Code signing on mac

Similar Messages

• How to Code Sign a Mac App?

  Hi
  I'm fairly new to Mac OS X Development (been developing apps for the iPhone though). We've recently developed an app that requires Bonjour/internet connectivity and now the Mac asks the user each time if they'd like to allow the app for incoming connections. It seems eventhough the user clicks 'Allow', for some users it still doesn't work (i.e. connection from other devices over bonjour fails) and we feel it's a firewall issue.
  We need to somehow codesign the app so that the Mac does not ask this question each time. How can one ensure their app is not 'firewalled'? Thanks!

  Here you go, it's not too hard once you get stuff set up: Code Signing Guide.
  Once you get this identify set up, double-click on your target and one of the build settings sections will show code signing options. Just choose your setup from the popup menu.
  Hope this helps....

• Code Sign Mac Plug-Ins?

  Hi Folks,
  Does anyone have any information or experience about whether or not a developer should code sign the Mac plug-ins he/she creates? Will an unsigned plug-in cause any issues with Mountain Lion's Gatekeeper settings when a user installs it?
  I've not had time to install and test the Mountain Lion beta (which I will eventually do when I get some time), so I'm not sure if signing makes any difference. I'm thinking it's not necessary to code sign plug-ins since earlier versions of ID are not signed, but I'm not sure what the consequeces of not code signing might be.
  I'm running Snow Leopard 10.6.8 with Xcode 3.2.6 installed, and I used the "codesign" command-line tool against an Adobe created plug-in in ID CS6. I get "code or signature modified" returned. Which means, I think, that the plug-in was code signed, but somehow got modifed since the signing. Running against the ID CS3 app, it tells me that it's not signed (which makes sense, since it came out before Leopard).
  Here's what I did:
  codesign -dvvv "/Applications/Adobe InDesign CS6/Plug-Ins/Layout/Alignment Panel.InDesignPlugin"
  and got this result:
  /Applications/Adobe InDesign CS6/Plug-Ins/Layout/Alignment Panel.InDesignPlugin: code or signature modified
  Any opinions, comments, suggestions, etc. are welcome
  Thanks!
  -- Jim

  Refer,
  http://blogs.adobe.com/cssdk/

• "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.]" for brand new, vanilla Mac App

  In OS X Maverick's XCode, I created a brand new Mac > "Cocoa Application", with Core Data and Spotlight Importerl; about as vanilla a Cocoa application I could muster. 
  Under Preferences > Accounts, I signed in to my Mac Developer Account.
  In Targets > Identity, I set Signing to "Mac App Store", and was able to select my Mac Developer Account for "Team".
  I then went to Product > Clean, and then Product > Build for... > Running, and then Produt > Archive.
  In the Organizer, I select the resulting .app and click "Validate", and hit the Mac App Store radio, and hit "Next", and it's able to log into my Mac Developer Account.
  I select my Provisioning Profile in the dropdown, and click "Validate".
  It comes back with several errors:
  1 - "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.] For more information, visit the Mac OS Developer Portal."
  2 - "The bundle identifier cannot be changed from the current value, '{DIFFERENT-BUNDLE-FROM-OTHER-PROJECT}'.  If you want to change your bundle identifier, you will need to create a new application in iTunes Connect.
  3 - Invalid Code Signing Entitlements.  The entitlements in your app bundle signature do not match the ones that are contained in the provision profile.  The bundle contains a key that is not included in the provisioning profile: 'com.apple.applications-identifier' in '{BUNDLENAME}.app/Contents/MacOS/{BUNDLENAME}'
  I was able to do the same process before, for a vanilla app, before Mavericks.  I'm not sure if this is a Mavericks error, or a fact that now I have multiple app projects.  Particularly odd is that DIFFERENT-BUNDLE-FROM-OTHER-PROJECT in error (2) is not the same bundle name as the current project's bundle.
  Would love any help you can provide!  Thank you!

  Seen this thread?
  New codesign behavior, --deep option 
  "Code signing has some interesting changes in Mavericks (that apparently haven't made it into the release notes yet...). Note that this is a change to the operating system, not to the devtools."

