Post

Replies

Boosts

Views

Activity

How to check timestamp of code signature?
Hi,how can I check if a code signature contains a signed timestamp?$ codesign -s "Developer ID..." --options runtime -f --timestamp MyApp.app MyApp.app: replacing existing signature $ codesign --display -v MyApp.app 2>&1 | grep 2020 Timestamp=30. Apr 2020 at 14:25:45Is this a secure timestamp? Or just a timestamp without signature?In my understanding --timestamp=none should disable secure timestamping:$ codesign -s "Developer ID..." --options runtime -f --timestamp=none MyApp.app MyApp.app: replacing existing signature $ codesign --display -v MyApp.app 2>&1 | grep 2020 Signed Time=30. Apr 2020 at 14:24:24Why do I get a a "Signed Time" here??
3
0
2.3k
Apr ’20
code signing blocked mmap() - how to find reason?
Hi,something went wrong with the code signing of my app, but I have not idea how to analyze this problem. I get the following error when launching my app:dyld: Library not loaded: @rpath/QtSvg.framework/Versions/5/QtSvg Referenced from: /Users/joachim/Programming/myapp-build-release/install/MyApp.app/Contents/MacOS/MyApp Reason: no suitable image found. Did find: /Users/joachim/Programming/myapp-build-release/install/MyApp.app/Contents/MacOS/../Frameworks/QtSvg.framework/Versions/5/QtSvg: code signing blocked mmap() of '/Users/joachim/Programming/myapp-build-release/install/MyApp.app/Contents/MacOS/../Frameworks/QtSvg.framework/Versions/5/QtSvg' /Users/joachim/Programming/myapp-build-release/install/MyApp.app/Contents/MacOS/../Frameworks/QtSvg.framework/Versions/5/QtSvg: stat() failed with errno=1All Frameworks and dylibs have been signed withcodesign --verbose --sign "$DEVID" -i $ID --timestamp $FRAMEWORK/Versions/Current/The app bundle has been signed withcodesign --verbose --sign "$DEVID" --timestamp --options "runtime" --entitlements Entitlements.plist MyApp.appwith entitlement com.apple.security.cs.allow-jit enabled."codesign --verify" reports "valid on disk" and "satisfies its Designated Requirement" for all libs and the executable and bundle. All libs have unique identifiers (-i), got a secure timestamp, and I'm not using "--deep" signing. Referencing the lib with "@executable_path/../Frameworks" instead of "@rpath" doesn't make any difference.The error disappears if I add the com.apple.security.cs.disable-library-validation entitlement or omit the hardened "runtime" option.How can I check what exactly is blocking the library? Has "disable-library-validation" any drawbacks? Will I still be able to notarize the app?
7
0
2.9k
May ’20