I need to distribute my MacOS app to users at my institution so I packaged and signed it with “productbuild”  as such:   I generated the signing key in the Developer portal by choosing the “Mac Installer Distribution” type downloaded it and added it to my keychain. Then I ran this command:   >  productbuild --sign "3rd Party Mac Developer Installer (XXXXXXXXXX)" \ >  --component InstallTkiCliClient.app /Applications InstallTkiCliClient.pkg   I placed the file in an S3 bucket and downloaded it with Safari. When I open it, I get the dialog that says ‘“AppName.pkg” cannot be opened because it is from an unidentified developer.’ and I have no option but to cancel the operation.   I know the “trick” of ctrl-clicking the file and choosing “Open With” to bring up a dialog that has an option to open the app. That is not my problem. I wanted to avoid this problem for persons that download it so that is why I did all this in the first place.    I did try using “productsign” as well, but that didn’t fix anything which was not a surprise.   > productsign --sign "3rd Party Mac Developer Installer (XXXXXXXXXX)" \ \ > InstallTkiCliClientInstaller.pkg \  > InstallTkiCliClientInstallerSigned.pkg   Can someone figure out what I did wrong? Did I miss a step?

i have osx 12.1 installed, latest Xcode and Command line tools. i also have installed MAMP Pro. i have to install some perl modules. when i use perl from osx it works. when i try to use perl that comes with MAMP i got the following error: /Application/MAMP/Library/bin/cpan install HTML::Parser .... t/uentities.t .......... Can't load '/Users/markus/.cpan/build/HTML-Parser-3.76-0/blib/arch/auto/HTML/Parser/Parser.bundle' for module HTML::Parser: dlopen(/Users/markus/.cpan/build/HTML-Parser-3.76-0/blib/arch/auto/HTML/Parser/Parser.bundle, 0x0002): tried: '/Users/markus/.cpan/build/HTML-Parser-3.76-0/blib/arch/auto/HTML/Parser/Parser.bundle' (code signature in <F2C6AAD0-D2A8-34D6-A697-A817A2334036> '/Users/markus/.cpan/build/HTML-Parser-3.76-0/blib/arch/auto/HTML/Parser/Parser.bundle' not valid for use in process: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.), '/usr/lib/Parser.bundle' (no such file) at /Applications/MAMP/Library/lib/perl5/5.30.1/darwin-thread-multi-2level/DynaLoader.pm line 197. this must have something to do with code signing or gatekeeper. this error comes even if i try to do it manually: /Applications/MAMP/Library/bin/perl Makefile.PL Checking if your kit is complete... Looks good Generating a Unix-style Makefile Writing Makefile for HTML::Parser Writing MYMETA.yml and MYMETA.json make cc -mmacosx-version-min=10.12 -bundle -undefined dynamic_lookup -L/usr/local/lib -fstack-protector-strong Parser.o -o blib/arch/auto/HTML/Parser/Parser.bundle \ \ chmod 755 blib/arch/auto/HTML/Parser/Parser.bundle make test .... t/uentities.t .......... Can't load '/Users/markus/.cpan/build/HTML-Parser-3.76-0/blib/arch/auto/HTML/Parser/Parser.bundle' for module HTML::Parser: dlopen(/Users/markus/.cpan/build/HTML-Parser-3.76-0/blib/arch/auto/HTML/Parser/Parser.bundle, 0x0002): tried: '/Users/markus/.cpan/build/HTML-Parser-3.76-0/blib/arch/auto/HTML/Parser/Parser.bundle' (code signature in <F2C6AAD0-D2A8-34D6-A697-A817A2334036> '/Users/markus/.cpan/build/HTML-Parser-3.76-0/blib/arch/auto/HTML/Parser/Parser.bundle' not valid for use in process: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.), '/usr/lib/Parser.bundle' (no such file) at /Applications/MAMP/Library/lib/perl5/5.30.1/darwin-thread-multi-2level/DynaLoader.pm line 197. ll blib/arch/auto/HTML/Parser/Parser.bundle -rwxr-xr-x 1 markus staff 71960 22 Dez 09:37 blib/arch/auto/HTML/Parser/Parser.bundle

Hello, I found that when installing an arbitrary app to macOS 12.0 by pkg file, it shows following error message. PKInformSystemPolicyInstallOperation failed with error:An error occurred while registering installation with Gatekeeper. Issue can not be replicated with macOS 11. Also even the error message has shown, installation seems to be completed properly. Have anyone seen similar issue with macOS 12?

