Forum Xamarin.Mac


The Xamarin Forums have officially moved to the new Microsoft Q&A experience. Microsoft Q&A is the home for technical questions and answers at across all products at Microsoft now including Xamarin!

To create new threads and ask questions head over to Microsoft Q&A for .NET and get involved today.

Xamarin.Mac Notarization libMonoPosixHelper.dylib Not Signed

AllanChin.6924AllanChin.6924 USUniversity ✭✭✭
edited May 2019 in Xamarin.Mac

Apparently, Mac apps are required to be notarized by Apple before deployment. Do I need to worry about this? libMonoPosixHelper.dylib is an Apple library.

  "severity": "error",
  "code": null,
  "path": " Contents/Payload/HP",
  "message": "The binary is not signed.",
  "docUrl": null,
  "architecture": "x86_64"
  "severity": "error",
  "code": null,
  "path": " Contents/Payload/HP",
  "message": "The signature does not include a secure timestamp.",
  "docUrl": null,
  "architecture": "x86_64"




  • ChrisHamonsChrisHamons USForum Administrator, Xamarin Team Xamurai

    See for details

    The "d16-1" listed is in Alpha/Beta currently now, no need to download a specific build.

  • AllanChin.6924AllanChin.6924 USUniversity ✭✭✭
    edited May 2019

    My Entitlements.plist looks like this.

    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
    <plist version="1.0">

    And this is my project's .csproj file.

      <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
        <CodeSigningKey>Developer ID Application</CodeSigningKey>
        <PackageSigningKey>Developer ID Installer</PackageSigningKey>

    But I still get this when I attempt to notarize.

          "severity": "error",
          "code": null,
          "path": "HP_Smart36-3.6.270-HP_Smart.pkg/HP_Smart_App.pkg Contents/Payload/HP Smart",
          "message": "The executable does not have the hardened runtime enabled.",
          "docUrl": null,
          "architecture": "x86_64"

    Here;'s my development environment.

    === Visual Studio Community 2019 for Mac ===

    Version 8.0.8 (build 2)
    Installation UUID: 52841cf1-dbf0-469c-a714-a263f1d0573b
    GTK+ 2.24.23 (Raleigh theme)
    Xamarin.Mac (d16-0 / 040682909)

    Package version: 518010003

    === Mono Framework MDK ===

    Mono (2018-08/fdb26b0a445) (64-bit)
    Package version: 518010003

    === NuGet ===


    === .NET Core ===

    Runtime: /usr/local/share/dotnet/dotnet
    Runtime Versions:
    SDK: /usr/local/share/dotnet/sdk/2.1.505/Sdks
    SDK Versions:
    MSBuild SDKs: /Library/Frameworks/Mono.framework/Versions/5.18.1/lib/mono/msbuild/15.0/bin/Sdks

    === Xamarin.Profiler ===

    '/Applications/Xamarin' not found

    === Updater ===

    Version: 11

    === Apple Developer Tools ===

    Xcode 10.2.1 (14490.122)
    Build 10E1001

    === Xamarin.Mac ===

    Version: (Visual Studio Community)
    Hash: 0aa84521
    Branch: d16-0
    Build date: 2019-04-02 16:01:19-0400

    === Xamarin.iOS ===

    Version: (Visual Studio Community)
    Hash: f2248ae6
    Branch: d16-0
    Build date: 2019-04-23 11:59:04-0400

    === Xamarin Designer ===

    Hash: 3d086e814
    Branch: remotes/origin/d16-0
    Build date: 2019-04-01 09:20:10 UTC

    === Xamarin.Android ===

    Version: (Visual Studio Community)
    Android SDK: /Users/allan/Library/Developer/Xamarin/android-sdk-macosx
    Supported Android versions:
    6.0 (API level 23)
    7.1 (API level 25)
    8.1 (API level 27)

    SDK Tools Version: 25.2.5
    SDK Platform Tools Version: 26.0.0
    SDK Build Tools Version: 25.0.3

    Build Information:
    Mono: mono/mono/[email protected]
    Java.Interop: xamarin/java.interop/[email protected]
    LibZipSharp: grendello/LibZipSharp/[email protected]
    LibZip: nih-at/libzip/[email protected]
    MXE: xamarin/mxe/[email protected]
    ProGuard: xamarin/proguard/[email protected]
    SQLite: xamarin/sqlite/[email protected]
    Xamarin.Android Tools: xamarin/xamarin-android-tools/[email protected]

    === Microsoft Mobile OpenJDK ===

    Java SDK: /Users/allan/Library/Developer/Xamarin/jdk/microsoft_dist_openjdk_8.0.25
    Android Designer EPL code available here:

    === Android Device Manager ===

    Hash: 86df26f
    Branch: remotes/origin/d16-0
    Build date: 2019-05-16 16:08:28 UTC

    === Xamarin Inspector ===

    Version: 1.4.3
    Hash: db27525
    Branch: 1.4-release
    Build date: Mon, 09 Jul 2018 21:20:18 GMT
    Client compatibility: 1

    === Build Information ===

    Release ID: 800080002
    Git revision: b891fe614b73bbd65c22967fb111cbd830f7fcdd
    Build date: 2019-05-22 19:17:43+00
    Build branch: release-8.0
    Xamarin extensions: 62a26fe08bb2b9b5893bb0f46b1fc93994fd8c58

    === Operating System ===

    Mac OS X 10.14.5
    Darwin 18.6.0 Darwin Kernel Version 18.6.0
    Thu Apr 25 23:16:27 PDT 2019
    root:xnu-4903.261.4~2/RELEASE_X86_64 x86_64

  • ChrisHamonsChrisHamons USForum Administrator, Xamarin Team Xamurai

    Please post your full build log, it is impossible to see what signing actually did without it.

