How to sign .app on Mac OS using Codesignkuba - Sunday, 14 July 2019
When you download and run apps on Mac OS from not identified developers it's required to trust them by Gatekeeper. Codesign terminal tool allows you to manually sign any app on your MacBook. Using this technique you can for e.g. sign Adobe Zii app. Apple recently revoked TNT’s certificate.
Open apps from anywhere in Gatekeeper
Usually when you will try to run an app downloaded from a different source then AppStore, the system will disallow you to open the application. The one solution is to enable the ability to open apps from anywhere in Gatekeeper using a terminal command. Launch Terminal and enter the code below.
sudo spctl --master-disable
Click enter and type the administrator password to execute the command. Open the crashed app and if it's not running navigate to System Preferences → Security & Privacy → Allow apps downloaded from and select Anywhere or allow to open the specific app that will show in the selection menu.
Add an app to quarantine on MacOS Catalina
If it does not work on Catalina and app is flagged as “damaged” even with Gatekeeper disabled (sudo spctl –master-disable) use this command.
sudo xattr -rd com.apple.quarantine /Applications/Sketch.app
Sign .app with Codesign
When you launch an app and it will quit unexpectedly on Mac OS a problem report window will display problem details and system configuration. If you find in the report the message "Termination Reason: Namespace CODESIGNING, Code 0x1" it means that the app certificate was revoked.
There is a quick solution to sign any .app on macOS installing free codesign tool. Open Terminal App and execute the code to start the download and installation process of Xcode and the command line developer tools from the AppStore. Launch Xcode at least once to agree to the license.
To sign an .app file launch the Terminal and execute codesign with following parameters. You can easily drag and drop the .app from Finder to Terminal allowing you to paste the file located path. After the .app is signed you will have an option to run it as any other regular application.
codesign --force --deep --sign - /Applications/name.app
Codesign available parameters
codesign -s identity [-fv*] [-o flags] [-r reqs] [-i ident] path ... # sign codesign -v [-v*] [-R=<req string>|-R <req file path>] path|[+]pid ... # verify codesign -d [options] path ... # display contents codesign -h pid ... # display hosting paths