I have a small command-line tool (a service) that gets compiled by Xcode, then I'm signing it during a Run Script phase. When I try to run it, it gets "Killed". Here's the signing command: % /usr/bin/codesign -s "Developer ID Application: ..." --keychain "/Users/.../Library/Keychains/login.keychain" --timestamp -f -o runtime --entitlements /Code/.../mytool.entitlements  /Code/.../mytool I've got an Info.plist and entitlements for it. % codesign -vvvv ./mytool ./mytool: valid on disk ./mytool: satisfies its Designated Requirement % codesign -dvv ./mytool Executable=.../mytool Identifier=com.myorg.mytool Format=Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=10271 flags=0x10000(runtime) hashes=310+7 location=embedded Signature size=8952 Authority=Developer ID Application: ... Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Dec 8, 2021 at 6:28:25 PM Info.plist entries=19 TeamIdentifier=... Runtime Version=12.0.0 Sealed Resources=none Internal requirements count=1 size=180 When I run spctl I get: % spctl -a -v --raw ./mytool ./mytool: rejected (the code is valid but does not seem to be an app) <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>assessment:authority</key> <dict> <key>assessment:authority:flags</key> <integer>0</integer> <key>assessment:authority:source</key> <string>obsolete resource envelope</string> <key>assessment:authority:weak</key> <true/> </dict> <key>assessment:cserror</key> <integer>-67002</integer> <key>assessment:remote</key> <true/> <key>assessment:verdict</key> <false/> </dict> </plist> What's it mean? How can I get this tool to run signed OK? All of this stuff is highly opaque, and the documentation out of date (for example, where it says you can run spctl on /bin/ls, but it gives the same exact error output that /bin/ls isn't an app.) Note that ultimately this tool gets distributed in a ZIP file that contains Windows and Linux executables also; there is not, and ought not be, any macOS-specific installer... I have a lot of other things to do than jumping through these hoops. Info.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CFBundleDevelopmentRegion</key> <string>English</string> <key>CFBundleExecutable</key> <string>mytool</string> <key>CFBundleIdentifier</key> <string>com.myorg.mytool</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>mytool</string> <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleVersion</key> <string>2.0.0</string> <key>NSHumanReadableCopyright</key> <string>...</string> </dict> </plist> Entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.cs.disable-library-validation</key> <true/> </dict> </plist>

I have a Mac OS app that uses a separate swift-built binary to extend its functionality. It is non sandboxed and signed via Developer ID method. I placed the binary file in Contents/MacOS directory of the bundle. Here are the entitlements used to sign the bundle: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> </dict> </plist> When the application is built for arm64 (using arm64 built swift binary helper), successfully signed, notarized, and downloaded on a user's Mac, gatekeeper has no issues and throws no warnings. When the application is built for x86_64 (using the x86_64 built swift binary OR universal swift built binary helper), successfully signed, notarized, and downloaded on a user's Mac, gatekeeper throws the "macOS cannot verify that this app is free from malware" warning. So the issue seems to be the x86_64 swift built binary, but it is identical to arm64 build. I'm puzzled. Any suggestions on how to proceed?

Hi, I am working on an application that stays stuck at the verifying phase when launched on 10.14, but launches just fine on 10.15 and up. The application is signed with codesign. The enclosure is a dmg, codesigned too, notarized and stapled. I can't figure out why the application verification stays stuck. Any debugging advice on that would be much appreciated. Thanks.