• Using Apple Mac Developer account for code signing

  Has anyone been using their Apple Mac Developer account for code signing and Adobe Air desktop App?
  Any hints, tips comments appreciated!

  Why would I do that?  I simply want to know, is the binary file I downloaded signed by with MY cert?  I can determine this within reasonable doubt by answering two simple questions:
  1.  Is the cert that this file signed with valid (chain of trust and all that).
  2.  What is the name of the cert (the identity).
  If the Identity is the right one (in our case, the name of our company) and it is valid, then I will trust that this binary is ours.
  Maybe this will clarify my question. I guess I could rephrase this question as:
  "How do I write a simple tool that will verify a file has a valid signature and will give me the signer's identity"?

• Mac C++ tool verifying code signing cert / signature

  I have a command line tool I have code signed using the "codesign" tool.  Using its -vv option it verifies that my code is indeed signed.  Now here is my problem, it doesn't tell me who signed it, ie: The name on the cert and stuff like that.  To complicate matters even further, I wish to be able to do this from a C++ application.  I want to look at a binary file, see that it is signed, and signed by us.  As a security measure I would like to only allow our application to update if the new files are signed by us.  I am having trouble locating any API which deals with this.  On the windows world there is an obscure API that allows me to do this.  I do not even know if such and API system exists in the Apple world since code signing is brand new introduced in 10.5.
  In addition to some API help, if there is a way to simply get information about who signed an executable (On windows you just right-click and pick properties) and you can get all sorts of information about the digital signature);  Is there something like this on a Mac?
  Thanks for any help I can get.

  Why would I do that?  I simply want to know, is the binary file I downloaded signed by with MY cert?  I can determine this within reasonable doubt by answering two simple questions:
  1.  Is the cert that this file signed with valid (chain of trust and all that).
  2.  What is the name of the cert (the identity).
  If the Identity is the right one (in our case, the name of our company) and it is valid, then I will trust that this binary is ours.
  Maybe this will clarify my question. I guess I could rephrase this question as:
  "How do I write a simple tool that will verify a file has a valid signature and will give me the signer's identity"?

• Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

• Code Signing certificate expired

  Hello,
  I please need an information about SGDEE 4.1 login applet: it seems
  applet code signing certificate was expired on September 2, 2005.
  I have no problem (after I deleted all expired root certificates from
  local client repository) with Internet Explorer 6SP1, but Mozilla Firefox
  always prompt me a warning with this contents:
  Serial:     
  [62374265099632433790334794162326322759]
  Issuer:
  N=VeriSign Class 3 Code Signing 2001 CA,
  OU=Terms of use at https://www.verisign.com/rpa (c)01,
  OU=VeriSign Trust Network,
  O="VeriSign, Inc."
  Valid From: Wed Sep 01 02:00:00 CEST 2004,
  To: Fri Sep 02 01:59:59 CEST 2005
  Subject:
  CN="Tarantella, Inc.",
  OU=Digital ID Class 3 - Netscape Object Signing,
  O="Tarantella, Inc.",
  L=Santa Cruz,
  ST=California,
  C=US
  Thank you very much in advance,
  Best Regards,
  Valerio Morozzo

  I know this is an older post, but it helped me find out how to make the migration procedure for native installer. I tried it with self signed certificate created by ADT tool and everything went fine.
  But now, we obtained a commercial AIR signing certificate from Thawte and the process failes in step 3) ADT saying
  'Certificate in PATH_TO_P12 could not be used to sign setup.msi' on Windows.
  On mac, it says that signing native installer on OSX is not supported, so I skipped the signing option in step 3) and it worked fine.
  I can skip the signing option on Windows as well and the process succeeds, but running the installer on machines with previous versions of application results in "Installer mis-configured' error message - the same error as if the migration process was not applied.
  I already contacted Thawte if it is a certificate issue, reply from them was 'AIR certificate can only sign .air applications'. But when I build a native application directly from FlashBuilder and sign it with the Thawte certificate the whole process seem to succeed. The application can be installed on machines without previous version of the application. Those who already have the older version get the 'Installer mis-configured' error message.
  I want to mark out again, that the same process but with a self signed certificate created with ADT, is successfull and the application can be installer as an update on machines with older version of the app. So I assume the workflow is correct.
  Any ideas? Or somebody having the same issue?
  Thanks

• Code Signing Cert for AIR and MSI

  If a Code Signing Certificate for AIR is purchased, can that same certificate be used when distributing the package using MSI?
  Or does it not matter as long as the AIR app is signed?

