codesign osx binary

App & System Services Core OS
rilldata OP
Created Aug ’22
Replies 1
Boosts 0
Views 2.4k
Participants 2

Hello,

We are trying to codesign our osx binary which we created.

$ codesign --verbose=4 --timestamp --strict --options runtime -s "Developer ID Application: Rill Data, Inc (XXX)" macOS-x64/application/rill --force
macOS-x64/application/rill: replacing existing signature
macOS-x64/application/rill: signed Mach-O thin (x86_64) [rill]

$ codesign --verify macOS-x64/application/rill --verbose=4
macOS-x64/application/rill: valid on disk
macOS-x64/application/rill: satisfies its Designated Requirement

We also tried creating the pkg, we were able to install it locally but when actually executing the binary it again complained "Apple cannot check it for malicious software"

We also tried getting it notarized but that also fails.

$ xcrun altool --notarization-info <hash> -u <> -p  <>
No errors getting notarization info.

          Date: 2022-08-19 05:26:14 +0000
          Hash: <hash>
   RequestUUID: <hash>
        Status: in progress
   Status Code: 2
Status Message: Package Invalid
Replies  1
Boosts  0
Views  2.4k
Participants  2
DTS Engineer OP
Apple
Aug ’22

Presumably you:

  • Are not using Xcode to build your product

  • Want to distribute this outside of the Mac App Store

Given that, I recommend that you read through:

Those explain how to sign and then package your product for independent distribution, and have links to notarisation advice.

Apropos that last bit:

  • altool is deprecated for the purposes of notarisation and will stop working in Fall 2023. If you’re just getting started, start off with notarytool. For more information about notarytool, watch WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps.

  • Fetch the notary log to see what the notary service is complaining about specifically.

  • My best guess is that you’re signed your installer package with your Developer ID Application code signing identity. That’s not right; for an installer package, you need Developer ID Installer. Packaging Mac Software for Distribution has the details.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1
codesign osx binary
First post date Last post date
 
 
Q