I am on BigSur 11.6, I have been lately observing this issue where the installer command is hung while installing package. When observed carefully I see that the last thing executed by the installer is trying to verify the package. Here are the logs, I feel there is a bug either in trustd or installerd where in corner case it waits on a lock forever. Any suggestions to over come this issue? 2021-11-17 18:16:58+01 OSX3-BigSur installer[14815]: Set authorization level to root for session 2021-11-17 18:16:58+01 OSX3-BigSur installer[14815]: Administrator authorization granted. Other installer log, not sure if relevant 2021-11-17 18:16:58.845713+0100 0x1011c    Default     0x0                  14815  0    installer: (Security) [com.apple.securityd:SecError] Trust evaluate failure: [leaf ExtendedKeyUsage] [ca1 IntermediateEKU] 2021-11-17 18:16:58.845814+0100 0x1011c    Activity    0x1c323              14815  0    installer: (Security) SecTrustEvaluateIfNecessary 2021-11-17 18:16:58.848178+0100 0x1011c    Activity    0x1c324              14815  0    installer: (Security) SecTrustEvaluateIfNecessary 2021-11-17 18:16:58.853344+0100 0x1011c    Activity    0x1c325              14815  0    installer: (Security) SecTrustEvaluateIfNecessary 2021-11-17 18:16:58.856355+0100 0x1011c    Activity    0x1c326              14815  0    installer: (Security) SecTrustEvaluateIfNecessary 2021-11-17 18:16:58.856728+0100 0x10095    Default     0x1c326              151    0    trustd: [com.apple.securityd:policy] cert[0]: ExtendedKeyUsage =(leaf)[]> 0 2021-11-17 18:16:58.857505+0100 0x10095    Activity    0x1c2cb              151    0    trustd: (Security) SecItemCopyParentCertificates_ios 2021-11-17 18:16:58.857583+0100 0x10095    Default     0x1c2cb              151    0    trustd: (Security) [com.apple.securityd:SecCritical] Failed to talk to secd after 4 attempts. 2021-11-17 18:16:58.857614+0100 0x10095    Activity    0x1c2cc              151    0    trustd: (Security) SecItemCopyParentCertificates_ios 2021-11-17 18:16:58.857669+0100 0x10095    Default     0x1c2cc              151    0    trustd: (Security) [com.apple.securityd:SecCritical] Failed to talk to secd after 4 attempts. 2021-11-17 18:16:58.858403+0100 0x10095    Default     0x1c326              151    0    trustd: (CFNetwork) Task <BCFDA3CE-1EE4-4256-A2B2-F53724C36482>.<14> resuming, timeouts(60.0, 3.0) QOS(0x11) Voucher <private> 2021-11-17 18:16:58.858455+0100 0x10095    Default     0x1c326              151    0    trustd: (CFNetwork) [Telemetry]: Activity <nw_activity 12:2 [4E976781-0E22-43BE-B5BE-04422E825834] (reporting strategy default)> on Task <BCFDA3CE-1EE4-4256-A2B2-F53724C36482>.<14> was not selected for reporting Any help regarding this would be appreciated.

Hello, Even though I disable library validation my application won't load library with hardened runtime. It's important to note that library I'm trying to load is NOT signed at all. Do I understand correctly that com.apple.security.cs.disable-library-validation does only allow to load libraries signed with a different Team ID, not totally unsigned ones as I was hoping? If true, is there any way to load unsigned libraries. Signing them myself is not an option. Thanks, bkarasm

I am developing a Mac Command Line Tool with an Apple Enterprise Account. When I try to configure the signing capabilities for the App I can only set the signing certificate to Develop or to run locally. Which kind of certificate should I use to distribute this CLI to another user? Do you need to generate an App ID (Mac) for this kind of distribution?

Hi. I create a dmg for my app (notarized success, it's on Big Sur, Intel), this dmg can drag the app to the applications folder. After copy the app can work on: Big Sur (intel) Big Sur (M1) but it's can't work on High Sierra, this is the message app is damaged and can't be opened. use command to check notarized spctl -a -vv to check my app, it's return accepted. If directly open the app on dmg volume, it's work. It's possible got some problem after copy?

