Trouble with mac certificates

  1. ‹ Older
  2. 7 weeks ago

    @Patrick B — That should do

    codesign -f --deep -s "<Apple_ID_or_email_adress>" <App_PATH>

    If it fails because of extended attributes being used, run the following before

    xattr -cr <App_PATH>

    to remove them

  3. Is that to codesign or to notarize? When I run that using my dev email i get "no identity found".

  4. @Patrick B — It is for code signing, though maybe you need to set your Apple ID in XCode (Preferences/Accounts) so it is stored into your Keychain.

  5. just for funzies I created a new Mac app in XCode and did a build. I then checked the successful build and it is code signed. so my certificates must be okay. wonder why I get "no identity found" when running that code in the Terminal?

  6. @Patrick B — Do you mean that the signed app from Xcode is not recognized in Terminal OR do you mean that your Xojo app is a problem?

    I have no doubt that Xcode can use your (Apple ID) identity quite well, but I am not sure about the rest of the OS.

  7. Yeah I had Xcode build and sign the app. then I checked the signature in Terminal by using:
    codesign -dv --verbose=4 test.app

    I got positive codesign info in return.

    Just for the heck of it I threw the app into App Wrapper. It copied the app into Wrapped Application. The wrapped app does launch, but I cannot notarize it in App Wrapper. Same error as my other app. Unable to verify the signature or not code signed.

  8. @Patrick B — That is really weird! Do you have any other executable outside of the main app?

  9. Jeff T

    Jul 30 Pre-Release Testers Midlands of England, Europe

    I cannot notarize it in App Wrapper.

    Did you get an app-specific password to use with App Wrapper?
    cant recall the steps but Im sure I needed to do that

  10. Sam R

    Jul 30 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    Okay; so we're pretty sure it's a problem with App Wrapper. hmmm..... Can I ask you to check the option "Use Apple's temporary engine", and make sure it's unselected. Its available by clicking on the action icon next to the identity selector.

  11. James S

    Jul 31 Pre-Release Testers, Xojo Pro

    Once I turned off “use apple’s temporary engine” mine is working again. Of course it took 6 minutes to wrap the app because of all the included helpers ;) But thats OK, they will all have to be deep signed anyway in order to notorize properly I think...

  12. Sam R

    Jul 31 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    @James S Once I turned off “use apple’s temporary engine” mine is working again. Of course it took 6 minutes to wrap the app because of all the included helpers ;) But thats OK, they will all have to be deep signed anyway in order to notorize properly I think...

    I have a solution for that; should be able to demo it in the next couple of weeks.

  13. Edited 7 weeks ago

    looks like i was able to get one of my apps to sign in Terminal after running

    xattr -cr <App_PATH>

    so I tried running that before going to App Wrapper and it looks like it's signed it but it still won't launch the app for some reason. I still get the error:

    Crashed Thread:        0
    
    Exception Type:        EXC_CRASH (SIGABRT)
    Exception Codes:       0x0000000000000000, 0x0000000000000000
    Exception Note:        EXC_CORPSE_NOTIFY
    
    Termination Reason:    DYLD, [0x5] Code Signature

    The app will run from the Desktop prior to using App Wrapper, though.

  14. got an email from Apple support right after my previous post in regards to the error message.

    "This clearly indicates a code signing problem, and specifically a problem with your nested code. It seems that your main app was signed to some extent, but it’s unable to load a nested library (XojoFramework) because that’s not been signed correctly."

    He did not yet tell me what to do about it, as I'm supposed to sign the app and export the Terminal results. I suspect there's some option I have to add when codesigning?

  15. @Patrick B — That is what the "--deep" option is for with the codesign command. I tried 2 min ago and my XojoFramework is properly signed with the command I gave you.

    Do you have an Entitlements file for this project? If so, you probably want to change the command to:

    codesign -f --deep --entitlements <Path_to_Entitlement_File> -s "<Apple_ID>"  <Path_to_APP>
  16. i don't even know what an entitlements file is. :-)

    Forgot to mention my Developer ID Application cert would not sign, but my 3rd Party Mac cert did sign after running the xattr -cr code on it. Just sent an exported Terminal session to Apple. Glad I'm getting some help from them. Hope it sheds some light on what's going on with App Wrapper too. I much prefer using that than Terminal!

  17. Edited 7 weeks ago

    @Patrick Besong — Well I don't use the Terminal. I have just added a script to my Xojo projects so that they are automatically signed when building code.

    I am not sure what a "third party" ID is. Is it about using a "non-Apple" email address? Because I use one too.

    EDIT: but it works only if I put my email address in the command line after "-s"!

    However, you can switch according to this article

  18. 6 weeks ago

    Sam R

    Aug 1 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    Patrick, can you check in App Wrapper and make sure that “Use Apple’s temporary engine” is unselected.

    Can I ask you to check the option "Use Apple's temporary engine", and make sure it's unselected. Its available by clicking on the action icon next to the identity selector.

    This enables the deep option; which is something that Apple even advises against and recently it appears to be causing problems. I am working on a replacement and hope to have some thing you can use in a week or so.

    @Patrick B i don't even know what an entitlements file is. :-)

    In App Wrapper; these are the options you select on the capabilities pane. By using App Wrapper; you should get the correct entitlements for the correct executable.

  19. "Use Apple's temporary engine" is unchecked.

  20. Sam R

    Aug 1 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    @Patrick B "Use Apple's temporary engine" is unchecked.

    @Patrick B Forgot to mention my Developer ID Application cert would not sign,

    Still getting the same message about missing TeamID?

  21. Sam seems to have figured out the problem (via email). It was with my Developer ID Certification Authority. All I had to do was change the Trust setting from "Always Trust" to "Use System Defaults". Was able to run it thru App Wrapper, run the PKG installer and successfully launch the app after that. Great job Sam!

or Sign Up to reply!