Code signing manually compiled software after changes

Sometimes when re-compiling software from the Compiling a Web Development Environment on Mac OS X guide (or any other software), the code signature can become invalid. This often manifests itself as an annoying confirmation dialog that continually asks Do you want the application “XYZ” to accept incoming network connections? and you have to choose either Allow or Deny. The OS X firewall does not save your selection when an application’s signature is invalid. To stop these annoying confirmations, you must re-code sign the application.

First, check if the code signature is the actual problem:

codesign -v /path/to/app

If the signature is invalid, you should see something similar to this:

/path/to/app: invalid signature (code or signature have been modified)

The next step requires you to create a self-signed certificate for code signing:

  • Open the Keychain Access app which can be found in Applications → Utilities.
  • Select Keychain Access → Certificate Assistant → Create a Certificate from the menubar.
  • For Name, enter mac-dev-env.
  • For Identity Type, leave Self-Signed Root.
  • For Certificate Type, select Code Signing.
  • Leave Let me override defaults unchecked.
  • Create the certificate and follow through until the window is closed.
  • Next, select the certificate in the login keychain and press ⌘-I.
  • Expand the Trust section.
  • Select Always Trust for Code Signing, close and save.

Finally, sign the code with your new certifcate:

codesign -f -s mac-dev-env /path/to/app

To verify that the code signing worked, run this command again:

codesign -v /path/to/app

If nothing appears, then everything is working as expected. That should be it. You will have to select Allow or Deny incoming network connections one last time but your selection should be permanent thereafter.

DISCLAIMER: This is a personal site. Commercial solicitations will be ignored. Please don’t waste your time (and mine). Thank you.