The ProblemYour app is finally ready. You trigger the build, expecting a success message, but the codesign utility stops cold with a bizarre error: resource fork, Finder information, or similar detritus not allowed. This usually happens during the 'Sign to Run Locally' phase or while archiving for distribution.
Whether you're using Xcode, terminal-based signing, or frameworks like Electron and Flutter, this error hits when your project files contain hidden metadata. In short, macOS refuses to sign 'dirty' files that contain extra information outside the primary data fork.
The Root Cause: Extended Attributes (xattrs)Since macOS 10.12 Sierra, the code signing process has become extremely strict. It relies on Extended Attributes (xattrs)—metadata blocks that store info about a file without altering its contents. Common culprits include:
- com.apple.quarantine: A flag added to files downloaded via browsers, Slack, or Discord.- com.apple.FinderInfo: A 32-byte block storing Finder-specific data, like custom icons or color tags.- Resource Forks: Legacy data structures often found in older image formats or files edited in Photoshop.Codesign requires a perfectly predictable file hash. Because these attributes can be modified without changing the main file data, macOS views them as a security risk. If even one
.pngor.plisthas a hidden attribute, the entire signature fails.
Identifying the culpritTo see exactly which files are blocking your build, run this command in your project directory:
ls -al@ ./path/to/assets
Look for lines starting with com.apple... directly beneath your filenames. Those are the 'detritus' causing the failure.
The Fix: Stripping the MetadataThe solution is to recursively wipe these attributes from your project. Here are three ways to handle it.
Method 1: The Recursive Wipe (Best for immediate fixes)This is the most direct solution. Open your terminal and use the xattr tool with the -c (clear) and -r (recursive) flags on your source folder or the final .app bundle.
# Run this on your project source or the .app bundle specifically
xattr -cr /path/to/your/project
Method 2: Target the Resources FolderAsset folders are magnets for Finder metadata. If you frequently edit images in external apps, focus your cleanup there to minimize impact on other files.
xattr -cr ./Resources
Method 3: Automate via Xcode Build PhaseStop the error from returning by adding a cleanup script to your build process. This is particularly helpful for teams where developers might commit files with different metadata signatures.
- Open your project in Xcode and select your Target.- Navigate to Build Phases.- Click + and select New Run Script Phase.- Drag this phase so it runs before 'Copy Bundle Resources'.- Paste the following script:```
Cleans attributes from the build products to ensure codesign passes
find "${TARGET_BUILD_DIR}/${PRODUCT_NAME}.app" -type f -print0 | xargs -0 xattr -c
## Verifying the ResultsAfter cleaning, verify that the bundle is now valid for signing:
codesign --verify --verbose /path/to/your.app
A successful check returns no output or a simple 'valid on disk' message. If you see 'bundle format is ambiguous,' double-check that you haven't accidentally deleted a system directory; `xattr -c` only affects metadata, so your code remains untouched.
## How to Prevent Metadata Bloat- **Clean Your Images:** Use CLI tools like `optipng` or 'Save for Web' in Photoshop. This strips unnecessary 32-byte metadata blocks before they enter your repo.- **Git Hygiene:** Ensure `.DS_Store` files are in your `.gitignore`. These are the primary source of Finder detritus.- **Terminal Downloads:** If you use `curl` or `wget` to fetch assets, they usually won't receive the `com.apple.quarantine` flag, unlike files downloaded through a browser.