--exclude skips signing a nested bundle ``` $ rcodesign debug-create-macho MyApp.app/Contents/MacOS/MyApp assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/MacOS/MyApp $ rcodesign debug-create-info-plist --bundle-name MyApp MyApp.app/Contents/Info.plist writing MyApp.app/Contents/Info.plist $ rcodesign debug-create-macho --file-type dylib MyApp.app/Contents/Frameworks/MyFramework.framework/Versions/A/MyFramework assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/Frameworks/MyFramework.framework/Versions/A/MyFramework $ rcodesign debug-create-info-plist --bundle-name MyFramework MyApp.app/Contents/Frameworks/MyFramework.framework/Versions/A/Resources/Info.plist writing MyApp.app/Contents/Frameworks/MyFramework.framework/Versions/A/Resources/Info.plist $ ln -s A MyApp.app/Contents/Frameworks/MyFramework.framework/Versions/Current $ ln -s Versions/Current/Resources MyApp.app/Contents/Frameworks/MyFramework.framework/Resources $ rcodesign sign --exclude 'Contents/Frameworks/MyFramework.framework' MyApp.app MyApp.app.NoMyFramework signing MyApp.app to MyApp.app.NoMyFramework signing bundle at MyApp.app signing 2 nested bundles in the following order: Contents/Frameworks/MyFramework.framework/Versions/A Contents/Frameworks/MyFramework.framework entering nested bundle Contents/Frameworks/MyFramework.framework/Versions/A signing bundle at MyApp.app/Contents/Frameworks/MyFramework.framework/Versions/A into MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Versions/A signing main executable MyFramework leaving nested bundle Contents/Frameworks/MyFramework.framework/Versions/A entering nested bundle Contents/Frameworks/MyFramework.framework bundle is in exclusion list; it will be copied instead of signed leaving nested bundle Contents/Frameworks/MyFramework.framework signing bundle at MyApp.app into MyApp.app.NoMyFramework could not find main executable of presumed nested bundle: Contents/Frameworks/MyFramework.framework signing main executable Contents/MacOS/MyApp $ rcodesign debug-file-tree MyApp.app.NoMyFramework d MyApp.app.NoMyFramework/ d MyApp.app.NoMyFramework/Contents d MyApp.app.NoMyFramework/Contents/Frameworks d MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework l MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Resources -> Versions/Current/Resources d MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Versions d MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Versions/A f 6249a5455b5d60d322dc MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Versions/A/MyFramework d MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Versions/A/Resources f 53c337af0bf7c0762126 MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Versions/A/Resources/Info.plist d MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Versions/A/_CodeSignature f 6d524dfa68ea926bcc0e MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Versions/A/_CodeSignature/CodeResources l MyApp.app.NoMyFramework/Contents/Frameworks/MyFramework.framework/Versions/Current -> A f 0a5902dc8e47f490d038 MyApp.app.NoMyFramework/Contents/Info.plist d MyApp.app.NoMyFramework/Contents/MacOS f 5320635ab22c67638660 MyApp.app.NoMyFramework/Contents/MacOS/MyApp d MyApp.app.NoMyFramework/Contents/_CodeSignature f 6686de10a28a2fe11b36 MyApp.app.NoMyFramework/Contents/_CodeSignature/CodeResources $ rcodesign sign --exclude 'Contents/Frameworks/MyFramework.framework/**' MyApp.app MyApp.app.NoMyFrameworkDoubleWild signing MyApp.app to MyApp.app.NoMyFrameworkDoubleWild signing bundle at MyApp.app signing 2 nested bundles in the following order: Contents/Frameworks/MyFramework.framework/Versions/A Contents/Frameworks/MyFramework.framework entering nested bundle Contents/Frameworks/MyFramework.framework/Versions/A