  No, this was a different problem that created similar symptoms.
  I just found out that, since Director 11.5, we can put the Xtras folder inside a projector. I was relying on outdated documentation, both online and in my mind, which said the xtras had to be next to the projector.
  Weirdly, putting the Xtras folder inside the Contents folder (inside the bare stub projector) solved the problem I was having: my sound was not functioning after I code signed the xtra that enables sound. Now it works fine.
  I also created an error when my projector's INI file set Movie01 to a Director movie in the same folder as the projector. Now I have it instead point to a movie in the Resources folder of the projector. So maybe I will just throw all my movies and supporting files in the Resources folder.
  I too am thinking of documenting the process, once I know customers are buying my app and using it successfully. Maybe I'll use screen recording to create a set of YouTube tutorials. That can spare others from this confusion and aggravation, and encourage people to buy the latest version of Director and update their old products. The more money that Adobe earns from Director, the more they will be encouraged to invest in developing Director further.
  If Apple will accept apps without receipt validation, that will certainly simplify things. I saw an Apple web page that stated it was mandatory, but that page has been changed. Maybe validation is optional but no longer required.
  For details, check this:
  https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Intro duction.html
  but luckily there is source code out there that can be used to handle those technical details.
  I'm wondering how you applied your set of icons to your bare stub projector. Did you simply replace the projector.icns file? I created an error when I tried that.

• Code Signing for MacOS 10.8+

  Anyone have a sample build setup for signing the .app file before creating the DMG? How to make this part of the build process?
  I have an Apple developer id, but wondering how to integrate signing in the JavaFX build process (native bundles)

  I have something like this which gives me a signed app bundle (.app). I then manually create a DMG using DMG Canvas.
  <?xml version="1.0" encoding="UTF-8" standalone="no"?>
  <project name="testMacOSXBuild"
                default="default"
             basedir="."
             xmlns:fx="javafx:com.sun.javafx.tools.ant">
      <target name="default">
       <fx:jar destfile="${dist.dir}/${out.jar}">
       </fx:jar>
       <fx:deploy width="${applet.width}"
                    height="${applet.height}"    
                    verbose="true">
       </fx:deploy>
           <!-- code signing. -->
           <exec executable="/bin/bash">
                <arg value="scripts/mac/code_sign.sh"/>
           </exec>
      </target>
  </project>

• Code Signing Help!

  Hello. I am trying to submit my application to the mac app store. However I can't code sign when I click on submit.Please help the only option in Code Signing is Don't Sign.
  Thanks.

  Hello. I am trying to submit my application to the mac app store. However I can't code sign when I click on submit.Please help the only option in Code Signing is Don't Sign.
  Thanks.

• CODE SIGNING errors

  I've been notiching a number of "CODE SIGNING" errors on my MacBook Pro. I'm not sure when exactly these started and they're not really affect the system, however I'd really like to find out the root cause. Here's the relevant dmesg entries:
  CODE SIGNING: csinvalidpage(0x100000000): p=10957[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=10958[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=10960[AppleMobileBacku] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11107[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11147[AppleMobileBacku] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11148[AppleMobileBacku] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11171[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11172[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11214[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11215[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11235[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11237[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11726[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11727[MDCrashReportToo] clearing CS_VALID
  CODE SIGNING: csinvalidpage(0x100000000): p=11729[AppleMobileBacku] clearing CS_VALID
  I'd like to note that it appears to only be two apps... and those process IDs are (I think) old... would it do this when backing up (TimeMachine) when I haven't done that in a month or so?
  Anyone have any insight on this?

