“codesign”

Hello there,I am trying to import my ios distribution certificate and key to a custom keychain so I can codesign my unsigned .app file with the following script:#!/bin/bash PASS='12345' KC=$HOME/Library/Keychains/custom.keychain LKC='login.keychain' CERT_FOLDER=$PWD/certificates PROFILE_NAME='MOBPROFILE.mobileprovision' PROFILE=$CERT_FOLDER/$PROFILE_NAME KEY=$CERT_FOLDER/private_key.pem CERT=$CERT_FOLDER/ios_distribution.cer APP=$PWD/myapp.app WWDR=$CERT_FOLDER/AppleWWDRCA.cer TMP_FOLDER=$PWD/tmp CONFIG='iPhone Distribution: ORG (TEAMID)' SHARED_PROFILE_FOLDER=$HOME/Library/MobileDevice/Provisioning Profiles prepare () { mkdir -p $SHARED_PROFILE_FOLDER cp $PROFILE $SHARED_PROFILE_FOLDER mkdir -p $TMP_FOLDER security create-keychain -p $PASS $KC security list-keychains -d user -s $LKC $KC security import $WWDR -k $KC -t cert -A -P '' security import $KEY -k $KC -t priv -A -P '' security import $CERT -k $KC -t cert -A -P '' security default-keychain -d user -s $KC security unlock-keychain -p $PASS $KC

We codesign our runnable PC application with entitlements.plist as following sudo codesign --force --timestamp --options=runtime --entitlements ./entitlements.plist -s ${cert} full/path then we run it, the application goes into killed rather than runs up . The terminal shows as below: zsh: killed ./XXXX.app/Contents/MacOS/XXXX The crash report and entitlements.plist are attached. The Mac OS is 10.15.4 , with latest XCode from Apple AppStore. From the report, it seems terminated due to EXC_CRASH (Code Signature Invalid) . So it just failed for the boot of app. Hope somebody gives us points to move forward. entitlements.plist com.apple.security.cs.allow-jit errorReport.txt

Hi! I try to codesign a file inside a macOS executor on CircleCI. I am able to import the certificate inside my new keychain but when I execute the codesign command is stuck, it never returns. No output, nothing. I have to kill the command. Anyone has an idea? Thanks! JF security create-keychain -p default MyKeychain.keychain echo $APPLE_CERT_DEV_ID_APP_BASE64 | base64 -D -o DevIdApplication.p12 security import ./DevIdApplication.p12 -x -t agg -k MyKeychain.keychain -A -P $APPLE_CERT_PASSWORD security default-keychain -d user -s MyKeychain.keychain security unlock-keychain -p default MyKeychain.keychain security set-keychain-settings MyKeychain.keychain security find-identity -p codesigning touch file codesign --timestamp --options runtime -s Developer ID Application: XXXXXXX inc. (XXXXXXXXXX) -v file << the command hangs here and nothing happens >>

I'm trying to sign (using codesign) an app (http://dl.nwjs.io/v0.12.3/nwjs-macappstore-v0.12.3-osx-x64.zip) for the Mac App Store that hasn't been singed yet. The main app (nwjs.app) isn't signed but the Helpers seem to get signed at some point on my system with Signature=adhoc before I'm able to sign them myself. Because of this I have to use the --force flag with the codesign command. I've read that if Parental Controls are enabled or certain options are enabled in the filewall, that the OS could add the adhoc signature. However, I'm admin so Parental Controls are not enabled and I've disable the firewall entirelly, but the adhoc sig is still being added to the Helpers; and again, only to the Helpers and not the main app (nwjs.app) itself. Does anyone have an idea why this is happeing? Or can someone point me to a doc that has a complete list of the facilites that will try to sign an app that is not already signed?Thanks.

I am able to codesign my app and see it signed successfully. But then when I run it is just hangs, i.e. it does launch and shows in the system tray but no window pops up. I am also able to notarize the app successfully, but it seems code signing did something to cause it to not work the same. codesign -dvvv WhoStoleMyBeard.app Builds/MacOS/Native/App/WhoStoleMyBeard.app/Contents/MacOS/nwjs Identifier=io.nwjs.nwjs Format=app bundle with Mach-O thin (x86_64) CodeDirectory v=20500 size=440 flags=0x10000(runtime) hashes=3+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha1=04d39f1aa101d131750387c732d865e4187a8084 CandidateCDHashFull sha1=04d39f1aa101d131750387c732d865e4187a8084 CandidateCDHash sha256=476a47ff9f5fb21f44ddee8292c769d4178e02fd CandidateCDHashFull sha256=476a47ff9f5fb21f44ddee8292c769d4178e02fdbeb14a2893133dc64fd818f1 Hash choices=sha1,sha256 CMSDigest=36b3ddcf11edb24217ebb11c435b4b8a745ddbed0d29ec2b9573edce3298e4a1 CMSDigestType=2 CDHash=476a47ff9f5fb21f44ddee8292c769

We are trying to run codesign on a bundle that has a symlink in place of the executable in the /MacOS folder. Codesign produces an error the main executable or Info.plist must be a regular file (no symlinks, etc.).We have tried replacing the symlink with a copy of the file but this breaks our launcher. We have also tried removing the symlink and changing the CFBundleExecutable value in the info.plist to be the relative path to the file. This fixes the error in codesign but causes Application Loader to fail during verification because it cannot find the executable.Is there a way to sign a bundle that contains a symlink in place of the main executable? Alternatively is there a way to remove the symlink that still allows the application to launch?