  • AllanChin.6924AllanChin.6924 USUniversity ✭✭✭

    Here you go Chris. It's pretty big, even after I deleted all the SVN check-out logs.

  • ChrisHamonsChrisHamons USForum Administrator, Xamarin Team Xamurai
    edited June 2019

    Ok, here's what I've found:

    We are pulling it in via mmp:

    xcrun -sdk macosx lipo '/HUDSON/san-hudson-1/workspace/MacGotham_STAB_Production/Mac/SmartApp/bin/Release/HP' -thin x86_64 -output '/HUDSON/san-hudson-1/workspace/MacGotham_STAB_Production/Mac/SmartApp/bin/Release/HP'

    However we're not codesigning in your build?

    Target "_CodesignAppBundle" skipped, due to false condition; ('$(EnableCodeSigning)') was evaluated as ('false').

    which makes sense, I didn't see this before:


    You need to enable codesigning and package signing, notarization requires both to have a chance to pass.

    If enabling those fix it, we should file an issue because we can catch that misconfiguration and warn/error.

  • AllanChin.6924AllanChin.6924 USUniversity ✭✭✭

    Ok, I see that flag, but there's this in our build script.

    SignApp=$DO_RELEASE_CONFIG  # Actually, only sign the RELEASE build of App... (you can turn this OFF if you are local and do NOT have the keys on your machine)
    if [[ ( $DO_BUILD -eq 1 ) && ( $BuildError -eq  0 ) ]] ; then
        if [[ ( $SignApp -eq 1 ) ]] ; then
            echo "### [${ThisScript}] -- Code-Sign the Application: ${APP_FILE_NAME}"
            codesign --sign "$APP_SIGN_ID" --deep --force --verbose=2 "${DIST_APP_WITH_PATH}"
            # looks like Jenkins machine has multiple app-signing keys, and gets an 'ambiguous' error, so ignore error until we get Jenkins guys to delete older key
            # BuildError=$?
            echo "### [${ThisScript}] -- Application: ${APP_FILE_NAME} is *NOT* Code-signed"

    And this in the build log.

    Time Elapsed 00:11:51.57
    ### []    NOTE - build log output file is here: /HUDSON/san-hudson-1/workspace/MacGotham_STAB_Production/Mac/SmartApp/bin/Release/SmartApp_buildlog.txt
    ### [] -- Code-Sign the Application: HP
    Developer ID Application: HP Inc. (6HB5Y2QTA3): found in both /Users/cscrbuild/Library/Keychains/login.keychain-db and /Library/Keychains/System.keychain (this is all right)
    Developer ID Application: HP Inc. (6HB5Y2QTA3): found in both /Users/cscrbuild/Library/Keychains/login.keychain-db and /Users/cscrbuild/Library/Keychains/login.keychain-db (this is all right)
    Developer ID Application: HP Inc. (6HB5Y2QTA3): found in both /Users/cscrbuild/Library/Keychains/login.keychain-db and /Library/Keychains/System.keychain (this is all right)
    /HUDSON/san-hudson-1/workspace/MacGotham_STAB_Production/Mac/SmartApp/bin/Release/HP signed app bundle with Mach-O thin (x86_64) [com.hp.SmartMac]
    /HUDSON/san-hudson-1/workspace/MacGotham_STAB_Production/Mac/SmartApp/bin/Release/HP timestamps differ by 1762 seconds - check your system clock

    Thanks Allan

  • ChrisHamonsChrisHamons USForum Administrator, Xamarin Team Xamurai
    edited June 2019

    If you are doing code signing outside of mmp you'll need to update it to the right thing yourself:

    I suggest watching this video

    You'll need to do inside out signing of all binaries, making sure to use a secure timestamp and sign all binaries and not invalidate signatures.

    Or you could fix your build and let mmp handle it.

  • VRahikkaVRahikka Member ✭✭


    I'm having same kind of issue. Getting lot's of "The signature of the binary is invalid." errors for .dylibs inside my app when Notarizing. We are building in cloud so I cannot do building trough Visual Studio but from Terminal.

    I assumed that --deep would take care of signing all the content in my app, but I guess this is not true. So do I manually have to sign everything inside my app if I do it from terminal?

    Thanks Ville

  • ChrisHamonsChrisHamons USForum Administrator, Xamarin Team Xamurai

    Are you using mmp to copy those libraries in your bundle (via a NativeReference) or handling it some other way? mmp should be doing the right thing.

    You also may want to start a new issue, this one was last discussed middle of last year.

Sign In or Register to comment.