Skip to content

Bleak, PyInstaller, and MacOS code signing #1703

Answered by cjhilder
cjhilder asked this question in Q&A
Discussion options

You must be logged in to vote

Turns out the 'magic' is simple: the entitlement required is com.apple.security.cs.allow-unsigned-executable-memory. I think I was including another entitlement (in addition to this one) that 'broke' the signing.
Here's the entitlements.plist file:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">
<dict>
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
     <true/>
</dict>
</plist>

and here's the build command:
% pyinstaller --onefile scan_iterator.py --codesign-identity "Developer ID Application: xxxxxxxx (XXXXXXXX)" --osx-entitlements-file entitlements.plist

Replies: 2 comments 1 reply

Comment options

You must be logged in to vote
1 reply
@cjhilder
Comment options

Comment options

You must be logged in to vote
0 replies
Answer selected by cjhilder
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants