How to code-sign my python script / package packaged for mac using pyinstaller without using xcode?
Solution 1:
You can code sign your distribution manually using the codesign
tool. Apple's Code Signing Guide includes a section on manually signing code:
Signing Your Code Manually
… In the unusual case that you sign your code manually, or to interrogate an app for details about its signature, you use the codesign command line tool directly. See the codesign man page for a complete enumeration of the options this tool takes.
Depending on the complexity of the bundle being signed, the final command typically looks like:
codesign -s <identity> <absolute-bundle-path>
identity
refers to the common name of the signing certificate. For distribution on computers you do not control, you will want to issue an Apple Developer ID using Apple's developer web site.
Notarizing
Once your bundle is code signed, you should ask Apple services to notarize it, see Notarizing macOS Software Before Distribution. This will remove the first run message from Apple warning about possible malware.
As with code signing, a command line approach exists using altool
, see Customizing the Notarization Workflow.