We have got the Developer ID Application certification from apple official website. But it shows that the certificate is not trusted in the Keychain App. After investigation in this website, and we know that we should install Apple Worldwide Developer Relation Certification Authority (WWDR) G3 from https://www.apple.com/certificateauthority/ We download G3 and install the certificate, and it shows "The certificate is marked as not trusted by all users", as shown in the attachment. Could some expert help us to move on? Thanks!

We codesign our runnable PC application with entitlements.plist as following sudo codesign --force --timestamp --options=runtime --entitlements ./entitlements.plist -s "${cert}" full/path then we run it, the application goes into killed rather than runs up . The terminal shows as below: zsh: killed   ./XXXX.app/Contents/MacOS/XXXX The crash report and entitlements.plist are attached. The Mac OS is 10.15.4 , with latest XCode from Apple AppStore. From the report, it seems terminated due to EXC_CRASH (Code Signature Invalid) . So it just failed for the boot of app. Hope somebody gives us points to move forward. entitlements.plist <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.cs.allow-jit</key> <true/> </dict> </plist> errorReport.txt

We have send email to Apple support but nobody replies, so we send it here to demand help. Our company builds up our desktop application XXXX.app, and it runs well under Mac OS 10.15.4 Catalina. We strictly follow the guideline of Nested code from https://developer.apple.com/library/archive/technotes/tn2206/_index.html Then we buy Apple 99$ program and plan to codesign it to bypass GateKeeper. However, this operation goes into disaster. We run the codesign one by one following your guide, from inside to outside (NOT --deep). sudo codesign --force --timestamp --options=runtime -s "${cert}" file/full/path And check the codesign with $ codesign -vvv --deep --strict XXXX.app XXXX.app: valid on disk XXXX.app: satisfies its Designated Requirement But when we run the signed XXXX.app , it crashes with exception (crashReport.txt). Your codesign makes our app crash! You can repro it again and again. Run well 2. codesign 3. Run up and crash inmediately! Crash stack info is below crashReport2.txt Thread 0 Crashed: 0 QtWebKit 0x00000001121d19ff ***::OSAllocator::reserveAndCommit(unsigned long, ***::OSAllocator::Usage, bool, bool, bool) + 205 1 QtWebKit 0x00000001121d1907 ***::OSAllocator::reserveUncommitted(unsigned long, ***::OSAllocator::Usage, bool, bool, bool) + 15 2 QtWebKit 0x00000001120641c4 ***::PageReservation::reserveWithGuardPages(unsigned long, ***::OSAllocator::Usage, bool, bool) + 56 3 QtWebKit 0x00000001120640f5 JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator() + 103 4 QtWebKit 0x0000000112063eac JSC::ExecutableAllocator::initializeAllocator() + 28 5 QtWebKit 0x0000000112126376 JSC::initializeThreadingOnce() + 50 6 ??? 0x00007fff6f2637e5 0 + 140735058163685 7 ??? 0x00007fff6f258ec7 0 + 140735058120391 8 ??? 0x00007fff6f263793 0 + 140735058163603 9 QtWebKit 0x000000011179df19 WebCore::ScriptController::initializeThreading() + 9 10 QtWebKit 0x000000011173be49 WebCore::initializeWebCoreQt() + 30 11 QtWebKit 0x00000001117043cf QWebPagePrivate::QWebPagePrivate(QWebPage*) + 213 12 QtWebKit 0x000000011170b80d QWebPage::QWebPage(QObject*) + 55 13 QtWebKit.so 0x00000001116689df Sbk_QWebPage_Init(_object*, _object*, _object*) + 447 14 ??? 0x000000010d328681 0 + 4516382337 15 _tsLib1.so 0x000000010e8fdfbb __Pyx_PyObject_CallNoArg + 186 (_tsLib1.c:429148) From the link below and crash report, we test the entitlements.plist to bypass memory problem, but fail too. https://github.com/pyinstaller/pyinstaller/issues/4629 We use following command line to codesign : sudo codesign --force --timestamp --options=runtime --entitlements ./entitlements.plist -s "${cert}" full/path Then the app evenly do not run up at all. It shows: zsh: killed ./XXXX.app/Contents/MacOS/XXXX We also test other parameter com.apple.security.cs.allow-jit / com.apple.security.cs.disable-library-validation ( others/entitlements_full.plist ) , nothing changed. How can we bypass the codesign and make app runnable? Please help us. Thanks

