Skip to content
/ codesign-macos Public
forked from tony-go/codesign-macos

This project illustrates how we could codesign and notarize a macOS application with CMake.

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Blake-Madden/codesign-macos

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
Makefile
Makefile
 
 
README.markdown
README.markdown
 
 
main.m
main.m
 
 

Repository files navigation

Codesign macOS application with CMake

This project illustrates how we could codesign a macOS application with CMake.

In this project will try to codesign a basic CLI application written in Objective-C.

Requirements

  • CMake
  • Xcode

We'll use a Makefile for convenience.

Codesign the application

Build, codesign and run your application:

TEAM_ID=<YOUR TEAM-ID> make codesign-only

For example, if your certificate is: Developer ID Application: JOHN, DOE (X4MF6H9XZ6).

You will use it this way:

TEAM_ID=X4MF6H9XZ6 make codesign-only

Note: If you use an "Apple Development" certificate, you'll have to go to the "Keychain Access" app and look at the "Get Info" menu, then you'll get the "Organisational Unit" that you'll use. Screenshot 2023-06-02 at 12 33 18

🎉 The cli app is codesigned! The codesign part is done by CMake, but if you are curious, you can see the command in the logs:

CodeSign .../codesign-macos/dist/Debug/MyMacOSApp (in target 'MyCLIApp' from project 'MyCLIApp')
    cd .../codesign-macos

    Signing Identity:     <YOUR CERTIFICATE>

   <THE COMMAND>

Note: The CLI binary is available at ./dist/Debug/MyMacOSApp

Codesign the disk image

codesign --force --verbose=2 --sign $TEAM_ID./dist/MyMacOSApp-0.1.1-Darwin.dmg

Check codesign

The codesign verification is already done while running make, but you can use the following commands to check that the binary is properly codesigned.

for the .app

$ codesign --verify --verbose=2 ./dist/Debug/MyMacOSApp

Note: that is the one I used in the Makefile

You should see something like:

./dist/Debug/MyMacOSApp: valid on disk
./dist/Debug/MyMacOSApp: satisfies its Designated Requirement

for the .dmg

Same as .app but with the .dmg path.

$ codesign --verify --verbose=2 ./dist/Debug/MyMacOSApp-0.1.1-Darwin.dmg

codesign --display (optional)

This command will show more information about the signature.

$ codesign --display --verbose=2 ./dist/Debug/MyMacOSApp

You should check in the console and see something like:

Authority=Developer ID Application: <YOUR NAME> (<TEAM-ID>)

Notarize application

If you want to do the whole tutorial, please be sure that you are member of the Apple developer program that will allow you to generate a Developer ID.

Create a keychain profile (store-credential)

xcrun notarytool store-credentials "KC_PROFILE" \
  --apple-id <APPLE_ID> \ 
  --team-id X4MF6H9XZ6  \
  --password <APP_SPECIFIC_PASSWORD>

Aiming to perform this store-credential command, you need three pieces of information:

  • your Apple identifier, probably the email you use for login
  • the team ID, for example if your certificate is: Developer ID Application: JOHN, DOE (X4MF6H9XZ6) the team ID is: X4MF6H9XZ6
  • an app-specific password: https://support.apple.com/en-us/HT204397
TEAM_ID=X4MF6H9XZ6 KEYCHAIN_PROFILE="KC_PROFILE" make

This command will perform:

  • build
  • codesign
  • codesign verification
  • notarization
  • stapling
  • notarization verification

If you want to dig more, look at the Makefile.

About

This project illustrates how we could codesign and notarize a macOS application with CMake.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Objective-C 34.0%
  • Makefile 33.2%
  • CMake 32.8%