I need to distribute one unsigned app for Mac OS with arm64 arch.And I want users to automatically sign the application with ad-hoc certificate like this codesign -s ###### app.But these users are not developers, and have no Xcode installed.
Is it possible to create Apple Development identity (########## "Apple Development:mail#mail.com (########)) using Apple ID and password without Xcode tools?
I know the app Sideloadly is able to do this, but it is closed-source and I'm too stupid to interpret function with disassembler.
You can use the next command:
codesign -fs- name.app -deep
But before don't forget to install Xcode command-line tools:
sudo xcode-select --install
Related
Flipper is a platform for debugging iOS, Android and React Native apps.
I have downloaded the Flipper app from https://fbflipper.com/, but I can't run it.
macOS version: Catalina 10.15.3
Just Right Click > Open. Or alternatively, open System Preferences, Security & Privacy, General tab, and Click 'Open Anyway'. Guide on support.apple.com
Still not working?: Right Click > Open, again. If you don't have certain permissions on your mac (for example on your work laptop), you'd need to run xattr -d com.apple.quarantine /Applications/Flipper.app instead.
Problem
This is a general problem (security feature called Gatekeeper) with apps on macOS where the developer is not registered with Apple (Paying $99/year) and so has not notarized their application. Specifically, Gatekeeper saves a quarantine flag on a downloaded file. So alternatively, you can remove this flag for your specific file, or disable Gatekeeper entirely so you never have this issue again.
A nice explanation by the Terraform team who faced the same issue:
Indeed the new version of MacOS is stricter about running software you've downloaded that isn't signed with an Apple developer key. Terraform distributions are signed with a HashiCorp key with signatures distributed out of band on releases.hashicorp.com, but MacOS Catalina is requiring participation in Apple's developer program specifically, and Terraform is currently not built to support that. source
From an app developer stand point: Applications on macOS need a Developer ID certificate to verify that we are trusted developers. This also provides access to macOS capabilities: e.g. CloudKit, Apple Push Notifications. If you're making an app, you can need to go into developer.apple.com to create an Apple Developer ID certificate, or create on in XCode (in some cases).
You can run following command to remove the warning and allow un-authorized app to run on macOS Catalina:
xattr -d com.apple.quarantine /Applications/Flipper.app
Go to System preference, Security and Privacy and choose Opneanyway:
An alternative is to either run or build from source.
Helpful if you're on a work computer with tighter application security settings.
Prerequisites:
NodeJS (https://nodejs.org/en/)
Yarn (https://yarnpkg.com)
Running from source
git clone https://github.com/facebook/flipper.git
cd flipper/desktop
yarn
yarn start
Building from source
yarn build --mac --version $buildNumber
For Building from source, you should do it in the following steps:
git clone https://github.com/facebook/flipper.git
cd flipper/desktop
yarn
yarn build --mac --version $buildNumber
Note: I've noticed building from source as of Aug 2020 0.53.0 has some issues for me, so would recommend running from source if you need to use this.
brew install --cask flipper
and after that you'll see message 'flipper was blocked from ... '
press Open Anyway
I am trying to submit a macOS app built with Unity to the Mac App Store. I followed the instructions mentioned in the Unity documentation, Delivering your application to the Mac App Store.
I am able to run the Build command for macOS and get a .app bundle for my app. I am also able to launch it and it runs fine. However, after running the following codesign command (as mentioned in the linked document above), the app freezes upon launch and has to be force quitted. This is the codesign command line that I am running:
codesign -o runtime -f --deep -s '3rd Party Mac Developer Application: DEVELOPER NAME' --entitlements "GAMENAME.entitlements" "/AppPath/GAMENAME.app"
I have a paid (Individual) developer license with Apple, and have properly set up the certificates in keychain as mentioned in the document. I also managed to check that the app bundle was signed by running the command line:
codesign -dv --verbose=4 GAMENAME.app
Running the above command displays that it's signed with my 3rd Party Mac App Developer certificate.
I have tried looking for a way to export the Xcode project out from Unity app, so I can attempt to build and sign it with Xcode, but after searching the Web, I realized that Unity doesn't have support for exporting the Xcode project for macOS app yet (it can do the same for iOS).
I am running the current latest version of all the software, and the same are mentioned below:
macOS Catalina 10.15.1
Xcode 11.2.1
Unity 2019.2.13
My questions are:
What is it that may be going wrong?
What other avenues do I have?
I am looking for distributing the app exclusively via the Mac App Store for the time being. This is going to be a paid app (if that's relevant).
If you are building the .app from the command line (using Unity's command line invocation), try building from the editor instead.
Confirm you are not building a 32 bit-only binary.
Try removing -o runtime from your codesign command, this is the only part of your process that differs from mine, and mine works fine.
