Signing your app but NOT for Mac Apple Store (MAS)

Nick Wittwer edited this page Oct 6, 2018 · 2 revisions

This relates to the OSX version only.

Sometimes you want to give your app to someone directly or via a download from your website. In that case it is preferable that you sign it so the recipient can more easily install it without running foul of Gatekeeper.

The requirements in this case are less than the ones necessary for delivery via the Mac App Store (MAS).

Prior to signing your app, you have to request and install certificates from the Apple Member Center. To do so, you can check this page. NOTE: Choose the Production > Developer ID certificate.

Open Applications > Keychain Access, and look for your new certificate under the "My Certificates" side panel. You'll notice it says "Developer ID Application: YOUR NAME (XXXXXXXXXX)". The confidential string between the (XXXXXXXXXX) is the ID you'll use later.

The following assumes you have packaged your .app file and you have your Mac Developer ID Application certificate installed.

Signing the .app

  1. cd to the folder containing your .app

    cd path/to/folder
  2. Perform the codesign

    NOTE: Replace MAC_CERTIFICATE with the string (XXXXXXXXXX) from your developer certificate, and replace APP_NAME with the name of your app.

    codesign --force --deep --verbose --sign  "MAC_CERTIFICATE"
  3. Verify it worked

    NOTE: Replace APP_NAME with the name of your app.

    codesign --verify -vvvv & spctl -a -vvvv
  4. You should see the following messages:

  • APP_NAME: signed app bundle with Mach-O thin (x86_64)
  • APP_NAME: valid on disk
  • APP_NAME: satisfies its Designated Requirement
  • APP_NAME: accepted
  1. Congrats, you're all set to distribute your Mac app!

For convenience, you may create a .command file to keep these commands for later:

  1. Create the .command file

    touch my-script.command
  2. Set permissions to run the .command file

    chmod u+x /path/to/file.command
  3. Edit your .command file, adding in:

    NOTE: Replace the two variables with your own information.

    # Automatically change to current directory
    cd "$(dirname "$0")"
    # CHANGE ME: Relative path to your .app from where this 
    # .command file is (include ".app" after the name of your app)
    # CHANGE ME: Developer certificate
    # CodeSign
    codesign --force --deep --verbose --sign "$CERTIFICATE" $APP_PATH
    # Verify
    codesign --verify -vvvv $APP_PATH & spctl -a -vvvv $APP_PATH

From there, you can package into a .dmg using whatever tool you use: eg appdmg (free) or DropDmg (not free) or (please add other solutions you are using)

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.