How to sign a Mac OS X application in Linux?

I use a product called install4j to create the DMG files for my app. It code signs the app correctly within the DMG file, and can do so from OS's other than macOS.

Warning though: install4j is not free software, and is actually quite pricey.


You could workaround this by only signing the JavaApplicationStub and info.plist of your application and exclude the "Resources" folder from signing. Then you'd have to change your build process to use the pre-signed container. Of course this is not the sense of codesigning but it will work ;-)

To achieve this, do the following steps:

  • create your .app as usual
  • move it to your mac
  • create a file "ResourceRules.plist" with the following contents:

ResourceRules.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>rules</key>
        <dict>
                <key>^Resources/</key>
                <false/>
                <key>^version.plist$</key>
                <true/>
        </dict>
</dict>
</plist>
  • now sign with the following commands: CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/usr/bin/codesign_allocate" codesign -s "Certificate Name" --resource-rules ResourceRules.plist -fv MyApp.app

  • Then delete everything in Resource and verify the signature (codesign -v -v MyApp.app). You will see that it's still valid

  • Use the complete signed stub in your build process. You can change everything in Resources but you cannot change info.plist.


There is no documented way of code signing a Mac OS X application in Linux.

The only way I've found to do this so far is to SSH into a Mac and use that.

On the other hand, according to @Steve McLeod (https://stackoverflow.com/a/55906962/28190) the installer package install4j does offer this:

Integrated code signing on Windows and Mac OS X . In the “General Settings” section, install4j now has a “Code signing” tab where you can configure code signing certificates for Windows and Mac OS X. Code signing will be applied to all launchers and installer applications in the corresponding media files. The implementations for code signing are cross-platform, so you can sign Windows and Mac OS X media files from a Linux build server, for example.

So it must be technically possible.