Does anyone know if it is possible to codesign an app without an Apple Developer ID?
AFAIK you can use ad-hoc code signing.
In my case i use that in Projucer’s Post-Build Shell Script
.
rep="${SOURCE_ROOT}/../.."
app="${BUILT_PRODUCTS_DIR}/Spaghettis.app"
entitlements="${rep}/Resources/Spaghettis.entitlements"
codesign --options runtime --entitlements "${entitlements}" --deep -s "-" "${app}" || exit 1
With following entitlements.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.get-task-allow</key>
<true/>
</dict>
</plist>
But i read that “ad-hoc” code signing is almost useless on its own on macOS.
https://news.ycombinator.com/item?id=24220062
In my case i don’t (and i will not) distribute any binaries ; i guess that’s not a problem.
Users will build the software by their own.
But with notarization machinery, i’m almost sure that a Developer ID certificate is required.
Am i wrong?
You can do “ad-hoc” signing by passing -
(a minus character) to codesign
instead of "Apple Developer ID"
. However, it won’t be recognized as a valid signature on another computer.
1 Like