17

I paid the $99 to get a developer license w/ Apple. Installed Xcode 4.3. Went to the Organizer and "Provisioning Profiles" and refreshed to download my code signing certificate. Checked my Keychain Access and confirmed that I have "3rd Party Mac Developer ", "Developer ID" and "Mac Developer *" certificates.

At this point the documentation from apple mentioned pulling up your project files. I'm using Wineskin to package my Windows application, so I don't have an Xcode project. I have a .app file produced my Wineskin. I'd like to codesign the .app file that Wineskin produced for me.

I tried: codesign -s "certificate name" /path/to/my.app

I tried all the possible certificate names that had my name and the word "Application" in them from my Keychain Access.

Every time I get the error "/path/to/my.app: object file format unrecognized, invalid, or unsuitable"

Any idea on how to get past this error? Am I even attempting the proper command? Or is there a different way I should go?

Troy
  • 1,237
  • 2
  • 13
  • 27
  • 1
    This question is about iOS, but may be relevant: http://stackoverflow.com/questions/4842717/iphone-codesign-object-file-format-invalid-or-unsuitable – JWWalker Nov 02 '12 at 23:43
  • From that post I saw that someone mentioned to try: export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/usr/bin/codesign_allocate" – Troy Nov 03 '12 at 00:55
  • I tried that, and it got me past the error. I used the certificate named "Mac Developer: (xxxx)". Now I need to upload it to the internet and download it to test if Gatekeeper complains. Thanks for the link. – Troy Nov 03 '12 at 00:56
  • I think you'll find that it won't work yet. You have to pass a bunch more cryptic parameters to `codesign`. What people usually do is make a toy app in Xcode 4 , find the codesign command in its log, and copy out the magic goodness (modifying the bundle ID as needed). – JWWalker Nov 03 '12 at 01:09
  • Yep, there must be more to it. When I download to another Mac, I run: codesign -vvv /path/to/my.app and I get back: "valid on disk" and "satisfies its Designated Requirement". Looks good, I think. But then when I try to run it, I get the Gatekeeper message: “MyApp” can’t be opened because it is from an unidentified developer. – Troy Nov 03 '12 at 04:36
  • 2
    Use the certificate that starts with "Developer ID Application: " – Gordon Davisson Nov 03 '12 at 16:21
  • Gordon, that was it! I used that certificate, uploaded my application to my website, downloaded it to another computer and received no Gatekeeper warning. Thanks! – Troy Nov 05 '12 at 15:48
  • I just realized that I didn't originally try all the certificates I said I tried. Woops! Thanks again, Gordon (and JWWalker), for pointing me in the right direction. – Troy Nov 05 '12 at 15:52

3 Answers3

24

To summarize the comments to my questions, here are the commands I run to sign my .app file for Gatekeeper:

export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/usr/bin/codesign_allocate"
codesign --force --sign "Developer ID Application: <my name>" /path/to/my.app

Thanks, Gordon Davisson and JWWalker!

(edit) If this fails, I realize that installing the "Command Line Tools" from within XCode was needed.

EDIT: To verify

$ codesign -dv --verbose=4 my.app

In Apple ID account make sure you have few types of certificate?

enter image description here enter image description here enter image description here

Asesh
  • 3,186
  • 2
  • 21
  • 31
Troy
  • 1,237
  • 2
  • 13
  • 27
  • I'm not sure why you thanked me, because you didn't do what I said, and I don't believe anything this simple is going to work. – JWWalker Nov 05 '12 at 18:55
  • 1
    JWWalker, your link gave me the information I needed about the needed command "export CODESIGN_ALLOCATE...". So thanks! Gordon helped me with selecting the right certificate "Developer ID App...". The script I mention above is the same script I used to sign my app (after putting in my actual cert name and my actual app name, of course). Now I no longer get the gatekeeper warning. – Troy Nov 05 '12 at 22:12
  • That's weird, because every discussion of the issue on the Xcode mailing list says you need the `--requirements` parameter to make GateKeeper happy. – JWWalker Nov 05 '12 at 22:51
  • Check out this blog post. It's where I go tthe "--force --sign" from: http://www.hardcoded.net/devlogs/20120407 – Troy Nov 06 '12 at 04:17
  • 1
    Maybe the problem I was thinking of was making the signature compatible with OS 10.6 and earlier. See this blog post: http://www.red-sweater.com/blog/2390/developer-id-gotcha – JWWalker Nov 06 '12 at 19:26
  • Is joining Developer Program Mandatory ? I already have a code signing certificate from Comodo,can i use the same for my OSX app? – techno Feb 13 '20 at 02:48
  • for me I had Developer ID Installer in the --sign directive, you have to make sure it's `Developer ID Application:` – zack999 Sep 23 '20 at 16:56
2

Make sure you have a valid developer certificate and a private key in your keychain. If you have some problems with it, the certificate should be revoked via developer.apple.com and generated from the scratch (XCode > Accounts > Manage Certificates).

Then you can use codesign:

codesign --force --deep --sign "Apple Development: FirstName LastName (XXXXXXXXXX)" /Applications/ApplicationName.app
Igor Leonovich
  • 458
  • 4
  • 13
0

Before using codesign command

  1. Install Command line tool for Xcode from https://developer.apple.com/downloads/index.action section. (You should have a developer account to download Additional Tools.)

  2. Please check for any hidden file in Payload folder like (.DStore) and if there is one please remove it

    • Navigate to Payload folder via terminal using cd command
    • Type ls- a command on terminal
    • if there is any hidden file apart, delete it by rm -f .DStore

This solution worked for me so please give a try....

asdf
  • 91
  • 1
  • 5