Codesigning for SIP enabled!

Discussion in 'Mac / Hackintosh' started by Mauwurf, Mar 18, 2024.

  1. Mauwurf

    Mauwurf Member

    Joined:
    Nov 21, 2013
    Messages:
    31
    Likes Received:
    11
    Now its on Again!

    ### Guide to Creating a Local Apple Developer ID with Xcode
    To create a local Apple Developer ID, you need an Apple Developer account and Xcode, Apple's integrated development environment. This guide will walk you through the steps to create and configure your local Apple Developer ID:
    #### Prerequisites:
    1. **Apple Developer Account**: You don't need an Apple Developer account. If you don't have one.

    2. **Xcode**: Ensure you have Xcode installed. You can download Xcode from the Mac App Store.
    #### Step-by-Step Guide:
    1. **Open Xcode**:
    - Launch Xcode on your Mac.
    2. **Open Xcode Preferences**:
    - Go to the `Xcode` menu and select `Preferences...` (or press `Cmd + ,`).
    3. **Add Account**:
    - In the Preferences window, click on the `Accounts` tab.
    - Click the `+` button in the lower-left corner and select `Apple ID...` from the dropdown menu.
    4. **Add Apple ID**:
    - Enter your Apple ID and password, then click `Next`.
    - If you have two-factor authentication enabled, enter the verification code sent to your device.
    5. **Link Apple Developer Account**:
    - After adding your Apple ID, Xcode will automatically recognize and link your Apple Developer account.
    6. **Create a Signing Certificate**:
    - Click on your Apple Developer account in the list on the left.
    - Click `Manage Certificates...`.
    - Click the `+` button in the lower-left corner and select `Apple Development`.
    - Xcode will automatically create a new development certificate and add it to your keychain.
    7. **Retrieve the Apple Developer ID**:
    - Open `Keychain Access` on your Mac (`Applications > Utilities > Keychain Access`).
    - Look for your newly created `Apple Development` certificate. It should look something like: `Apple Development: Your Name (Your Apple ID)`.
    - Note down the full name of the certificate, including the name and ID in parentheses.
    8. **Use the Apple Developer ID in Your Script**:
    - Copy the full name of the certificate and paste it into your script:
    ```bash
    DEVELOPER_ID="Apple Development: John Doe (ABCDEFGHIJ)"
    ```
    #### Example:
    Assuming your name is `John Doe` and your Apple ID is `[email protected]`, your Apple Developer ID might look like this:
    ```bash
    DEVELOPER_ID="Apple Development: John Doe (ABCDEFGHIJ)"
    ```
    #### Conclusion:
    You have now successfully created and configured a local Apple Developer ID. You can use this ID to sign your applications and plugins with Xcode. Make sure to regularly check and renew your certificates to ensure your signed applications remain trustworthy.
    Good luck with your development and signing projects!


    Next Steps:

    Using 4 Commands in a row. these are Examples..... you can do that with every File. *.app | *.vst | *.component | *.clap | *.VST3

    1. sudo chown -R [yourusernameofyourfuckingComputer] /Library/Audio/Plug-Ins/VST/Spire-1.5.vst
    2. codesign --force --deep --sign "Apple Development: John Doe (ABCDEFGHIJ)" /Applications/Rectangle\ Pro.app
    3. sudo xattr -r -d com.apple.quarantine /Applications/Rectangle\ Pro.app
    4. sudo xattr -cr /Applications/Rectangle\ Pro.app


    Sometimes you need all of them. Sometimes you need only Codesign. Most of all you need the ownership Command!

    Here is an explanation for each command to help less experienced computer users understand what each step does:

    ### Commands and Their Explanations
    1. **Signing the application with your own certificate**
    ```bash
    codesign --force --deep --sign "Apple Development: John Doe (ABCDEFGHIJ)" /Applications/Rectangle\ Pro.app
    ```
    - `codesign`: This is the command-line tool for code signing on macOS.
    - `--force`: Forces the overwriting of any existing signature.
    - `--deep`: Signs not only the main application but also all embedded components and frameworks.
    - `--sign "Apple Development: John Doe (ABCDEFGHIJ)"`: Specifies the certificate to be used for signing. Replace "John Doe" and "ABCDEFGHIJ" with your own certificate information.
    - `/Applications/Rectangle\ Pro.app`: The path to the application you want to sign. The backslash (`\`) before the space ensures the space is correctly interpreted.