I am experiencing a persistent issue when trying to sign my application, PhotoKiosk.app, using codesign. The process consistently fails with the error errSecInternalComponent, and my troubleshooting indicates the problem is with how the system accesses or validates my certificate's trust chain, rather than the certificate itself. Error Details and Configuration: codesign command executed: codesign --force --verbose --options=runtime --entitlements /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/entitlements.plist --sign Developer ID Application: Sérgio Mordente (G75SJ6S9NC) /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/dist/PhotoKiosk.app Error message received: Warning: unable to build chain to self-signed root for signer (null) /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/dist/PhotoKiosk.app: errSecInternalComponent Diagnostic Tests and Verifications Performed: Code Signing Identity Validation: I ran the command security find

Hello,I am getting this strage error (no identity found) when codesigning from the Terminal I am using this command:sudo codesign -f -s Mac Developer: xxxxxxxxx@gmail.com (VVVXXXXX) -v /usr/local/gcc-8.2/bin/gdb-8.2But the strange thig is, if I use another certificate it works, or if I move the app to the Desktop and only to the Desktop...

The Codesign command adds extended attributes to files that previously had no extended attributes. In my case codesign add following extended attributes to text file in Frrameworks folder: com.apple.cs.CodeDirectory com.apple.cs.CodeRequirements com.apple.cs.CodeRequirements-1 com.apple.cs.CodeSignature Can I somehow prevent this behavior? Thank you.

Hi, I have create a universal app then did this: https://support.apple.com/en-vn/guide/apple-business-essentials/axm20c32e0c6/web But this doesn't produce a working package installer. productbuild --sign 3rd Party Mac Developer Installer: **** --component /Applications/MyApp.app MyApp-universal.pkg Do I need to create a code signature with codesign, prior to call productbuild? regards, Joël

Is it correct to codesign dylib/framewoks with entitlements? My understanding is that only executables need to have the entitlement and the dylibs loaded in that process will automatically inherit those entitlements. However, I am seeing a lot of scripts on the internet that are signing dylibs as well with entitlements. For eg - # sign *.dylibs find $APP_BUNDLE -type f -name *.dylib -exec codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements $ENTITLEMENTS_FILE --sign $SIGNING_IDENTITY {} ; Is this even allowed? I know of at least one app that has passed notarization checks as well. If allowed, can a dylib have more entitlements than the process that loaded it?

We have send email to Apple support but nobody replies, so we send it here to demand help. Our company builds up our desktop application XXXX.app, and it runs well under Mac OS 10.15.4 Catalina. We strictly follow the guideline of Nested code from https://developer.apple.com/library/archive/technotes/tn2206/_index.html Then we buy Apple 99$ program and plan to codesign it to bypass GateKeeper. However, this operation goes into disaster. We run the codesign one by one following your guide, from inside to outside (NOT --deep). sudo codesign --force --timestamp --options=runtime -s ${cert} file/full/path And check the codesign with $ codesign -vvv --deep --strict XXXX.app XXXX.app: valid on disk XXXX.app: satisfies its Designated Requirement But when we run the signed XXXX.app , it crashes with exception (crashReport.txt). Your codesign makes our app crash! You can repro it again and again. Run well 2. codesign 3. Run up and crash inmediately! Crash

What happened to timestamp.apple.com? codesign just keep failing forever.

I'm developing a C sharp application in Visual Studio for Mac. I have set up code signing in the IDE, but now it fails with the following error even though I have not made any changes to the code. A timestamp was expected but was not found. Also, when I run the codesign command in the CLI, I get the following results. $ codesign -v --force --timestamp --sign [sign_id] path/to/target_file Segmentation fault: 11 How can I solve this? I've already tried the following: Rebuild the certificate. Add --timestamp=none(Signing works, but error when getting Apple notarization.)

When I first tried to sign my local unit test with the identity generated by Xcode, it failed because the intermediate certificate was missing. In that case, the error message explained that the trust chain could not be completed. But after installing the correct intermediate, codesign still fails, but no longer gives any explanation: codesign -f -s '0EFE7E591A4E690842094B8EC5AFDFE059637D3C' build/Darwin-Xcode-arm64_obf/bin/Release/UNITTEST build/Darwin-Xcode-arm64_obf/bin/Release/UNITTEST: replacing existing signature build/Darwin-Xcode-arm64_obf/bin/Release/UNITTEST: errSecInternalComponent It's the same error line errSecInternalComponent. Is there a log somewhere that might explain what exactly is the error?