  Start with http://developer.apple.com/mac/library/documentation/Security/Conceptual/CodeSig ningGuide/Introduction/Introduction.html

• Code Signing a Director 12 App for the AppStore

  I have seen a few discussions on this topic and signing and submitting to the AppStore while full of challenges was possible with Director 11.
  With Director 12, we have been unable to code sign the projector.
  We use the Terminal to do it:
  codesign -f -v -s "3rd Party Mac Developer Application: Developer's Name" [path to .app]
  We get the following error:
  /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cod esign_allocate: the __LINKEDIT segment does not cover the end of the file (can't be processed) in: /Users/OurApp.app/Contents/MacOS/OurApp
  /Users/OurApp.app: code failed to satisfy specified code requirement(s)
  Any ideas would be welcome!
  Additionally:
  I have just discovered that unless Director is updated any submissions to the Apple App Store will be refused because of the use of the QuickTimes APIs
  Deprecated API Usage - Apple no longer accepts submissions of apps that use QuickTime APIs.

  There isn't a way to save as an earlier version, but my article from 13 years ago still holds true:
  http://www.director-online.com/buildArticle.php?id=1034
  The article tells you how to find two copies of a particular pair of numbers. For D7 those numbers would be 057E, D8 would be 0640, and D8.5 is 073A. Changing the two places where those number are will make the DIR open in older versions of Director.
  The numbers for D11.5 are 0782, and for D12 they are 079F. So, track down the two places where 079F are (which are 18 positions apart) and change them to 0782, and you'll be able to open the file in D11.5.
  One change since I wrote that article is that the identification sequence is now the Windows one on Mac too, most likely because it's an Intel app now. So, the number sequence to look for to get close to those two numbers is 46 43 52 44. In the file I checked there were three places where those numbers were, and it's the last of the places that followed by the two numbers, about 8 & 26 bytes later.

• Code signing from cli in 10.6

  Hello,
  I'm new to code signing on OS 10.6 and I assumed it works the same way as 10.5.  I installed my Mac pk12 Thawte certificate into my login keychain.
  No matter how I try to sign with codesign on either an unsigned code or previously signed by another party, I get the same error: code object is not signed
  $ codesign –sign ‘My code signing certificate" --force --verify file.dmg
  File.dmg:  code object is not signed
  $  codesign –d –v --verbose file.dmg
  File.dmg: code object is not signed
  Any suggestions on how to resolve this?
  Thanks,
  -Sean

  Well, a few weeks ago this site used a .dmg as an example, but since have changed the example to be for .app:
  http://www.digicert.com/code-signing/mac-os-codesign-tool.htm
  And I misunderstood the development team I support.  I thought they were signing their .dmg with a self-signed test certificate during development but it turns out they were not. 
  Can someone from Apple Support please list the file types that codesign in OS 10.6.7 will sign?

• What code signing certificate has to be added for Adobe Air Native Installer?

  Hi,
  I'm developing Adobe Air application. I need to digitally verify the application to add the publisher's name with the product. I did a little research and came to know that Symantec, Thawte, Comodo, Comodo-Tucows, Digicert, Godaddy and couple of others are doing this.
  Yes. I'm talking about the Code Signing Certificate. My question is, What code signing certificate has to be added for Adobe Air Native Installer? The reason is, The native installer will have an extension .exe ( Windows ) and .dmg ( MAC OS X ).
  These guys are providing certificate for Adobe Air. For instance, If the application is exported using Native Installer in Windows, The application will have an .exe extension. For this, Can I use the same Adobe Air code signing certificate or Should I go for Microsoft Autheticode ( for .exe ) certificate?
  Thanks in advance.

  I think comodo code signing certificate is one of the nice option to be added for Adobe Air, as i have seen comodo code signing certificate in other adobe programs. Recently i bought comodo code signing from https://cheapsslsecurity.com/comodo/codesigningcertificate.html, to sign one of my adobe application and it works fine, you can use microsoft authenticode technology with comodo code signing.