouble signing a .pkg that I have made. I have wrapped the .pkg in a .dmg, you can download it here: www.sptgps.com/GameTrakaInstaller.dmgI have verified that the .pkg is signed with a number of tools, output is below. I have read about the new version 2 signatures and I think that I am using one (even though my Sealed Resource=none.)I am using OS X Yosemite 10.10.5 (14F27).I am manually signing and building my application as it is a Java Web Start (jnlp) based application.My installer package does the following:1) installs java: (I have signed this .pkg)sudo installer -pkg java8u60.pkg -target /2) installs a USB driver: (I have signed this .pkg)sudo installer -pkg PIUSBGPSDriver-4.2.1b5.pkg -target /3) executes an application.jnlp filesudo javaws application.jnlpI know that all the moving parts are working, because if I bypass Gatekeeper everything runs smoothly.Any help would be greatly appreciated!Thank you,Andreas.Verification that root package is signed.$ spctl -a -t exec -vv GameTraka.pk
Topic: Developer Tools & Services SubTopic: Developer Forums Tags:
Replies
2
Boosts
0
Views
963
Activity
Sep ’15
Reply to Xcode 7 GM Not running after agreement
Xcode uses an XPC service with root privildges to agree to the license and install packages. This does exactly what you mentioned:`sudo xcodebuild -license`However, launchd will not load the XPC service if the code signature of Xcode is broken. 3rd party plugins are a likely culprit here.To verify that your copy of Xcode is not damaged, please run codesign -v --verbose=4 --deep --strict Xcode.appIf the code signature is broken, please delete Xcode and install it again. The Xcode team will attempt to detect this in the future so that it doesn't hang, and give proper instructions to get past the issue.
Topic: Developer Tools & Services SubTopic: Xcode Tags:
Replies
Boosts
Views
Activity
Sep ’15