{"id":31667,"date":"2021-02-18T20:19:41","date_gmt":"2021-02-19T01:19:41","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=31667"},"modified":"2021-02-19T15:49:49","modified_gmt":"2021-02-19T20:49:49","slug":"code-signing-when-building-on-apple-silicon","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/02\/18\/code-signing-when-building-on-apple-silicon\/","title":{"rendered":"Code Signing When Building on Apple Silicon"},"content":{"rendered":"<p><a href=\"https:\/\/developer.apple.com\/forums\/thread\/673323\">Quinn<\/a>:<\/p>\n<blockquote cite=\"https:\/\/developer.apple.com\/forums\/thread\/673323\">\n<p>codesign should choose the signing format based on the deployment target:<\/p>\n<ul><li>If your deployment target is 10.11 or later, you get sha256.<\/li>\n<li>If your deployment target is earlier, you get both sha1 and sha256.<\/li><\/ul>\n<p>This problem crops up because, when building for both Intel and Apple Silicon, your deployment targets are different.  You might set the deployment target to 10.9 but, on Apple Silicon, that&rsquo;s raised to the minimum Apple Silicon system, 11.0.  So, which deployment target does it choose?<\/p>\n<\/blockquote>\n<p>The wrong one, if you&rsquo;re trying to deploy to an older version of macOS. I&rsquo;ve seen lots of posts about this problem in relation to installer packages, but it applies to apps, too.<\/p>\n<blockquote cite=\"https:\/\/developer.apple.com\/forums\/thread\/673323\">\n<p>The upshot is that you have problems if your deployment target is less than 10.11 and you sign on Apple Silicon.  When you run on, say, macOS 10.10, the system looks for a sha1 hash, doesn&rsquo;t find it, and complains.<\/p><\/blockquote>\n<p>You can work around this by <a href=\"https:\/\/developer.apple.com\/documentation\/xcode-release-notes\/xcode-12_5-beta-release-notes\/\">setting<\/a> <code>OTHER_CODE_SIGN_FLAGS<\/code> to <code>--digest-algorithm=sha1,sha256<\/code>.<\/p>\n\n<p id=\"code-signing-when-building-on-apple-silicon-update-2021-02-19\">Update (2021-02-19): <a href=\"https:\/\/twitter.com\/ridiculous_fish\/status\/1362609750119096321\">Peter Ammon<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/ridiculous_fish\/status\/1362609750119096321\"><p>#fishshell was bitten by this, it means we can no longer use Apple&rsquo;s tools to codesign, so we <a href=\"https:\/\/github.com\/fish-shell\/fish-shell\/blob\/master\/build_tools\/mac_sign_package.sh\">use xar instead<\/a>.<\/p><\/blockquote>\n\n<p>See also: <a href=\"https:\/\/twitter.com\/jmfd\/status\/1345234456936734721\">Jonathan Deutsch<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Quinn: codesign should choose the signing format based on the deployment target: If your deployment target is 10.11 or later, you get sha256. If your deployment target is earlier, you get both sha1 and sha256. This problem crops up because, when building for both Intel and Apple Silicon, your deployment targets are different. You might [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-02-19T01:19:44Z","apple_news_api_id":"312e2cd1-e5b8-4442-aac8-adbea93b484d","apple_news_api_modified_at":"2021-02-19T20:49:53Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAA==","apple_news_api_share_url":"https:\/\/apple.news\/AMS4s0eW4REKqyK2-qTtITQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[2014,466,903,475,71],"class_list":["post-31667","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-apple-m1","tag-codesigning","tag-mac-os-x-10-10-yosemite","tag-mavericks","tag-programming"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/31667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=31667"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/31667\/revisions"}],"predecessor-version":[{"id":31682,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/31667\/revisions\/31682"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=31667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=31667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=31667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}