Otherwise, when uploading to the App Store, I believe Xcode will sign for you. While this will not be different from codesign, Xcode may check if you accidentally blocked or otherwise misconfigured running binaries signed by you on your particular machine. You should test on a different machine or macOS VM.
My app is not targeting yet the app store so i'm building using my Developer ID Application certificate
I'm building now by xcode 13.2 a Unity 2021.1.28f1 produced xcodeproj on macOS 11.6.2
The produced app bundle is notarized during Archiving it (so using the -o runtime switch implicitely) and
running seamlessly on macOS 11.6.2 even if no entitlements exception is used
freezing on macOS 10.15.7 till the "Allow Unsigned Executable Memory" (com.apple.security.cs.allow-unsigned-executable-memory) entitlements is not added during the build
So now the solution was for me to add com.apple.security.cs.allow-unsigned-executable-memory to the app entitlements
I have an Apple Developer certificate that I use to sign my application
/usr/bin/codesign --sign "Developer ID Application: P Taylor" --force --deep --verbose /Applications/SongKong.app
and I originally used Xcode to configure this, but I don't use Xcode for my actual development because this is a cross platform Java application
I now need to setup a new computer as my build computer and need to transfer this developer certificate to the new machine. The advice seems to be to use Xcode, however when I try to run Xcode I get the error
You cannot use version of the application "Xcode" with this version of OSX, You have Xcode "5.0.1"
this computer is from 2009, but currently running El Capitan (10.11.6)
So can I export these certificates without having to get Xcode working
You can use Keychain Access.app to export any kind of certificate you have in installed in you mac. And also to import them in the new system.
This article is helpful: See Exporting Manually section
I am trying to codesign an OSX application, i success in that. I can able to sandbox my application using --entitlements. But my issue is I have distribution Application certificate and distribution installer certificate. I signed using both of this. But i can't able to install that in my local machine because its for appstore. I need to set my provisioning profile to None so that i can install it manually and check the app. Is there any way to change this. My command is
codesign --entitlements "${ENTITLEMENTS_PATH}" --sign "$APP_SIGN_ID" --deep --force --verbose=2 "${DIST_APP_WITH_PATH}"
Use a Developer ID Application cert to sign items for use outside the app store.
We've made a game with Unity 5, which runs without any problems on Mac OSX. But for the Mac OSX App Store from Apple, the game must be codesigned.
I've done that a lot of times in the past and there I didn't have problems. But I have made a clean install of OSX on the Mac a few weeks ago. I installed all the certificates and they seem to work. But I can't check in the terminal, which codesign commands I used in the past, and there maybe the problem...
In Unity I build the app with the Mac Appstore Validation.
Then I edit the info.plist, add the icons, create the entitlements-file (do all which was listed in several documents) and go to the terminal.
There I type in the directory of the app:
chmod -R a+xr “APPNAME.app"
codesign -f -v -s "3rd Party Mac Developer Application: COMPANY-NAME" "APPNAME.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib"
codesign -f --deep -s '3rd Party Mac Developer Application: COMPANY-NAME' --entitlements "APPNAME.entitlements" "APPNAME.app"
productbuild --component "APPNAME.app" /Applications --sign "3rd Party Mac Developer Installer: COMPANY-NAME" "APPNAME.pkg"
Everything works fine, even with the libmono.0.dylib. There I get the result that the existing codesigning will be replaced. I am not sure, but I had in mind, that we have codesigned 3 lines in the past, but we didn't have used any more Frameworks or Plugins now.
Then I test the pkg. I install it and was asked about the login-details and I login with a iTunesConnect testuser-account. The app will be installed and when I try to run it, it will be closed after a few seconds. Then something curious happens. I must login again with the testuser and after that the game starts without problem (without trying to start it again!)
I upload the pkg with the ApplicationLoader 3.1 (3.6 didn't work, because it says to me, that I can't submit an IPA-file, even it is a pkg, a lot have that problem and use an old version of the loader) and that worked too. But I got the result of Apple with the rejection: "...launched app and immediately stopped from launching." So they can't start it.
When I check the codesigned app with spctl -a -t exec -vv <APPNAME> I got the result:
<APPNAME>: rejected
...
But I didn't know where I've done the mistake?!
Does anyone has an idea of what I am doing wrong?
You mean in the savety case to recreate the certificates? I am sure, that I have done that when setup the Mac new, but if there can't happen any wrong, I can do it again for going sure...
Edit: I've created new certificates for that mac and try to codesign again. When I make the check with spctl -a -t exec -vv <APPNAME> I got the rejected again.
For the Mac OSX App Store I only need the certificates
3rd Party Mac Developer Application
3rd Party Mac Developer Installer
Mac OS Developer
And in the certificates (dev area at developer.apple.com) I have additional:
Mac App Distribution
Mac Installer Distribution