bundle is in exclusion list; it will be copied instead of signed leaving nested bundle Contents/Frameworks/MyFramework.framework/Versions/A entering nested bundle Contents/Frameworks/MyFramework.framework signing bundle at MyApp.app/Contents/Frameworks/MyFramework.framework into MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks/MyFramework.framework leaving nested bundle Contents/Frameworks/MyFramework.framework signing bundle at MyApp.app into MyApp.app.NoMyFrameworkDoubleWild could not find main executable of presumed nested bundle: Contents/Frameworks/MyFramework.framework signing main executable Contents/MacOS/MyApp $ rcodesign debug-file-tree MyApp.app.NoMyFrameworkDoubleWild d MyApp.app.NoMyFrameworkDoubleWild/ d MyApp.app.NoMyFrameworkDoubleWild/Contents d MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks d MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks/MyFramework.framework l MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks/MyFramework.framework/Resources -> Versions/Current/Resources d MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks/MyFramework.framework/Versions d MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/A f 8d89209153a67993e6ee MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/A/MyFramework d MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/A/Resources f 53c337af0bf7c0762126 MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/A/Resources/Info.plist l MyApp.app.NoMyFrameworkDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/Current -> A f 0a5902dc8e47f490d038 MyApp.app.NoMyFrameworkDoubleWild/Contents/Info.plist d MyApp.app.NoMyFrameworkDoubleWild/Contents/MacOS f 5320635ab22c67638660 MyApp.app.NoMyFrameworkDoubleWild/Contents/MacOS/MyApp d MyApp.app.NoMyFrameworkDoubleWild/Contents/_CodeSignature f 6686de10a28a2fe11b36 MyApp.app.NoMyFrameworkDoubleWild/Contents/_CodeSignature/CodeResources $ rcodesign sign --exclude 'Contents/Frameworks/**' MyApp.app MyApp.app.NoFrameworksDoubleWild signing MyApp.app to MyApp.app.NoFrameworksDoubleWild signing bundle at MyApp.app signing 2 nested bundles in the following order: Contents/Frameworks/MyFramework.framework/Versions/A Contents/Frameworks/MyFramework.framework entering nested bundle Contents/Frameworks/MyFramework.framework/Versions/A bundle is in exclusion list; it will be copied instead of signed leaving nested bundle Contents/Frameworks/MyFramework.framework/Versions/A entering nested bundle Contents/Frameworks/MyFramework.framework bundle is in exclusion list; it will be copied instead of signed leaving nested bundle Contents/Frameworks/MyFramework.framework signing bundle at MyApp.app into MyApp.app.NoFrameworksDoubleWild could not find main executable of presumed nested bundle: Contents/Frameworks/MyFramework.framework signing main executable Contents/MacOS/MyApp $ rcodesign debug-file-tree MyApp.app.NoFrameworksDoubleWild d MyApp.app.NoFrameworksDoubleWild/ d MyApp.app.NoFrameworksDoubleWild/Contents d MyApp.app.NoFrameworksDoubleWild/Contents/Frameworks d MyApp.app.NoFrameworksDoubleWild/Contents/Frameworks/MyFramework.framework l MyApp.app.NoFrameworksDoubleWild/Contents/Frameworks/MyFramework.framework/Resources -> Versions/Current/Resources d MyApp.app.NoFrameworksDoubleWild/Contents/Frameworks/MyFramework.framework/Versions d MyApp.app.NoFrameworksDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/A f 8d89209153a67993e6ee MyApp.app.NoFrameworksDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/A/MyFramework d MyApp.app.NoFrameworksDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/A/Resources f 53c337af0bf7c0762126 MyApp.app.NoFrameworksDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/A/Resources/Info.plist