I've just bought a new MacBook Pro M1, and restored everything from my old Intel MacBook Pro using a Time Machine backup. It was a pretty smooth process, a few glitches such as needing to re-download certain apps to get the M1 version (e.g. Android Studio). One thing that I've noticed, and I don't know whether this is a Monterey thing or an M1 thing but as part of my day-to-day development work, I maintain various .sh files for building projects on different platforms. I have found that as soon as I edit and save an existing .sh file using TextEdit, it then sets the quarantine bit on the file and prevents it running from inside Zsh: zsh: operation not permitted: ./test.sh xattr yields the following: xattr ./test.sh  com.apple.TextEncoding com.apple.lastuseddate#PS com.apple.macl com.apple.metadata:kMDLabel_pjtfm5adga5rvjv2xmgkyqjwmq com.apple.quarantine This is incredibly annoying and I can't believe it is by design - this is not a file that has been downloaded from the Internet, it's my own file. Why can't I edit it using TextEdit? I do not get the same problem when I edit and save using Sublime Text, as one example, so what's with TextEdit doing that?

I have porting my existing application to support native M1, there a a lot of framework and library that I have already build for both platform. The strange result is when I archive the app on Intel machine. The binary work on Intel platform well. When I archive my application on M1 machine, the app can work on M1 well. But when I try to run app that build on M1 on Intel Machine, then I got the message said my app is damaged and can't be opened. The same situation got for build in Intel platform one. I try "lipo -archs" command on my app and I did get "x86_64 arm64" as result, so my app should already a universal app I guess. Does any body know are there some way to check what happened on my application? Thanks, any opinion will be appreciated ! Eric

I'm a web design teacher, and I create tutorials that require students to download start files that are zipped. With current security protocols, my zip files are difficult to open after downloading. How do I sign a folder so it can be easily opened by my students after downloading? I'm having issues finding information concerning my issue given that I'm not making an app. I just need to identify my files so they can be unzipped from an identified developer.

Hi there, We are developing an applicaton that can update itself. For example, we have two version 1 & 2. Both of them are signed, notarlized and stapled mac app bundle. When the version 1 find that there is a new version. It would download the difference. Then open another application named updater we developed. The updater use some posix function such as fopen, fwrite, chmod and link to copy/delete files to make the original one as the same as the version 2. The problem comes out here. When we open the updated one, the syslog says that binary is improperly signed. I don't know which step is incorrect. I make a copy of this app, it works perfectly. I guess there is something wrong with the application updater. We tried make the updater to be a single executable file or an signed, notarlized and stapled application bundle and still not work. After read some threads I still could not find out what is it. Hope someone could help me about this. Thanks in advance!

All customers that are using some versions of our product are complaining because they are not able to connect to the service. This happens because a certificate validation done in the code is failing. The certificate didn't expire but looking into the console logs these error is observed: default 08:39:03.218259 -0300 trustd cert[1]: BlackListedLeaf =(leaf)[force]> 0 default 08:39:03.218790 -0300 trustd cert[1]: BlackListedLeaf =(leaf)[force]> 0 default 08:39:03.218897 -0300 trustd cert[2]: AnchorTrusted =(leaf)[force]> 0 default 08:39:03.219086 -0300 trustd cert[1]: BlackListedLeaf =(path)[force]> 0 default 08:39:03.221455 -0300 dsAccessService Trust evaluate failure: [ca1 BlackListedLeaf] default 08:39:03.221929 -0300 NNNService SecStaticCode: verification failed (trust result 6, error -2147409652) default 08:39:03.221964 -0300 NNNService MacOS error: -2147409652 default 08:39:03.226483 -0300 NNNService MacOS error: -2147409652 default 08:39:03.853294 -0300 trustd cert[1]: BlackListedLeaf =(leaf)[force]> 0 default 08:39:03.853663 -0300 trustd cert[1]: BlackListedLeaf =(leaf)[force]> 0 default 08:39:03.853791 -0300 trustd cert[2]: AnchorTrusted =(leaf)[force]> 0 default 08:39:03.854047 -0300 trustd cert[1]: BlackListedLeaf =(path)[force]> 0 default 08:39:03.855542 -0300 NNNService Trust evaluate failure: [ca1 BlackListedLeaf] default 08:39:03.856172 -0300 NNNService SecStaticCode: verification failed (trust result 6, error -2147409652) As you can see this is the certificate validation that fails: Trust evaluate failure: [ca1 BlackListedLeaf] We need to understand why the app certificate is blacklisted. Is there any new policy enforced by Apple to blacklist certificates?