Signing OSX Builds

Revision as of 00:37, 27 July 2021 by Visituse (talk | contribs) (Add category)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Below are the steps for signing OSX Builds using masonry:

  • Enroll in the Apple Developer Program to be able to generate a Developer ID Certificate
  • Install Apple Certificates in your Keychain using Xcode (Preferences -> Accounts)


  • Add the Developer ID signing certificate's Common Name to the cert option in the masonry opts configuration file (e.g., mb-2.13.3-darwin:10.13-x86_64-release.json).
  {"version": "2.13.3",
  "build_types": ["release"],
  "arch":   "darwin-x86_64",
  "cert":   "Developer ID Application: Kevin Griffin (K2QL7A77SW)",
  "branch": "2.13RC",
  "make_nthreads": 8,
  "boost_dir": "/.../boost/1_60_0/i386-apple-darwin15_clang",
  "svn": {"mode":"ssh","nersc_uname":"name"},
  "build_visit":  { "cmake_ver": "3.8.1",
                    "args":"--no-thirdparty --openssl",
  • Test application signature against system policies using codesign -vvv
$> codesign -vvv valid on disk satisfies its Designated Requirement
  • Alternatively, test application signature against system policies using spctl -a -t exec -vv
$> spctl -a -t exec -vv accepted
source=Developer ID
origin=Developer ID Application: Kevin Griffin (K2QL7a77SW)