Trouble with mac certificates

I just got a new laptop and after compiling my app it runs fine. But when I wrap it using App Wrapper (latest version), it will not codesign. App Wrapper will create the installer and it will run, but when I go to launch the app I get the error:

“Check with the developer to make sure SCC Caption Decoder works with this version of macOS. You may need to reinstall the application. Be sure to install any available updates for the application and macOS.”

The reason says:

Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: DYLD, [0x5] Code Signature

Further down it says:

not valid for use in process using Library Validation: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?)

I never had to set a Team ID using App Wrapper before.

I looked at my certificate in Certificate Assistant and they are all valid but I’m getting an error that says it’s signed with an expired certificate. Not sure what to do. I went in and deleted all my expired certificates on developer.apple.com. Here is what i have in Keychain:

3rd Party Mac Developer Application (expires July 18, 2020)
3rd Party Mac Developer Installer (expires Nov. 27, 2019)
Developer ID Application (expires Sept 1, 2020)
Developer ID Installer (expires Sept 1, 2020)
Mac Developer (expires July 18, 2020)

I have some kind of “member” certificate that says it’s not trusted (has a red x on it) that expires July 7, 2020.

I also saw an error listed in the diagnostics of App Wrapper (what i use to codesign and create the pkg) that says
? Frameworks ? XojoFramework.framework ? Incorrect signature “Developer ID Application: Xojo, Incorporated (*some number here that i’m not sure i should post or not)”

What do I need to do to start codesigning my apps again?

Can you check the that “Use Apple’s temporary engine” is disabled in the code signing options, it’s available by clicking the action icon next to the identity selector.

This option will be removed in an upcoming release of App Wrapper as I’ve been working on a new engine (codename: Blackbird) which is currently 2.8x faster than the native App Wrapper engine, and should be more accurate in identifying Mach-O executables.

That is unchecked. I think the problem is with my certificates and it’s just not very clear in Apple’s documentation what to do.

Did you redact your ID from the keychain names, or is that really word for word what’s on your keychain? That could be the problem.

Just you use the Codesigning diagnostics function on the “Tools” menu of App Wrapper, then click on the “Send e-mail” button so I can take a look please.

ok will do Sam.

Tim, I redacted the part after the basic name of the certificate.

Seems to be a problem with Apple not recognizing the certificates or something. I’ll try on their dev site. Thanks.

I submitted a TSI with Apple. you get 2 per year i guess as a developer. Odd that in High Sierra it warns me that the pkg was signed with an expired certificate. Looking at the certficate they show, the expiration date is Sept. 2022. But the app will install and run if I install it anyway. Mojave on my new laptop will not launch it at all after installation.

This all seems very odd; if I had to guess I’d say that a parent identity is somehow corrupted. There must be a way I can test this; yet I would have also thought if the parent identity is invalid, when App Wrapper asks the OS if the identity can be trusted, it should return false. Unless there’s a bug, either with my code (which is highly possible) or in the OS (which is also highly possible).

Or which I’ve seen many times now, there’s nothing wrong there at all. The issue is somewhere else and the OS is providing the wrong error, which sadly happens far more frequently than it should. Normally when this happens; simply restarting the Mac seems to fix it.

I just tried to wrap a test app and had the same or similar problem even though it worked fine this afternoon. I installed no updates and made no changes to any certificate or anything else. My certificate shows as green and good in the window but doesn’t work. I’ll be trying again shortly but something may be up at apple today.

Apple TSI punted it back since i was not using XCode. not even helping me straighten out my certificates. Maybe if I try and fail at doing a codesign via command line they’ll have to help. i’ll have to find that code again. i know it was posted in the forum somehwere at one point.

I also tried Notarizing my app right after wrapping and it says “unable to verify the code signature or not code signed.”

Does anyone have the code to sign apps via Terminal? I can’t seem to find it searching the forum. I know it used to be there. That might tell me whether or not my certificates are the problem.

@Patrick Besong — That should do

codesign -f --deep -s "<Apple_ID_or_email_adress>" <App_PATH>

If it fails because of extended attributes being used, run the following before

xattr -cr <App_PATH>

to remove them

Is that to codesign or to notarize? When I run that using my dev email i get “no identity found”.

@Patrick Besong — It is for code signing, though maybe you need to set your Apple ID in XCode (Preferences/Accounts) so it is stored into your Keychain.

just for funzies I created a new Mac app in XCode and did a build. I then checked the successful build and it is code signed. so my certificates must be okay. wonder why I get “no identity found” when running that code in the Terminal?

@Patrick Besong — Do you mean that the signed app from Xcode is not recognized in Terminal OR do you mean that your Xojo app is a problem?

I have no doubt that Xcode can use your (Apple ID) identity quite well, but I am not sure about the rest of the OS.

Yeah I had Xcode build and sign the app. then I checked the signature in Terminal by using:
codesign -dv --verbose=4 test.app

I got positive codesign info in return.

Just for the heck of it I threw the app into App Wrapper. It copied the app into Wrapped Application. The wrapped app does launch, but I cannot notarize it in App Wrapper. Same error as my other app. Unable to verify the signature or not code signed.

@Patrick Besong — That is really weird! Do you have any other executable outside of the main app?

Did you get an app-specific password to use with App Wrapper?
cant recall the steps but Im sure I needed to do that