{"id":35025787,"url":"https://github.com/hasii2011/py2appsigner","last_synced_at":"2026-03-09T21:25:09.485Z","repository":{"id":167422292,"uuid":"643044799","full_name":"hasii2011/py2appsigner","owner":"hasii2011","description":"Specialty python scripts for Apple code signing of py2app applications","archived":false,"fork":false,"pushed_at":"2025-10-17T18:56:53.000Z","size":103,"stargazers_count":3,"open_issues_count":3,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-21T23:27:39.687Z","etag":null,"topics":["apple","codesigning","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hasii2011.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-20T00:26:34.000Z","updated_at":"2025-10-25T14:54:54.000Z","dependencies_parsed_at":"2024-06-09T21:51:35.181Z","dependency_job_id":"c9e19f66-0516-4079-a923-3e189691f65c","html_url":"https://github.com/hasii2011/py2appsigner","commit_stats":null,"previous_names":["hasii2011/py2appsigner"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/hasii2011/py2appsigner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasii2011%2Fpy2appsigner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasii2011%2Fpy2appsigner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasii2011%2Fpy2appsigner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasii2011%2Fpy2appsigner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hasii2011","download_url":"https://codeload.github.com/hasii2011/py2appsigner/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasii2011%2Fpy2appsigner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30312174,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T20:05:46.299Z","status":"ssl_error","status_checked_at":"2026-03-09T19:57:04.425Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apple","codesigning","python"],"created_at":"2025-12-27T06:24:36.407Z","updated_at":"2026-03-09T21:25:09.477Z","avatar_url":"https://github.com/hasii2011.png","language":"Python","readme":"[![CircleCI](https://dl.circleci.com/status-badge/img/gh/hasii2011/py2appsigner/tree/master.svg?style=shield)](https://dl.circleci.com/status-badge/redirect/gh/hasii2011/py2appsigner/tree/master)\n[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://GitHub.com/Naereen/StrapDown.js/graphs/commit-activity)\n[![PyPI version](https://badge.fury.io/py/py2appsigner.svg)](https://badge.fury.io/py/py2appsigner)\n\n## Rationale\n\nThese utilities help me sign Python applications built with [py2app](https://github.com/ronaldoussoren/py2app).  This project is a Python rewrite of the one I implemented using [Bash](https://www.gnu.org/software/bash/manual/bash.html) scripts.  See the [CodeSigningScripts](https://github.com/hasii2011/CodeSigningScripts) repository.  The source article for this code and the shell scripts is still [here](https://hsanchezii.wordpress.com/2021/10/06/code-signing-python-py2app-applications/).  The motivation to do this in Python was that supporting different Python versions necessitated implementing version specific scripts when signing the Python libraries and applications.  I thought that was unsustainable.\n\nThe goals for this project are:\n\n- Consistent CLI interface across Python versions \n- Installable in a developer's virtual environment\n- Default the signing parameters to environment variables.  This allows for short CLI invocations.  However, still allow CLI parameter overrides\n- Use the built-in keychain to store the notarization tool application ID.  This avoid having to either key-in or recall from the bash history a long, long application ID.\n\nInstallation\n```bash\npip install py2appsigner\n```\n## Dependencies\n\nThis project uses [Click](https://click.palletsprojects.com/) for CLI handling\n\n\n## Required Environment Variables\n\nThe above commands depend on the following environment variables.\n\n```bash\nPROJECTS_BASE             -  The local directory where the python projects are based\nPROJECT                   -  The name of the project;  It should be a directory name\nIDENTITY                  - Your Apple Developer ID \n```\n\n An example, of a PROJECTS_BASE is:\n\n```bash\nexport PROJECTS_BASE=\"${HOME}/PycharmProjects\" \n```\n\nThis should be set in your shell startup script.  For example `.bash_profile`.\n\nThe PROJECT environment variable should be set on a project by project basis.  I recommend you use [direnv](https://direnv.net) to manage \nthese.  