I use below command to notarize my xxxx_setup.pkg sudo xcrun altool --notarize-app --primary-bundle-id "net.xxxx.xxxx" --username "xxxx@gmail.com" --password "xxxxxxxxxx" --file ./xxxx_setup.pkg -itc_provider "XXXXXXXX" Uploading is performed normally. And from the logFile of notarization-info command, I got the error message of my main executable file (yyyy) under xxxx.app/Contents/MacOS as below: { "logFormatVersion": 1, "jobId": "34e7712f-8ebe-49a7-b10a-9863eba7c666", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "xxxx_setup.pkg", "uploadDate": "2021-04-06T14:07:55Z", "sha256": "944b56a56cb91c06b937b548fe9fbb6a2d039e4d4fe949819cac93d3821dff42", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "xxxx_setup.pkg/xxxx.pkg Contents/Payload/Applications/xxxx.app/Contents/MacOS/yyyy", "message": "The signature of the binary is invalid.", "docUrl": null, "architecture": "x86_64" } ] } I have used command below to check the binary yyyy codesign -vvv --deep --strict /path/to/binary and I get info below : yyyy : valid on disk yyyy : satisfies its designated requirement. I use codesign -dvvv to validate the signature of the execuable file. All the timestamp and signed are there. So who can help me to dig out these bugs.

I code-sign with my Mac app, and upload it to notarization service with xcrun altool . Then I get the notarization error below: "The binary uses an SDK older than the 10.9 SDK" for the etree.so and objectify.so. These two so files are from python lxml library (4.6.3, the latest one) in /Library/Python/2.7/site-packages/lxml/ . I use otool to get the information of the two library, and find its dependency to /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.50.4). I also find the library info below: cmd LC_VERSION_MIN_MACOSX cmdsize 16 version 10.9 sdk 9.4.1 Due to this is the latest version of lxml, and I have no idea to go forward. Somebody gives me help please. Thanks

I build my Mac app bundle (***.dmg) with codesign (Develop Id app) and expect to upload to Apple service for noratize. But when I key in below in terminal of MacBook : sudo xcrun altool --notarize-app --primary-bundle-id "net.xxxx.xxxx" --username "*@*.com" --password "xxxxxxxxxxx" --file ./xxxx.dmg -itc_provider "xxxxxxxxxx" After serveral minites, the terminal prompts up error messages below: main INFO: Invalid checksum on resource download for: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se8/2.1.0/bundles/org.xerial.sqlite-jdbc-3.27.2.1.jar expected: 0b2eff4ff050a1e6edb0dd0435de3ef5, received: 953ac82655db8339d34e544a923cf7c7 java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.apple.transporter.launcher.Application.start(Application.java:212) at com.apple.transporter.launcher.Application.main(Application.java:642) Caused by: com.apple.transporter.bootstrap.BundleNotFoundException: bundle=[org.xerial.sqlite-jdbc] version=[3.27.2.1,4.0.0) not found. at com.apple.transporter.bootstrap.BootstrapperPhase1.downloadNeededBundles(BootstrapperPhase1.java:267) at com.apple.transporter.bootstrap.BootstrapperPhase1.bootstrap(BootstrapperPhase1.java:97) at com.apple.transporter.bootstrap.BootstrapperPhase1.bootstrap(BootstrapperPhase1.java:59) at com.apple.transporter.launcher.Launcher.launchBootstrapper(Launcher.java:37) ... 6 more Out:** Error: An error occurred uploading to Apple Services. From the log, it seems download org.xerial.sqlite-jdbc-3.27.2.1.jar error when we launch transporter from Xcode. My Xcode version is 10.1 and my PC is MacBook Air (early 2015) with Mac OS 10.13.6 . I have digged out solutions from Internet, and some suggestions point out that I should download newest Transporter from Mac AppStore directly. I follow the suggestion and find that newest Tranporter UI supports only IPA and PKG rather than dmg. And I also have no idea how to change the transporter reference of XCode into the newest transporter. Anyone gives some advices to move forward?