Codesign of Dropbox API fails in Xcode 4.6.3: "code object is not signed at all"

xcode macos dropbox code-signing mac-app-store
Craig Otis picture Craig Otis · Jun 23, 2013 · Viewed 31k times · Source

I have an OS X app that's distributed through the Mac App Store, and recently updated to Xcode 4.6.3.

When I run my regular build now, I receive:

Command /usr/bin/codesign failed with exit code 1:

/Users/Craig/Library/Developer/Xcode/DerivedData/Mac-dxcgahgplwpbjedqnembegifbowj/Build/Products/Debug/MyApp.app: code object is not signed at all
In subcomponent: /Users/Craig/Library/Developer/Xcode/DerivedData/Mac-dxcgahgplwpbjedqnembegifbowj/Build/Products/Debug/MyApp.app/Contents/Frameworks/DropboxOSX.framework
Command /usr/bin/codesign failed with exit code 1

I can't seem to discern any other changes in my project, so I can't tell if it's an issue related to the 4.6.3 update, or something else.

I have tried restarting Xcode, running a clean build, and cleaning the build folder.

Answer

Craig Otis picture Craig Otis · Jul 1, 2013

I think I may have figured this one out. I've been running Xcode 4.6.3 on OS X Mavericks, under the impression that any build-specific tools were bundled in the Xcode application.

But, it seems codesign is in /usr/bin. Whether it's put there by one of the Xcode installers or comes with a vanilla system install, I'm not sure. But reading through the man page for codesign, I found this nifty option:

--deep  When signing a bundle, specifies that nested code content such as helpers, frameworks, and plug-ins, should be recursively signed
             in turn. Beware that all signing options you specify will apply, in turn, to such nested content.
             When verifying a bundle, specifies that any nested code content will be recursively verified as to its full content. By default,
             verification of nested content is limited to a shallow investigation that may not detect changes to the nested code.
             When displaying a signature, specifies that a list of directly nested code should be written to the display output. This lists only
             code directly nested within the subject; anything nested indirectly will require recursive application of the codesign command.

And then I found this post (https://alpha.app.net/isaiah/post/6774960) from two weeks ago (~June 2013), which mentions (albeit second-handedly):

@isaiah I asked a guy in the labs about it. He said codesign now requires embedded frameworks to be signed separately before code signing the app bundle as a whole.

Manually re-running the codesign command that Xcode normally runs, while adding the --deep flag to the end, signs the application properly.

I'm not yet sure exactly what ramifications this manual signing has, or whether I can tweak the Xcode build to add the --deep flag automatically, but this seems to be the underlying issue. (codesign no longer automatically deeply signs your app bundle.)

Related questions

Git is not working after macOS Update (xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools)

I updated to macOS Mojave (this happens to Catalina update too). This morning I navigated to my work's codebase in the Command Line on my MacBook pro, typed in "git status" in the repository and received the error: xcrun: error: …

Read More
How to install Xcode Command Line Tools

How do I get the command-line build tools installed with the current Xcode/Mac OS X v10.8 (Mountain Lion) or later? Unlike Xcode there is no installer, it's just a bundle. It looks like all the command line tools are …

Read More
How do you update Xcode on OSX to the latest version?

What is the easiest way to update Xcode on OSX? I see this in the terminal: $ brew install xxxxxxx Warning: Your Xcode (4.3.3) is outdated Please install Xcode 4.6. But when I go to open up Xcode > Preferences > Downloads, it …

Read More