I have binary application in c++ and objective c++ created not with xcode. I'm trying to sign and add entitlement that will allow the application to store certificate in keychain.
When I sign the app with entitlement and try to run it crash and I see error - Code Signature Invalid.
signing without the entitlement is fine.
command to sign:
codesign -f -s "MyName" -o runtime --timestamp <my app> --entitlements <entitlement file>
Here is the file:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>keychain-access-groups</key>
<array>
<string>myApp</string>
</array>
</dict>
</plist>
Why I'm not able to add entitlement to my app ?
The keychain-access-groups entitlement must be authorised by a provisioning profile. See What exactly is a provisioning profile? for more background on this.
I have binary application
Please clarify what you mean by “application”. Are you using it as a generic term for a program that the user can run to do something? Or in the specific Mac sense of an icon in the Finder that, when the user double clicks it, runs and presents a UI?
This matters because the first definition usually means that your code is not bundled, and signing non-bundled code with restricted entitlement is tricky. See Signing a Daemon with a Restricted Entitlement.
Finally, with regards the big picture, you wrote:
I'm trying to sign and add entitlement that will allow the application to store certificate in keychain.
You only need a restricted entitlement to use the data protection (iOS-style) keychain. Any code with a stable signing identity can use the legacy file-based keychain.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"