codesign

In last few days codesign failed multiple time to sign my apps. During the failure, codesign command was exiting with exit code of 139. The crash report of codesign tool shows SIGSEGV in com.apple.security.XPCTimeStampingService. Knowing that codesign requires a connection to an Apple's time stamp server. I verified the network connection but everything was fine. Upon looking deep into the crash report, it seems that the dereference to unmapped memory triggered the crash at 0x0000000000000000, which is an invalid address, specifically a NULL pointer. I'd be interested to know, was there any ongoing issue with Apple's timestamp server? or the issue is local to our development environment? Failure date time: 24 May 2021 13:26:38 24 May 2021 10:57:22 24 May 2021 09:23:34 24 May 2021 08:50:33 24 May 2021 07:25:21 23 May 2021 16:30:33 21 May 2021 20:22:01 Crash dump: Process: codesign [50994] Path: /usr/bin/codesign Identifier: codesign Version: 0.3 Co

How to correctly install codesign certificates on second Mac? I have first Mac where I successfully sign and notarize my apps for macOS outside AppStore. On second Mac I downloaded existing Developer ID Installer and Developer ID Application certificates and installed in KeyChain. Also I downloaded and installed Intermediate Certificate. When I try to sign anything on second Mac I see the error: error: The specified item could not be found in the keychain. Also I have a file CertificateSigningRequest.certSigningRequest saved from first Mac. No idea how to use it. What I missed in this nightmare to get it work? And keep codesigning on first Mac, too.

Hello,I have created a game using Unity.I was able to build the iOS project and codesign/upload it to the AppStore using xCode.I also want to build a Mac version.However,When I try to code sign the game using codesign, eventhough it supposingly use my Mac certificate, the Application Loader complains that my plist info says it's an iOS app and I tried to upload a pkg.Is there a way to codesign a Mac app when you also have certificates for the iOS version? Or I cannot have a Mac version of my game when I also have an iOS version?The prefix is the same for both the iOS and Mac version, but the package name is different at the end.

Hello,I'm stucked at codesigning on a binary that is built with 'Go' language for Mac app.The 'Go' binary works as far as 'not signed'. But 'signed' binary does not work.Reference: https://github.com/atom/electron/blob/master/docs/tutorial/mac-app-store-submission-guide.mdBased on the code above, I used the following bash script (excerption) for codesigning:codesign --deep -fs '<my app sign title>' --entitlements child.plist '<app path>/Contents/Frameworks/Electron Framework.framework/Libraries/libnode.dylib' codesign --deep -fs '<my app sign title>' --entitlements child.plist '<app path>/Contents/Frameworks/Electron Framework.framework/Electron Framework' codesign --deep -fs '<my app sign title>' --entitlements child.plist '<app path>/Contents/Frameworks/Electron Framework.framework/' EnnoMac-darwin-x64/EnnoMac.app/Contents/Frameworks/Electron Framework.framework/: replacing existing signature codesign --deep -fs '<my app sign title&g

I have my own running daemon application that listens to a network port and executes some different commands based on the coming request. All is working fine except when trying to execute the following codesign command. sudo codesign --force --timestamp --options=runtime --entitlements --sign Where I see an error saying errSecInternalComponent. However, when I take the same command and paste it into the terminal it works. I have my application certificate installed under both login and System keychains and set to be Always Trust in settings. I tried adding --keychain option to specify the keychain path for the codesign command. Also, I made sure that both login and System keychains are unlocked during command execution. Besides, I tried adding the following key/value pair to my daemon plist file and restarting it. SessionCreate All of the above trials failed to fix the issue, I'm out of ideas and any help would be highly appreciated.

I cant use ANY of apple's older examples with getting thisi386: No such file or directoryCommand CodeSign failed with a nonzero exit codeAny Ideas why ?

Hello, I am setting up a build (Gitlab CICD) runner. I create a keychain and imported certificate and my signing key. $ security find-identity -v XXXXXX Developer ID Application: XXXXXX, INC. (XXXXXX) (CSSMERR_TP_NOT_TRUSTED) 1 valid identities found $ security find-identity -p codesigning -v XXXXXX Developer ID Application: XXXXXX, INC. (XXXXXX) 1 valid identities found Codesign fails with unable to build chain to self-signed root for signer Developer ID Application: XXXXXX, INC. (XXXXXX) errSecInternalComponent On the local machine everything is fine. I think the point is that the identity is both valid and CSSMERR_TP_NOT_TRUSTED. What can I do about it?

