Codesign
python scripts for signing, packaging, notarizing and stapling command line binaries
Install / Use
/learn @txoof/CodesignREADME
codesign
Python3 script for signing, packaging, notarizing and stapling Apple command line binaries using notarytool. This script only requires Python3 and uses only standard libraries.
This script is specifically targeted at codesigning, notarizing, creating .pkg files and stapling the notarization onto commandline tools written and compiled outside of Apple Xcode. This was created specifically for notarizing and signing python tools created with PyInstaller.
As of MacOS Catalina, all distributed binaries must be signed and notarized using an apple developer account. This account costs $99 per year. Thieves.
Apple's documentation for this process is ABSOLUTELY terrible. For a guide to doing this manually see Signing_and_Notarizing_HOWTO
NEW in v0.3
As of v0.3, this script uses notarytool instead of altool. altool is being deprecated by Apple and will no longer work after November 2023.
If you are updating from a previous version of pycodesign, you will need to create a new keychain profile and update your .ini file.
Requirements
See this guide for help in obtaining these requirements.
- Paid apple developer's account
- Developer ID Application certificate
- Developer ID Installer certificate
Quick Start
- Download pycodesign
- Unpack and place somehwere in your
$PATH - Create a keychain profile for notarization using
xcrun notarytool store-credentials YOUR_PROFILE_NAME --apple-id YOUR_APPLE_ID --team-id YOUR_TEAM_ID- You will be prompted for your app-specific password.
- For more information, see this article.
- Enter directory containing the binaries you wish to sign
- run:
pycodesign.py -Nto create a template configuration file - edit the configuration file (see below for more details
- run
pycodesign.py yourconfig.inito begin the signing and notarization process - Enter your username and password as needed to unlock your keychain
- Once the package is submitted to Apple,
pycodesignwill wait to see if the process is complete.- Check your email or manually check the notarization status using
xcrun notarytool history --keychain_profile YOUR_PROFILE_NAME
- Check your email or manually check the notarization status using
- rejoyce in your signed .pkg file
Manual
Basic Usage:
$ codesign.py my_config.ini
usage: pycodesign.py [-h] [-v] [-V] [-N] [-s] [-p] [-n] [-t] [-T <INTEGER>]
[-C <INTEGER>]
[<PYCODESIGN_CONFIG.INI>]
PyCodeSign -- Code Signing and Notarization Assistant
positional arguments:
<PYCODESIGN_CONFIG.INI>
configuration file to use when codesigning
optional arguments:
-h, --help show this help message and exit
-v, --verbose
-V, --version
-N, --new create a new sample configuration with name
"pycodesign.ini" in current directory
-s, --sign sign the executables, but take no further action
(can be combined with -p, -n, -t)
-p, --package package the executables, but take no further action
(can be combined with -s, -n, -t)
-n, --notarize notarize the package, but take no further action
(can be combined with -s, -p, -t)
-t, --staple stape the notarization to the the package, but take
no further action (can be combined with -s, -p, -n)
-O <VERSION STRING>, --pkg_version <VERSION STRING>
overide the version number in the .ini file and use
supplied version number.
Codesign Configuration File Structure
<a name="configFile"> </a> For help creating certificates and app-specific passwords see: Signing_and_Notarizing_HOWTO
Use security find-identity -p basic -v to view Certificate strings
Use curl -LJO https://raw.githubusercontent.com/txoof/codesign/main/entitlements.plist to quickly download the a sample entitlements.plist
# All [sections] and values are required unless otherwise noted
# whitespace and comments are ignored
# identification details
[identification]
# unique substring from the Developer ID Application certificate
# such as the HASH or the short team has
application_id = Unique Substring of Developer ID Application Cert
# unique substring from the Developer ID Installer certificate
# such as the HASH or the short team has
installer_id = Unique Substring of Developer ID Installer Cert
# Keychain profile with credentials for app notarization
keychain-profile = Name-of-stored-keychain-profile
[package_details]
# name of finished package such as "pdfsplitter" or "whizbangtool"
package_name = nameofpackage
# unique bundle identifier -- this is typically in reverse DNS
# format such as com.yoursite.pdfsplitter or com.yoursite.whizbangtool
bundle_id = com.developer.packagename
# paths to files to include in the package specified as comma separated list
file_list = include_file1, include_file2
# path where the Apple .pkg installer will install the tools
# such as /Applications or /usr/local/bin
installation_path = /Applications/
# entitlements XML -- binaries with embedded libraries such as those use 'None' to skip
# produced by PyInstlaler require a special entitlements.plist
# see the a sample here https://github.com/txoof/codesign/blob/main/entitlements_sample.plist
entitlements = None
# your version number
version = 0.0.0
Related Skills
diffs
341.8kUse the diffs tool to produce real, shareable diffs (viewer URL, file artifact, or both) instead of manual edit summaries.
clearshot
Structured screenshot analysis for UI implementation and critique. Analyzes every UI screenshot with a 5×5 spatial grid, full element inventory, and design system extraction — facts and taste together, every time. Escalates to full implementation blueprint when building. Trigger on any digital interface image file (png, jpg, gif, webp — websites, apps, dashboards, mockups, wireframes) or commands like 'analyse this screenshot,' 'rebuild this,' 'match this design,' 'clone this.' Skip for non-UI images (photos, memes, charts) unless the user explicitly wants to build a UI from them. Does NOT trigger on HTML source code, CSS, SVGs, or any code pasted as text.
openpencil
1.9kThe world's first open-source AI-native vector design tool and the first to feature concurrent Agent Teams. Design-as-Code. Turn prompts into UI directly on the live canvas. A modern alternative to Pencil.
ui-ux-designer
Use this agent when you need to design, implement, or improve user interface components and user experience flows. Examples include: creating new pages or components, improving existing UI layouts, implementing responsive designs, optimizing user interactions, building forms or dashboards, analyzing existing UI through browser snapshots, or when you need to ensure UI components follow design system standards and shadcn/ui best practices.\n\n<example>\nContext: User needs to create a new dashboard page for team management.\nuser: "I need to create a team management dashboard where users can view team members, invite new members, and manage roles"\nassistant: "I'll use the ui-ux-designer agent to design and implement this dashboard with proper UX considerations, using shadcn/ui components and our design system tokens."\n</example>\n\n<example>\nContext: User wants to improve the user experience of an existing form.\nuser: "The signup form feels clunky and users are dropping off. Can you improve it?"\nassistant: "Let me use the ui-ux-designer agent to analyze the current form UX and implement improvements using our design system and shadcn/ui components."\n</example>\n\n<example>\nContext: User wants to evaluate and improve existing UI.\nuser: "Can you take a look at our pricing page and see how we can make it more appealing and user-friendly?"\nassistant: "I'll use the ui-ux-designer agent to take a snapshot of the current pricing page, analyze the UX against Notion-inspired design principles, and implement improvements using our design tokens."\n</example>