    2. **Removing the quarantine attribute from the application**
    ```bash
    sudo xattr -r -d com.apple.quarantine /Applications/Rectangle\ Pro.app
    ```
    - `sudo`: Runs the command with superuser (administrator) privileges, which is often necessary to modify system files.
    - `xattr`: This is the command-line tool for managing extended attributes of files.
    - `-r`: Recursively, meaning it will also process all subdirectories and files within the specified directory.
    - `-d com.apple.quarantine`: Deletes the quarantine attribute, which macOS applies to files downloaded from the internet. This attribute can prevent the application from running.
    - `/Applications/Rectangle\ Pro.app`: The path to the application from which you want to remove the quarantine attribute.
    3. **Removing all extended attributes from the application**
    ```bash
    sudo xattr -cr /Applications/Rectangle\ Pro.app
    ```
    - `sudo`: Runs the command with superuser privileges.
    - `xattr`: The command-line tool for managing extended attributes of files.
    - `-c`: Clears (deletes) all extended attributes of the specified file or directory.
    - `-r`: Recursively processes all subdirectories and files within the specified directory.
    - `/Applications/Rectangle\ Pro.app`: The path to the application from which you want to clear all extended attributes.
    4. **Changing the owner of a directory**
    ```bash
    sudo chown -R username /Library/Audio/Plug-Ins/VST/Spire-1.5.vst
    ```
    - `sudo`: Runs the command with superuser privileges.
    - `chown`: This is the command-line tool for changing the ownership of a file or directory.
    - `-R`: Recursively processes all subdirectories and files within the specified directory.
    - `spee`: The new owner of the file or directory. Replace this with your own username.
    - `/Library/Audio/Plug-Ins/VST/Spire-1.5.vst`: The path to the directory or file whose ownership you want to change.

    Sometimes: you get something like this:


    The error message `resource fork, Finder information, or similar detritus not allowed` typically occurs when there are extended attributes or resource forks attached to the file that `codesign` does not allow. You can resolve this issue by removing the extended attributes from the file before signing it.
    Here’s how you can do it step-by-step:
    1. **Remove Extended Attributes**:
    Use the `xattr` command to clear all extended attributes from the file. This should be done before attempting to sign the file.
    ```bash
    sudo xattr -cr /Applications/Cubase\ 13.app/Contents/MacOS/Cubase\ 13
    ```
    2. **Sign the Application**:
    After clearing the extended attributes, you can proceed with signing the application.
    ```bash
    codesign --force --deep --sign "Apple Development: "Apple Development: John Doe (ABCDEFGHIJ)" /Applications/Cubase\ 13.app/Contents/MacOS/Cubase\ 13
    ```
    ### Explanation of Each Command
    1. **Removing Extended Attributes**:
    ```bash
    sudo xattr -cr /Applications/Cubase\ 13.app/Contents/MacOS/Cubase\ 13
    ```
    - `sudo`: Runs the command with superuser privileges.
    - `xattr`: The command-line tool for managing extended attributes of files.
    - `-c`: Clears (deletes) all extended attributes of the specified file or directory.
    - `-r`: Recursively processes all subdirectories and files within the specified directory.
    - `/Applications/Cubase\ 13.app/Contents/MacOS/Cubase\ 13`: The path to the file from which you want to clear all extended attributes.
    2. **Signing the Application**:
    ```bash
    codesign --force --deep --sign "Apple Development: "Apple Development: John Doe (ABCDEFGHIJ)" /Applications/Cubase\ 13.app/Contents/MacOS/Cubase\ 13
    ```
    - `codesign`: This is the command-line tool for code signing on macOS.
    - `--force`: Forces the overwriting of any existing signature.
    - `--deep`: Signs not only the main application but also all embedded components and frameworks.
    - `--sign "Apple Development: "Apple Development: John Doe (ABCDEFGHIJ)"`: Specifies the certificate to be used for signing. Replace this with your own certificate information.
    - `/Applications/Cubase\ 13.app/Contents/MacOS/Cubase\ 13`: The path to the application you want to sign.
    ### Complete Workflow
    Here’s the complete workflow to avoid the error and successfully sign your application:
    ```bash
    # Step 1: Remove extended attributes
    sudo xattr -cr /Applications/Cubase\ 13.app/Contents/MacOS/Cubase\ 13
    # Step 2: Sign the application
    codesign --force --deep --sign "Apple Development: "Apple Development: John Doe (ABCDEFGHIJ)" /Applications/Cubase\ 13.app/Contents/MacOS/Cubase\ 13
    ```
    By following these steps, you should be able to sign your application without encountering the `resource fork, Finder information, or similar detritus not allowed` error.