l MyApp.app.NoFrameworksDoubleWild/Contents/Frameworks/MyFramework.framework/Versions/Current -> A f 0a5902dc8e47f490d038 MyApp.app.NoFrameworksDoubleWild/Contents/Info.plist d MyApp.app.NoFrameworksDoubleWild/Contents/MacOS f 5320635ab22c67638660 MyApp.app.NoFrameworksDoubleWild/Contents/MacOS/MyApp d MyApp.app.NoFrameworksDoubleWild/Contents/_CodeSignature f 6686de10a28a2fe11b36 MyApp.app.NoFrameworksDoubleWild/Contents/_CodeSignature/CodeResources $ rm -rf MyApp.app ``` Validate exclusion of Mach-O binaries ``` $ rcodesign debug-create-macho MyApp.app/Contents/MacOS/MyApp assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/MacOS/MyApp $ rcodesign debug-create-macho MyApp.app/Contents/MacOS/macos-bin assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/MacOS/macos-bin $ rcodesign debug-create-macho MyApp.app/Contents/Resources/resource-bin assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/Resources/resource-bin $ rcodesign debug-create-info-plist --bundle-name MyApp MyApp.app/Contents/Info.plist writing MyApp.app/Contents/Info.plist $ rcodesign sign --exclude Contents/MacOS/macos-bin MyApp.app MyApp.app.NoMacOSBin ? 1 signing MyApp.app to MyApp.app.NoMacOSBin signing bundle at MyApp.app signing bundle at MyApp.app into MyApp.app.NoMacOSBin skipping signing of nested Mach-O binary because excluded by settings: Contents/MacOS/macos-bin (an error will occur if this binary is not already signed) (if you see an error, sign that Mach-O explicitly or remove it from the exclusion settings) Error: binary does not have code signature data $ rcodesign sign MyApp.app/Contents/MacOS/macos-bin signing MyApp.app/Contents/MacOS/macos-bin in place signing MyApp.app/Contents/MacOS/macos-bin as a Mach-O binary setting binary identifier to macos-bin parsing Mach-O writing Mach-O to MyApp.app/Contents/MacOS/macos-bin $ rcodesign sign --exclude Contents/MacOS/macos-bin MyApp.app MyApp.app.NoMacOSBin signing MyApp.app to MyApp.app.NoMacOSBin signing bundle at MyApp.app signing bundle at MyApp.app into MyApp.app.NoMacOSBin skipping signing of nested Mach-O binary because excluded by settings: Contents/MacOS/macos-bin (an error will occur if this binary is not already signed) (if you see an error, sign that Mach-O explicitly or remove it from the exclusion settings) signing Mach-O file Contents/Resources/resource-bin signing main executable Contents/MacOS/MyApp $ rcodesign debug-file-tree MyApp.app.NoMacOSBin d MyApp.app.NoMacOSBin/ d MyApp.app.NoMacOSBin/Contents f 0a5902dc8e47f490d038 MyApp.app.NoMacOSBin/Contents/Info.plist d MyApp.app.NoMacOSBin/Contents/MacOS f 83e61e1e1c3407ff46d1 MyApp.app.NoMacOSBin/Contents/MacOS/MyApp f 90dd49841af359158311 MyApp.app.NoMacOSBin/Contents/MacOS/macos-bin d MyApp.app.NoMacOSBin/Contents/Resources f 30b6fef6ae310318e47f MyApp.app.NoMacOSBin/Contents/Resources/resource-bin d MyApp.app.NoMacOSBin/Contents/_CodeSignature f 0acb1d044d421846ebc7 MyApp.app.NoMacOSBin/Contents/_CodeSignature/CodeResources $ rcodesign sign --exclude Contents/Resources/resource-bin MyApp.app MyApp.app.NoResourcesBin signing MyApp.app to MyApp.app.NoResourcesBin signing bundle at MyApp.app signing bundle at MyApp.app into MyApp.app.NoResourcesBin signing Mach-O file Contents/MacOS/macos-bin signing main executable Contents/MacOS/MyApp $ rcodesign debug-file-tree MyApp.app.NoResourcesBin d MyApp.app.NoResourcesBin/ d MyApp.app.NoResourcesBin/Contents f 0a5902dc8e47f490d038 MyApp.app.NoResourcesBin/Contents/Info.plist d MyApp.app.NoResourcesBin/Contents/MacOS f 322195d604cd3061f59d MyApp.app.NoResourcesBin/Contents/MacOS/MyApp f 90dd49841af359158311 MyApp.app.NoResourcesBin/Contents/MacOS/macos-bin d MyApp.app.NoResourcesBin/Contents/Resources f 4cfaf70bc9fb6827fcf7 