Command line tools not working after notarization

After I add

target_link_libraries(TOOL_NAME -static-libgcc -static-libstdc++ )

I get this error, how can I fix it?

I can build and run it but after signing and notarization, it can not work with getting this:

Notarisation is a read-only process, so the problem here is your code signing. It’s hard to say what that might be with more context. To start, I recommend that you work through the steps in Resolving Trusted Execution Problems.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hey @huanling820713,

Would it be possible for you to share the steps you are taking for signing and notarization? This will help us break down what is happening after the build (assuming the application works at this point) that could be modifying the application contents and then we can look at whether or not the steps you are taking to sign are being trusted by the OS.

While I sign mostly DMG files, I think you should be able to run the below command on your signed file to determine if it is trusted, but this is only checking your high level signing and not whether or not Gatekeeper trusts you at this point.

codesign -dv --deep --verbose=4 /Path/To/File

@eskimo also has a great post that I skimmed over at the below URL and certainly looks like a good read to help you troubleshoot!

https://developer.apple.com/forums/thread/128166

Hopefully this helps and happy coding!

Hey @ChuckMN, I will show you step by step.It may be helpful for you.

1. coding and test my command-line tool.；
2. as you know, we have to sign and notarize it before release；
3. then its all right for run, test, sign, and notatize . It`s all right, then next.
4. for release ， I add static lib to my CMakeLists.txt as follow :

target_link_libraries(TOOL_NAME -static-libgcc -static-libstdc++ )

1. run and test ok

6.sign error!

codesign -fs FS --timestamp --force --deep --options runtime --entitlements ENTITLMENT TOOL_NAME
TOOL_NAME: internal error in Code Signing subsystem

so ,how to fix?

The message internal error in Code Signing subsystem corresponds to errSecCSInternalError, which is pretty unusual. What linker are you using to create this executable? Apple’s ld? Or something custom?

If you add -vvv to your codesign invocation, what does it print?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I can git you something new. I replace

target_link_libraries(TOOL_NAME -static-libgcc -static-libstdc++ )

as

target_link_libraries(TOOL_NAME -static-libgcc )

and I can sign and notarize it success. but get error when run it .

zsh: killed   TOOL_NAME

Is there anyone know how to deal with it ? Please.

Need help still

codesign -dvvv give me nothing

Nothing? Nothing at all? That doesn’t make any sense. Even if the code is completely unsigned, codesign will print something in that case. For example:

% codesign -d -vvv --entitlements - zsign 
zsign: code object is not signed at all

Please re-run the command and post the results you get, as I’ve illustrated above. Use a code block to make it easier to read.

Also, you didn’t respond to my other question:

What linker are you using to create this executable? Apple’s ld? Or something custom?

Finally, posting this:

Is there anyone know how to deal with it ? Please.

and this:

Need help still

separated by 6 hours suggests that you have an unrealistic expectation as to what DevForums is. See tip 3 in Quinn’s Top Ten DevForums Tips.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

 codesign -fs FS --timestamp --force --deep --options runtime --entitlements ./entitlements.plist TOOL_NAME
TOOL_NAME: internal error in Code Signing subsystem

I got this and this.

codesign -dvvv .TOOL_NAME
TOOL_NAME:code object is not signed at all

Also, I have tried

 codesign -fs FS --timestamp --force --deep --options runtime  TOOL_NAME
 codesign -fs FS --timestamp --force --deep TOOL_NAME
 codesign -fs FS --timestamp --force TOOL_NAME

They can not work thanks

Please answer my question about what linker you’re using.

Don’t use --deep when signing code. See --deep Considered Harmful for an explanation as to why.

Please do the following:

1. Using Xcode, create a new project from the macOS > Command Line Tool template.

2. Build it.

3. Choose Product > Show Build Folder.

4. Navigate to your built tool.

5. Open a Terminal window in that directory.

6. Use codesign to re-sign that executable.

Does that work?

This test will tell us whether the problem you’re having is related to your third-party tooling or the Mac itself.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"