yes here is the command line we use to sign with external keychain argument is --keychain /usr/bin/codesign --timestamp --entitlements ./scripts/entitlements.plist --force* --keychain /path/to/Keychain* --sign 'Developer ID Application:' build/ar/libEpCommonPyWrapper.dylib
Are you going to add the option to specify keychain in pyinstaller? Thank you I'd would greatly appreciate it! it would be good if you follow Xcode signing flags approach. They do have the mandatory arguments like certificate name and additional specifiers which are grouped under the single argument. /Applications/Xcode.app/Contents/Developer/usr/bin/xcodebuild -project ./path/to/projectxcodeproj -scheme SCHEME_NAME -destination "generic/platform=macOS,name=Any Mac" -configuration Release "CODE_SIGN_IDENTITY=Developer ID Application: " "*OTHER_CODE_SIGN_FLAGS=--keychain \"/PATH/TO/Keychain" --timestamp"* CONFIGURATION_BUILD_DIR=./macosx/release.dynamic.64 As you can see there are 2 options in OTHER_CODE_SIGN_FLAGS ---keychain and --timestamp We also sometimes use --force and other flags and this approach give the felixibility specifying different flags for different builds. It can cover Windows signing options and less coding for devs. On Tuesday, December 16, 2025 at 5:16:53 PM UTC-8 bwoodsend wrote: > Do you know what flags codesign needs to sign with an external keychain? -- You received this message because you are subscribed to the Google Groups "PyInstaller" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/pyinstaller/5389220a-3e09-417e-8eba-b42d966fb794n%40googlegroups.com.