    ### Summary
    These commands sign an application with your own certificate, remove the quarantine attribute and all other extended attributes that may prevent the application from running correctly, and change the owner of a specific directory. These steps are often necessary to ensure that applications and plugins run smoothly on macOS, especially if they were downloaded from the internet or obtained from third-party sources.

     
    Last edited: Aug 31, 2024
    • Like Like x 5
    • Useful Useful x 4
    • Love it! Love it! x 1
    • List
  2.  
  3. WuKong King

    WuKong King Noisemaker

    Joined:
    Aug 4, 2020
    Messages:
    6
    Likes Received:
    4
    Hello, may I ask a question? Do I need to prepare my own paid Apple Development ID?
     
  4. runa_forceful

    runa_forceful Ultrasonic

    Joined:
    Nov 18, 2022
    Messages:
    50
    Likes Received:
    20
    I hate n stop using from steinberg cracked if needed disable sip to makes an apps is workin on my mbpro,, its because a while ago it make my all apps position are messup, they are randomly change position everytime after restart and make loading restart a little bit glitching..

    Note,,its fine if just needed turn off sip just for install first and after that still workin if turn on again,, like sonnox a years ago from..*iforgot*..
     
  5. Mauwurf

    Mauwurf Member

    Joined:
    Nov 21, 2013
    Messages:
    31
    Likes Received:
    11
    No.....

    Just Create one with Xcode and your existent Apple ID.

    If this is not working.

    Create a Swift Projekt with Xcode. ---> Then you get automatically a local Apple Development ID.

    HAs nothing to do with the paid one for 99 $
     
  6. WuKong King

    WuKong King Noisemaker

    Joined:
    Aug 4, 2020
    Messages:
    6
    Likes Received:
    4
    thank you for your reply. I'm trying your method.
     
    Last edited: Mar 21, 2024
  7. WuKong King

    WuKong King Noisemaker

    Joined:
    Aug 4, 2020
    Messages:
    6
    Likes Received:
    4
    Great, I've made it! Thank you for sharing!
     
    • Like Like x 1
    • Winner Winner x 1
    • List
  8. Gordon Shumway

    Gordon Shumway Newbie

    Joined:
    Mar 21, 2024
    Messages:
    1
    Likes Received:
    0
    Steinberg requires a digital signature from Steinberg Software GmbH - your local certificate will not work for it
     
  9. Mauwurf

    Mauwurf Member

    Joined:
    Nov 21, 2013
    Messages:
    31
    Likes Received:
    11
    Congratulation.

    Maybe you can. Optimise my first Post for better understanding for all the other guys.

    Or you can summarize your steps. In a short Step Sequence Report.
     
  10. Mauwurf

    Mauwurf Member

    Joined:
    Nov 21, 2013
    Messages:
    31
    Likes Received:
    11
    Placeholder
     
    Last edited: May 15, 2024
  11. groove

    groove Kapellmeister

    Joined:
    Oct 6, 2012
    Messages:
    178
    Likes Received:
    44
    Work great here for wavelab thank for the info a little tricky on beginning for me but it work very nice .. many thanks
     
  12. tanoc

    tanoc Newbie

    Joined:
    Mar 29, 2013
    Messages:
    7
    Likes Received:
    0
    not working when codesign, i got this error:
    Warning: unable to build chain to self-signed root for signer "my xxx"

    Warning: unable to build chain to self-signed root for signer "my xxx"

    /Applications/cubase 13.app: errSecInternalComponent
    In subcomponent: /Applications/Cubase 13.app/Contents/MacOS/libimagegenerator.dylib
    sonoma 14.4 mac m3 pro

    any help?
     