MyApp.app.NoResourcesBin/Contents/Resources/resource-bin d MyApp.app.NoResourcesBin/Contents/_CodeSignature f a1c3ba13551ece11eda7 MyApp.app.NoResourcesBin/Contents/_CodeSignature/CodeResources $ rm -rf MyApp.app ``` Exclude a Mach-O in a nested bundle ``` $ rcodesign debug-create-macho MyApp.app/Contents/MacOS/MyApp assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/MacOS/MyApp $ rcodesign debug-create-info-plist --bundle-name MyApp MyApp.app/Contents/Info.plist writing MyApp.app/Contents/Info.plist $ rcodesign debug-create-macho MyApp.app/Contents/MacOS/Extra.app/Contents/MacOS/Extra assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/MacOS/Extra.app/Contents/MacOS/Extra $ rcodesign debug-create-macho MyApp.app/Contents/MacOS/Extra.app/Contents/MacOS/extra-bin assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/MacOS/Extra.app/Contents/MacOS/extra-bin $ rcodesign sign MyApp.app/Contents/MacOS/Extra.app/Contents/MacOS/extra-bin signing MyApp.app/Contents/MacOS/Extra.app/Contents/MacOS/extra-bin in place signing MyApp.app/Contents/MacOS/Extra.app/Contents/MacOS/extra-bin as a Mach-O binary setting binary identifier to extra-bin parsing Mach-O writing Mach-O to MyApp.app/Contents/MacOS/Extra.app/Contents/MacOS/extra-bin $ rcodesign debug-create-macho MyApp.app/Contents/MacOS/Extra.app/Contents/Resources/resource-bin assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/MacOS/Extra.app/Contents/Resources/resource-bin $ rcodesign debug-create-info-plist --bundle-name Extra MyApp.app/Contents/MacOS/Extra.app/Contents/Info.plist writing MyApp.app/Contents/MacOS/Extra.app/Contents/Info.plist $ rcodesign sign --exclude Contents/MacOS/Extra.app/Contents/MacOS/extra-bin --exclude Contents/MacOS/Extra.app/Contents/Resources/resource-bin MyApp.app MyApp.app.NoExtraBin signing MyApp.app to MyApp.app.NoExtraBin signing bundle at MyApp.app signing 1 nested bundles in the following order: Contents/MacOS/Extra.app entering nested bundle Contents/MacOS/Extra.app signing bundle at MyApp.app/Contents/MacOS/Extra.app into MyApp.app.NoExtraBin/Contents/MacOS/Extra.app skipping signing of nested Mach-O binary because excluded by settings: Contents/MacOS/extra-bin (an error will occur if this binary is not already signed) (if you see an error, sign that Mach-O explicitly or remove it from the exclusion settings) signing main executable Contents/MacOS/Extra leaving nested bundle Contents/MacOS/Extra.app signing bundle at MyApp.app into MyApp.app.NoExtraBin signing main executable Contents/MacOS/MyApp $ rcodesign debug-file-tree MyApp.app.NoExtraBin d MyApp.app.NoExtraBin/ d MyApp.app.NoExtraBin/Contents f 0a5902dc8e47f490d038 MyApp.app.NoExtraBin/Contents/Info.plist d MyApp.app.NoExtraBin/Contents/MacOS d MyApp.app.NoExtraBin/Contents/MacOS/Extra.app d MyApp.app.NoExtraBin/Contents/MacOS/Extra.app/Contents f 63154cc4f75820c926eb MyApp.app.NoExtraBin/Contents/MacOS/Extra.app/Contents/Info.plist d MyApp.app.NoExtraBin/Contents/MacOS/Extra.app/Contents/MacOS f 0c02af539846df8f4e94 MyApp.app.NoExtraBin/Contents/MacOS/Extra.app/Contents/MacOS/Extra f c83cc7362ebbacb94ac0 MyApp.app.NoExtraBin/Contents/MacOS/Extra.app/Contents/MacOS/extra-bin d MyApp.app.NoExtraBin/Contents/MacOS/Extra.app/Contents/Resources f 4cfaf70bc9fb6827fcf7 MyApp.app.NoExtraBin/Contents/MacOS/Extra.app/Contents/Resources/resource-bin d MyApp.app.NoExtraBin/Contents/MacOS/Extra.app/Contents/_CodeSignature f 596d62f4669d89f6bc8e MyApp.app.NoExtraBin/Contents/MacOS/Extra.app/Contents/_CodeSignature/CodeResources f 1efc495c2cb290e5b2d3 MyApp.app.NoExtraBin/Contents/MacOS/MyApp d MyApp.app.NoExtraBin/Contents/_CodeSignature f c9a63c1dbccfd48e50b5 MyApp.app.NoExtraBin/Contents/_CodeSignature/CodeResources $ rm -rf MyApp.app ```