Legend

ZXPSignCmd sign process is broken (segmentation fault)

Forum|Forum|10 months ago
April 18, 2025
36 replies
4480 views

Looks like the ZXP sign process is broken both on macOS and Windows.

macOS: Signing process ends with: [1] 21894 segmentation fault ./ZXPSignCmd -sign mypassword -tsa
Window: just fails with no error

Command that fails: ./ZXPSignCmd -sign "/Users/admin/Desktop/extension/dist/cep" "/Users/admin/Desktop/extension/dist/zxp/com.my.extension.cep.zxp" "/Users/admin/Desktop/extension/lib/.tmp/com.my.extension.cep-cert.p12" mypassword -tsa http://timestamp.digicert.com/
None of the environments nor macOS nor Windows has changed. It just worked yesterday and today it's not.
ZXPSignCmd has proper executable rights
Tried changing timestamp servers
Tried using different network connection
Verified with different repos/tools
Tested on ARM/x64 macOS, ARM/x64 Windows. All fail to sign
Confirmed the same behavior by many devs

Performance or Stability

erinferinferinf

Adobe Employee

Are you able to provide instructions on how exactly you would self-sign? We code-sign/sign/notorise our Mac and Windows app, but I have no idea how that works in relation to CEP plugin signing? Happy to try if you can provide more instructions?

So, CEP "plugins" are not compiled, so they don't need to be notorised like an app, or code-signed in the Windows equivalent workflow.

In order to turn a CEP directory into a ZXP file for installation, there's a lightweight timestamping process.

The signing instructions are in this guide. We've tested self-signing extensively, I'm more interested in signing with a paid certificate. At least one person on github claims this is now possible again.

C

Chris Hocking

Inspiring

Are you able to provide instructions on how exactly you would self-sign? We code-sign/sign/notorise our Mac and Windows app, but I have no idea how that works in relation to CEP plugin signing? Happy to try if you can provide more instructions?

erinferinferinf

Adobe Employee

If anyone on this thread happens to have a paid certificate (and not just self-sign) I'm curious to see if the fix will get certificates working again properly, too.

JohnColombo17100380

Community Manager

Hi all,

As noted by others, the fix for this issue has been released in a new version of ZXPSignCmd for all platforms: https://github.com/Adobe-CEP/CEP-Resources/tree/master/ZXPSignCMD/4.1.3.

Thanks again for all the details you've reported, as they were critical to our understanding of the issue and getting a fix delivered quickly.

Cheers,

- John, After Effects Engineering Team

Justin Taylor-Hyper Brew

Community Expert

Awesome! Bolt CEP has been updated with both of the new ZXPSignCmd builds for Win and Mac so both can use the DigiCert TSA.

Alex WhiteAuthor

Legend

Adobe released a new update of ZXPSignCMD, both for macOS and Windows, which is available here:

https://github.com/Adobe-CEP/CEP-Resources/tree/master/ZXPSignCMD/4.1.3

I think the issue is completely solved now. 🙂

C

CHL1

Participant

We recently encountered this issue in our Windows ZXP build pipeline, which signs the ZXP with the tool. The symptom is a crash of the tool and Windows error code -1073741819.

We use the TSA http://timestamp.digicert.com. Removing the TSA from the command line call resolves the issue, indicating the problem lies in the code dealing with TSA.

While the issue is resolved with the 4.1.3 build, it is recommended that the tool be enhanced with more diagnostic capabilities and provides verbose logging. Additionally, the tool (exe) file should include regular file metadata indicating the build number.

Finally, many thanks to the Adobe team for providing a swift fix. Great job indeed.