How to sign .app on Mac OS using Codesign

kuba - Sunday, 14 July 2019
How to sign .app on Mac OS using Codesign

When you download and run apps on Mac OS from not identified developers it's required to trust them by Gatekeeper. Codesign terminal tool allows you to manually sign any app on your MacBook. Using this technique you can for e.g. sign Adobe Zii app. Apple recently revoked TNT’s certificate.

Open apps from anywhere in Gatekeeper

Usually when you will try to run an app downloaded from a different source then AppStore, the system will disallow you to open the application. The one solution is to enable the ability to open apps from anywhere in Gatekeeper using a terminal command. Launch Terminal and enter the code below.

sudo spctl --master-disable

Click enter and type the administrator password to execute the command. Open the crashed app and if it's not running navigate to System Preferences → Security & Privacy → Allow apps downloaded from and select Anywhere or allow to open the specific app that will show in the selection menu.

Security & Privacy on Mac OS

Add an app to quarantine on MacOS Catalina

If it does not work on Catalina and app is flagged as “damaged” even with Gatekeeper disabled (sudo spctl –master-disable) use this command.

sudo xattr -rd com.apple.quarantine /Applications/Sketch.app

Sign .app with Codesign

When you launch an app and it will quit unexpectedly on Mac OS a problem report window will display problem details and system configuration. If you find in the report the message "Termination Reason: Namespace CODESIGNING, Code 0x1" it means that the app certificate was revoked.

Problem Report Namespace CODESIGNING

There is a quick solution to sign any .app on macOS installing free codesign tool. Open Terminal App and execute the code to start the download and installation process of Xcode and the command line developer tools from the AppStore. Launch Xcode at least once to agree to the license.

xcode-select --install

To sign an .app file launch the Terminal and execute codesign with following parameters. You can easily drag and drop the .app from Finder to Terminal allowing you to paste the file located path. After the .app is signed you will have an option to run it as any other regular application.

codesign --force --deep --sign - /Applications/name.app

codesign terminal command usage

Codesign available parameters

codesign -s identity [-fv*] [-o flags] [-r reqs] [-i ident] path ... # sign
codesign -v [-v*] [-R=<req string>|-R <req file path>] path|[+]pid ... # verify
codesign -d [options] path ... # display contents
codesign -h pid ... # display hosting paths

Related Articles