Reputation: 6674
How can I codesign an app without being in the mac developer program?
When I try the following:
mba:Utilities ryan$ sudo codesign -fs /Applications/Utilities/Boot\ Camp\ Assistant.app/
I get this error:
/Applications/Utilities/Boot Camp Assistant.app/: no identity found
Apparently I don't have a proper code signature, but if I sign up for the mac developer program, it would work.
How can I get a signature without enrolling in the mac developer program?
Upvotes: 11
Views: 19925
Answers (3)
Reputation: 6674
You need to create a self-signed certificate.
- Open Keychain Access.
- Choose Keychain Access > Certificate Assistant > Create Certificate ...
- Enter a name
- Set 'Certificate Type' to 'Code Signing'
Then, your command should look like this, if your certificate name is my-new-cert:
codesign -fs my-new-cert /Applications/Utilities/Boot\ Camp\ Assistant.app
If an error "resource fork, Finder information, or similar detritus not allowed" appears, you need to remove all extended attributes first, as per Apple QA1940:
xattr -cr /Applications/Utilities/Boot\ Camp\ Assistant.app
If an error "/Applications/XYZ.app: code object is not signed at all" appears, it can be mitigated by signing not just the app, but all objects inside it:
codesign -fs my-new-cert --deep /Applications/Utilities/Boot\ Camp\ Assistant.app
This works on OS X 10.10 Yosemite. Update 2023: works on macOS 13.3 Ventura.
Instructions from here: https://support.apple.com/en-gb/guide/keychain-access/kyca8916/mac
Upvotes: 24
Reputation: 1537
If you need to create a self-signed certificate using the openssl command line and use it for signing you can do this:
1) Create the spaghetti.software.extensions configuration file with the following content:
[ ca ]
default_ca = CA_default
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
#req_extensions = v3_req
[req_distinguished_name ]
CN = spaghetti.software.com
[ CA_default ]
x509_extensions = usr_cert
[ usr_cert ]
[ v3_ca ]
basicConstraints = critical, CA:FALSE
keyUsage = critical, cRLSign, digitalSignature, keyCertSign
extendedKeyUsage = critical, serverAuth, clientAuth, codeSigning, emailProtection
2) Run the following commands to create the certificate and pack both the certificate and the key in a .p12 file (PKCS12):
openssl req -subj '/CN=spaghetti.software.com' -config spaghetti.software.extensions -x509 -newkey rsa:4096 -keyout selfSignedKey.pem -out selfSigned.pem -days 365
openssl pkcs12 -export -out spaghetti.software.p12 -inkey selfSignedKey.pem -in selfSigned.pem
3) Create a new .keychain file and import the spaghetti.software.p12 file into the keychain (I believe you can do this with the command line as well if you don't want to use the Keychain Access application).
4) Then you can use the certificate to sign:
codesign -s "spaghetti.software.com" --force <binaryToSign>
You can add --keychain <MyKeyChain.keychain> if needed.
Upvotes: 2
Reputation: 949
Although I can't understand why you are trying to resign the Boot Camp Assistant, you can use the codesign tool with a self-signed CA and identity.
Apple has steps to do so in their developer documentation TN2206: OS X Code Signing In Depth.
Upvotes: 1
Related Questions
- Building iOS applications using xcodebuild without codesign
- How Do I Go About Code Signing a MacOS Application?
- How to codesign an existing Mac OS X .app file for gatekeeper?
- Code signing MacOS application without Apple Developer Account
- Xcode Export Mac App without Developer Program
- Questions about code signing Mac App with Developer ID
- Sign Mac Application without Mac Developer program
- Codesigning iOS applications (APNS Enabled) without using XCode
- I am not the team agent, how do I sign a mac application with a Developer ID?
- How to get a CodeSignature for a Mac OS X app