An example of a .envrc follows:\n\n```bash\nexport PROJECT=pyutmodel\nsource pyenv-3.10.6/bin/activate\n```\n\n## Python Console Scripts\n\n### Sign the internal zip file\n\n```bash\npy2appSign -p 3.11 -d pyut -a Pyut  zipsign\n```\n\n\n### Sign the application\n\n```bash\npy2appSign -p 3.11 -d pyut -a Pyut  appsign\n```\n\n\n### Notarize the application\n\n```bash\nappNotarize -d pyut -a Pyut --verbose\n```\n\n\n### Staple the application\n\n```bash\nappStaple -d pyut -a Pyut --verbose\n```\n\n\n### Verify application signing\n\n```bash\nappVerify -d pyut -a Pyut\n```\n\n### Utility Scripts\n\n#### Notarization History\n\n```bash\nnotaryTool history\n```\n\n##### Specify a profile name\n\n```bash\nnotaryTool -p NOTARY_TOOL_APP_ID history\n```\n\nStores the history in the file `notaryHistory.log`.\n\n#### Notary Details\n\n```bash\nnotaryTool information -i \u003csubmission id)\n```\n`e.g. 5f57fc1e-23d3-42ab-b0ad-ec1d2635c4ad\n`\n\n##### Specify a profile name\n\n```bash\nnotaryTool -p NOTARY_TOOL_APP_ID information -i \u003csubmission id\u003e\n```\n`e.g.  5f57fc1e-23d3-42ab-b0ad-ec1d2635c4ad`\n\nStores the output in the file `notary-{submission id}.log`\n\n\n\n## Weird options added over the years\n\nAs Python has rolled versions and I use the application signer for different application several weirdnesses have appeared as py2app builds the binary.   Rather that patching each individual OS X application I added the sub commands in case you encountered these errors that cause the Apple CLI (`/usr/sbin/spctl`) to fail\n\n### The zipsign subcommand has the following option\n\n`--delete-part-files`\nThis problem surfaced with Python 3.13.  This option removes these bad files that cause `appVerify` to fail.  These are in the internal `python313.zip` file in the `test/zipimport_data` subdirectory.\n\nI only remove the `.part` files and the `zipimport_data` directory.  These leads me to question the existence of `test` subdirectory in the Python zip file with lots of other subdirectories.   I may experiment in the future in entirely removing the `test` subdirectory.  Currently, its size is 7.7 MB.\n\n### The `appsign` subcommand has the followiing options\n\n`--fix-lib`\n`--fix-sym-link`\n\n#### --fix-lib\n\nThis option retrieves  the following dynamic library from Homebrew.  The one packaged in the .app file is unsignable.\n\nThe option copies it into the applicaiton.  Currently, works only on Apple Silicon OS X andwith [Homebrew](https://brew.sh) installed.  You must manally do this on Intel OS X.\n\nSee: https://stackoverflow.com/questions/62095338/py2app-fails-macos-signing-on-liblzma-5-dylib\n\nOn Intel OS X\n\n`/usr/local/Cellar/xz/5.2.5/lib/liblzma.5.dylib`\n\nApple Silicon\n\n`/opt/homebrew/opt/xz/lib/liblzma.5.dylib`\n\n####   --fix-sym-link\n\nThis option removes the following symbolic link from the application binary before signing\n\n`{application}.app/Contents/Resources/lib/python{python version}/site.pyo`\n\nLeaving this file in place with a signed and notarized application causes it to  fail the appVerify phase and renders the binary unusable\n\n___\n\nWritten by \u003ca href=\"mailto:email@humberto.a.sanchez.ii@gmail.com?subject=Hello Humberto\"\u003eHumberto A. Sanchez II\u003c/a\u003e  (C) 2026\n\n---\n\n## Note\n\nFor all kind of problems, requests, enhancements, bug reports, etc., please drop me an e-mail.\n\n\n![Humberto's Modified Logo](https://raw.githubusercontent.com/wiki/hasii2011/gittodoistclone/images/SillyGitHub.png)\n\nI am concerned about GitHub's Copilot project\n\n\n\nI urge you to read about the [Give up GitHub](https://GiveUpGitHub.org) campaign from [the Software Freedom Conservancy](https://sfconservancy.org).\n\nWhile I do not advocate for all the issues listed there I do not like that a company like Microsoft may profit from open source projects.\n\nI continue to use GitHub because it offers the services I need for free.  But, I continue to monitor their terms of service.\n\nAny use of this project's code by GitHub Copilot, past or present, is done without my permission.  I do not consent to GitHub's use of this project's code in Copilot.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasii2011%2Fpy2appsigner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhasii2011%2Fpy2appsigner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasii2011%2Fpy2appsigner/lists"}