Codesigning - basic question

Does anyone know if it is possible to codesign an app without an Apple Developer ID?

AFAIK you can use ad-hoc code signing.

In my case i use that in Projucer’s Post-Build Shell Script.

rep="${SOURCE_ROOT}/../.."
app="${BUILT_PRODUCTS_DIR}/Spaghettis.app"
entitlements="${rep}/Resources/Spaghettis.entitlements"

codesign --options runtime --entitlements "${entitlements}" --deep -s "-" "${app}"  || exit 1

With following entitlements.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.cs.disable-library-validation</key>
	<true/>
	<key>com.apple.security.device.audio-input</key>
	<true/>
	<key>com.apple.security.get-task-allow</key>
	<true/>
</dict>
</plist>

But i read that “ad-hoc” code signing is almost useless on its own on macOS. :laughing:

https://news.ycombinator.com/item?id=24220062

In my case i don’t (and i will not) distribute any binaries ; i guess that’s not a problem.
Users will build the software by their own.
But with notarization machinery, i’m almost sure that a Developer ID certificate is required.
Am i wrong?

You can do “ad-hoc” signing by passing - (a minus character) to codesign instead of "Apple Developer ID". However, it won’t be recognized as a valid signature on another computer.

1 Like

Thanks @mcmartin @nicolasdanet :+1: Exactly what I was looking for.

1 Like