As I've said before, our product uses cmake for building, and vcpkg for 3rd party management. vcpkg does not (yet) support universal builds on the Mac; neither does HomeBrew, and MacPorts kinda does but some of the ports actually think universal is x86, x86_64, ppc, and ppc64 and won't build because you can't build ppc anymore. So I have had serious talks with our build and we have reached a compromise where I can now build for arm64 or for x86_64. The next step would be to manually combine the executables, and then re-sign (using our Developer ID). Has anyone got suggestions on how to do that? I can just grab the codesign commands from the build output and use those; is that feasible? (At some point I may insist on having a week or so to try getting vcpkg to build universal, but I don't have that week or so now, so that's not going to happen. I could potentially ditch cmake for the Mac builds, and then I think CocoaPods has all of the 3rd party libraries we depend on, but I'm not positive, and that

The short story: tested with a default Xcode command line tool that says Hello World.1) Build a command line tool on 10.11.3 and sign it with my Developer ID. Everything is fine.2) Test it on 10.11.4 and spctl gives me an obsolete resource envelope error.The deeper problem that this causes:My app is built on 10.11.3. It is a prefPane with one command line tool and three app bundles (four helper tools) in it's bundle. I am getting GateKeeper warnings on 10.11.4 systems, but not on anything else. It is manually codesigned with my Developer ID... first the helper tool frameworks, then the helper tools themselves and then the prefPane. So everything is signed from the inside-out.In terminal (on two different machines running 10.11.3) I get:spctl -a -t exec -vv My.prefPane /Volumes/Path/To/ source=Developer ID origin=Developer ID Application: My Company, Inc.codesign --verbose=4 --deep --strict My.prefPane /Volumes/Path/To/ /Volumes/Path/To/ In terminal (on two different machines running 10.11.4) I get:sp

Dear apple folks, we try to establish command line based codesigning for a second user account on a machine, where it already works for another user account. User A is able to run the codesign tool like this: /usr/bin/codesign --verbose --timestamp -o runtime --entitlements $BASEDIR/entitlements.plist --sign Developer ID Application: OUR COMPANY OUR_APP.app With keychain, user A sees the following objects within the system area: A private key of OUR COMPANY The Developer ID Application certificate for OUR COMPANY User A can ask security find-identity -p codesigning and gets an output with 1 matching and 1 valid identity. This is fine so far. Not so user B. With keychain, user B sees the same objects within the sytem area as user A on this same machine. But security find-identity lists 0 identities and codesign tells user B The specified item could not be found in the keychain. So: although the items are visible in keychain, somehow, the identity is not accessi

Xcdoe version: Version 8.0 (8A218a), and I compile code using Swift2.3.I want upload to app to app strore, build archive is succesed, but When I click validate or Export on the archive, I got this error:An error occurred during validation Codesign failedThe I click the show logs button , I can see these logs:1. IDEDistribution.critical.log2016-11-12 05:08:29 +0000 [MT] Presenting: Error Domain=IDEFoundationErrorDomain Code=1 Codesign failed UserInfo={NSLocalizedDescription=Codesign failed}2. IDEDistribution.standard.loginvalid resource directory (directory or signature have been modified) invalid resource directory (directory or signature have been modified), This is a important message I think.It seems the error is occur when codesign the framwork. I'm sure I'm using right certificates.

Hi, I have codesigned my application and after this macos won't run the binary anymore. codesign -f -o runtime --timestamp -s Developer ID Application: YOUR NAME (TEAM_ID) --entitlements $HOME/workspace/GSequencer-cocoa/gsequencer-macos/macos-contrib/GSequencer.entitlements -i com.gsequencer.GSequencer --deep $HOME/workspace/GSequencer-cocoa/gsequencer-macos/build/universal/GSequencer.app Verify signature works. codesign -vv $HOME/workspace/GSequencer-cocoa/gsequencer-macos/build/universal/GSequencer.app The same for the DMG file, still doesn't work anymore. codesign -f -o runtime --timestamp -s Developer ID Application: YOUR NAME (TEAM_ID) $HOME/workspace/GSequencer-cocoa/gsequencer-macos/build/arm64/GSequencer-6.9.1.dmg I would love to distribute my application with code signing. Note all libraries are built using clang or clang++. I figured out that when I leave entitlements away it would launch but complains about library signatures. regards, Joël

Still trying to codesign my application using a custom build process (no XCode here). I think I found out the reason why codesign doesn't like my application bundle: it issues an error at each directory name containing a dot, apparently thinking it's some sort of bundle. The problem is, some of these directories are used by a library which will look them up with such a name, so I really can't rename them easily.Is there a workaround for this? Is there any way to tell codesign to just consider directories with a dot in their name as just directories, and not expect anything special in them?Thanks.

Hi all, My project consists of main application, an endpoint security extension and a findersync extension. When I try to build it in release mode, the findersync extension is getting built with entitlements of the main app and not one of its own. I am not seeing this issue for endpoint security. I am signing using a Developer ID Application signing identity. When I look into the build logs I am seeing that --entitlement is used in code sign and the file which is passed as the argument also has the correct entitlement. When I tried manually running the codesign command with the --entitlement flag, I am still unable to get the correct entitlement. Is there any difference in the way the codesign happens for the system extension and findersync? What changes do I need to make in order to get the correct entitlement. Thanks in advanced

Hello,My CI builds are failing regularly since July 1st with this codesign error: A timestamp was expected but was not found..The Mac app has a few frameworks which are properly signed, and sometimes it gets through the signing process but fails at a seemingly random code signing command with this error.I have checked and the signing certificate (Developer ID) expires in 2017. I also made sure that the CI servers had their time set automatically using the time.apple.com servers to prevent clock drift.Short of disabling timestamps with --timestamp none in the codesign command, is there anything I can do? Am I tied to Apple's timestamp servers' whims?Thanks for any insight,Philippe