{"id":38698589,"url":"https://github.com/txoof/codesign","last_synced_at":"2026-01-17T10:44:10.295Z","repository":{"id":113295410,"uuid":"310631571","full_name":"txoof/codesign","owner":"txoof","description":"python scripts for signing, packaging, notarizing and stapling command line binaries","archived":false,"fork":false,"pushed_at":"2023-10-15T12:40:20.000Z","size":144,"stargazers_count":52,"open_issues_count":1,"forks_count":11,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-29T11:48:29.581Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/txoof.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-11-06T15:17:10.000Z","updated_at":"2025-07-21T09:40:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"19a86422-eaa7-40a2-941d-0d3d9110a26b","html_url":"https://github.com/txoof/codesign","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/txoof/codesign","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txoof%2Fcodesign","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txoof%2Fcodesign/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txoof%2Fcodesign/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txoof%2Fcodesign/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/txoof","download_url":"https://codeload.github.com/txoof/codesign/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txoof%2Fcodesign/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28506593,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T10:25:30.148Z","status":"ssl_error","status_checked_at":"2026-01-17T10:25:29.718Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-17T10:44:10.205Z","updated_at":"2026-01-17T10:44:10.280Z","avatar_url":"https://github.com/txoof.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"# codesign\nPython3 script for signing, packaging, notarizing and stapling Apple command line binaries using `notarytool`. This script only requires Python3 and uses only standard libraries.\n\nThis script is specifically targeted at codesigning, notarizing, creating `.pkg` files and stapling the notarization onto **commandline tools** written and compiled outside of Apple Xcode. This was created specifically for notarizing and signing python tools created with PyInstaller. \n\nAs of MacOS Catalina, all distributed binaries must be signed and notarized using an apple developer account. This account costs $99 per year. *Thieves*.\n\nApple's documentation for this process is ***ABSOLUTELY*** terrible. For a guide to doing this manually see [Signing_and_Notarizing_HOWTO](https://github.com/txoof/codesign/blob/main/Signing_and_Notarizing_HOWTO.md)\n\n## NEW in v0.3\nAs of v0.3, this script uses `notarytool` instead of `altool`. `altool` is being deprecated by Apple and will no longer work after November 2023.\n\nIf you are updating from a previous version of `pycodesign`, you will need to create a new keychain profile and update your .ini file.\n\n## Requirements\nSee [this guide](https://github.com/txoof/codesign/blob/main/Signing_and_Notarizing_HOWTO.md) for help in obtaining these requirements.\n* Paid apple developer's account\n* Developer ID Application certificate\n* Developer ID Installer certificate\n\n## Quick Start\n1) Download [pycodesign](https://github.com/txoof/codesign/raw/main/pycodesign.tgz)\n2) Unpack and place somehwere in your `$PATH`\n3) Create a keychain profile for notarization using `xcrun notarytool store-credentials YOUR_PROFILE_NAME --apple-id YOUR_APPLE_ID --team-id YOUR_TEAM_ID`\n    * You will be prompted for your app-specific password.\n    * For more information, see [this article](https://developer.apple.com/documentation/technotes/tn3147-migrating-to-the-latest-notarization-tool#Save-credentials-in-the-keychain).\n4) Enter directory containing the binaries you wish to sign\n5) run: `pycodesign.py -N` to create a template configuration file\n6) edit the configuration file (see [below](#configFile) for more details\n7) run `pycodesign.py yourconfig.ini` to begin the signing and notarization process\n8) Enter your username and password as needed to unlock your keychain\n9) Once the package is submitted to Apple, `pycodesign` will wait to see if the process is complete. \n   * Check your email or manually check the notarization status using `xcrun notarytool history --keychain_profile YOUR_PROFILE_NAME`\n10) rejoyce in your signed .pkg file\n\n## Manual\nBasic Usage:\n`$ codesign.py my_config.ini`\n\n```\nusage: pycodesign.py [-h] [-v] [-V] [-N] [-s] [-p] [-n] [-t] [-T \u003cINTEGER\u003e]\n                     [-C \u003cINTEGER\u003e]\n                     [\u003cPYCODESIGN_CONFIG.INI\u003e]\n\nPyCodeSign -- Code Signing and Notarization Assistant\n\npositional arguments:\n  \u003cPYCODESIGN_CONFIG.INI\u003e\n                        configuration file to use when codesigning\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -v, --verbose\n  -V, --version\n  -N, --new             create a new sample configuration with name\n                        \"pycodesign.ini\" in current directory\n  -s, --sign            sign the executables, but take no further action\n                        (can be combined with -p, -n, -t)\n  -p, --package         package the executables, but take no further action\n                        (can be combined with -s, -n, -t)\n  -n, --notarize        notarize the package, but take no further action\n                        (can be combined with -s, -p, -t)\n  -t, --staple          stape the notarization to the the package, but take\n                        no further action (can be combined with -s, -p, -n)\n  -O \u003cVERSION STRING\u003e, --pkg_version \u003cVERSION STRING\u003e\n                        overide the version number in the .ini file and use \n                        supplied version number.\n```\n\n## Codesign Configuration File Structure\n\u003ca name=\"configFile\"\u003e \u003c/a\u003e\nFor help creating certificates and app-specific passwords see: [Signing_and_Notarizing_HOWTO](https://github.com/txoof/codesign/blob/main/Signing_and_Notarizing_HOWTO.md)\n\nUse `security find-identity -p basic -v` to view Certificate strings\n\nUse `curl -LJO https://raw.githubusercontent.com/txoof/codesign/main/entitlements.plist` to quickly download the a sample `entitlements.plist`\n```\n# All [sections] and values are required unless otherwise noted\n# whitespace and comments are ignored\n\n# identification details\n[identification] \n# unique substring from the Developer ID Application certificate\n# such as the HASH or the short team has\napplication_id = Unique Substring of Developer ID Application Cert\n# unique substring from the Developer ID Installer certificate\n# such as the HASH or the short team has\ninstaller_id = Unique Substring of Developer ID Installer Cert\n# Keychain profile with credentials for app notarization\nkeychain-profile = Name-of-stored-keychain-profile\n\n[package_details]\n# name of finished package such as \"pdfsplitter\" or \"whizbangtool\"\npackage_name = nameofpackage\n# unique bundle identifier -- this is typically in reverse DNS\n# format such as com.yoursite.pdfsplitter or com.yoursite.whizbangtool\nbundle_id = com.developer.packagename\n# paths to files to include in the package specified as comma separated list\nfile_list = include_file1, include_file2\n# path where the Apple .pkg installer will install the tools\n# such as /Applications or /usr/local/bin\ninstallation_path = /Applications/\n# entitlements XML -- binaries with embedded libraries such as those use 'None' to skip\n# produced by PyInstlaler require a special entitlements.plist\n# see the a sample here https://github.com/txoof/codesign/blob/main/entitlements_sample.plist\nentitlements = None\n# your version number\nversion = 0.0.0\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftxoof%2Fcodesign","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftxoof%2Fcodesign","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftxoof%2Fcodesign/lists"}