  13. ElMoreno

    ElMoreno Kapellmeister

    Joined:
    Jan 13, 2012
    Messages:
    373
    Likes Received:
    57
    Do you think this system can also work with Auto-Tune and/or other plugins that require SIP disabled?
     
  14. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,345
    Likes Received:
    3,239
    If by this, you mean modified libstdc+++ 6.0.9. dylib ilok bypass stuff using the old OpenSSH "exploit" then probably not. If you re-enable SIP with the two files replaced I think it will crash your DAW when you load the plugins you have installed to use those modified files.

    Try it in a test project in your DAW. If you wait until you are really working on something; you could load the plugin, crash the daw and lose any unsaved work. Just check first. These tend to "disappear" your DAW when they crash, rather than giving you any error messages. I am not doing this method as posted in this thread, for now anyway.
     
  15. MrLyannMusic

    MrLyannMusic Audiosexual

    Joined:
    Jan 31, 2014
    Messages:
    1,319
    Likes Received:
    671
    Location:
    Tunis, Tunisia
    I believe i have followed the post to the letter but i still get no valid liences found...

    i included a screenshot of the Signing info app, is that what it should say?
     
    Last edited: Mar 22, 2024

    Attached Files:

  16. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,345
    Likes Received:
    3,239
    Why are you guys all hot to trot about re-enabling SIP now anyway? Older MacOS versions still?

    https://support.apple.com/guide/mac-help/what-is-a-signed-system-volume-mchl0f9af76f/mac

    What is a signed system volume?
    macOS includes enhanced protection for your Mac with cryptographic technology (macOS 11 or later) that prevents access to or execution of files that don’t have a valid cryptographic signature from Apple. All system files are protected on the signed system volume (SSV). This advanced system volume technology provides a high level of security against malicious software and tampering with the operating system.

    It also allows software updates to complete in the background while you work, which reduces the time it takes for your Mac to restart and complete updates.
     
  17. ElMoreno

    ElMoreno Kapellmeister

    Joined:
    Jan 13, 2012
    Messages:
    373
    Likes Received:
    57
    Thanks for your valuable advice... :mates:

    Too bad, also because where I live there isn't an Apple support service nearby, if my Mac crashed or had a serious problem I wouldn't know how to fix things quickly.
    This is why I think I'll wait for a more secure system.

    Yes, Sierra in my case :winker:
     
  18. Mauwurf

    Mauwurf Member

    Joined:
    Nov 21, 2013
    Messages:
    31
    Likes Received:
    11
    i had to take down.
     
    Last edited: May 15, 2024
  19. groove

    groove Kapellmeister

    Joined:
    Oct 6, 2012
    Messages:
    178
    Likes Received:
    44
    See in your keychain your developper username certificate is not valid ..
     
  20. tanoc

    tanoc Newbie

    Joined:
    Mar 29, 2013
    Messages:
    7
    Likes Received:
    0
    thanks for the answer, my certificate is ok in my keychain
     
  21. tanoc

    tanoc Newbie

    Joined:
    Mar 29, 2013
    Messages:
    7
    Likes Received:
    0
    i got the message that .bundle is damaged.. any help?
     
Loading...
Similar Threads - Codesigning enabled Forum Date
Codesigning doesn't work anymore Mac / Hackintosh Feb 14, 2024
Cubase 13 (OSX) SIP enabled Cubase / Nuendo Feb 10, 2024
NI VSTs crashing when Windows graphics scaling enabled? Samplers, Synthesizers Aug 24, 2023
KVR MPE Month: Enter to win over $3500 worth of MPE enabled products Giveaways Mar 5, 2022
Latest waves r2r only works when network in enabled? Software May 5, 2017
Loading...