codesign

This is a continuation of my own old post that became inactive to regain traction. I am trying to resolve issues that arise when distributing a macOS app with a SysExt Network Extension (Packet Tunnel) outside the App Store using a Developer ID Certificate. To directly distribute the app, I start with exporting the .app via Archive in Xcode. After that, I create a new Developer ID provisioning profile for both the app and sysext and replace the embedded ones in the .app package. After I have replaced the provisioning profiles and the have the entitlements files ready, I start signing the frameworks, sysext and parent app. codesign --force --options runtime --timestamp --sign Developer ID Application: .app/Contents/Library/SystemExtensions/.systemextension/Contents/Frameworks/.framework/Versions/A/ codesign --force --options runtime --timestamp --sign Developer ID Application: .app/Contents/Frameworks/.framework/ codesign --force --options runtime --entitlements dist-vpn.entitlement

我没有勾选entitlements 中的” com.apple.security.network.server“和” com.apple.security.device.usb“，但是确实在打包时又自动出现在包里，我现在无法解决这个问题，我需要帮助，谢谢 我的.entitlements 文件如下： 排查命令： codesign -d --entitlements :- ./Device Guard.app Executable=/Users/zhanghai/Library/Developer/Xcode/DerivedData/MacGuardApp-fvfnspyxcojxojdfclyohrnupgsh/Build/Products/Debug/Device Guard.app/Contents/MacOS/Device Guard warning: Specifying ':' in the path is deprecated and will not work in a future release

Is it possible to directly distribute a macOS app with a Developer ID Certificate that belongs to a different team? I am trying to resolve issues that arise when distributing a macOS app with a Network Extension (Packet Tunnel) outside the App Store using a Developer ID Certificate from a different team than the app’s provisioning profiles and entitlements. I started by attempting Direct Distribution in Xcode with automatic signing. However, it fails with the following message: Provisioning profile Mac Team Direct Provisioning Profile: ” failed qualification checks: Profile doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. I suspect the issue is that the provisioning profile allows packet-tunnel-provider-systemextension, whereas the entitlements generated by Xcode contain packet-tunnel-provider. When I manually modify the .entitlements file to include the -systemextension suffix, the project fails to build because Xcode does not recognize the modi

I’m hitting a WeatherKit JWT failure (WDSJWTAuthenticatorServiceListener Code = 2) at runtime even though the entitlement is present in both the signed binary and the embedded provisioning profile. Environment Team ID 5SZLQLQ9MD Bundle ID ParkProfessor.ParkProfessorDisneyland Device / OS iPhone 15 Pro · iOS 17.4.1 (hardware, not simulator) Xcode 15.3 (15E204a) Console output Failed to generate jwt token for: com.apple.weatherkit.authservice Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 (null) Entitlement & profile snippets codesign -d --entitlements :- WeatherKitTest.app | grep -A2 weatherkit com.apple.developer.weatherkit security cms -D -i embedded.mobileprovision | grep -A2 weatherkit com.apple.developer.weatherkit What I’ve already tried Regenerated a new development certificate and a new iOS App Development provisioning profile with WeatherKit enabled. Confirmed the capability is selected in Certificates ▸ Identifiers ▸ Profiles and added in Xcode target setting

Hello Apple Support Team, We are developing a macOS application that allows users to import and view PST files (Microsoft Outlook archives). These files contain a complex, proprietary format that requires specialized parsing libraries. To achieve this, we are using Aspose Email for Java, which is currently one of the few reliable libraries that support complete PST parsing across platforms. Why we are using Java & Aspose The Aspose Email Java library provides a comprehensive API to extract mail data (including metadata, attachments, and folder structure) from .pst files. A native Swift or Objective-C alternative with full .pst parsing capability does not exist, which is why we opted for a Java-based helper module that runs in the background and communicates with the macOS app over a Unix domain socket. How we bundle it We package the AsposeEmail.jar and a custom JRE (Java Runtime Environment) created using jlink, tailored to run only our jar. This entire setup (JAR + JRE) is bundled within the Contents/Re

All of my apps stopped working with WeatherKit this morning. They all return an Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 error. I am certain that the WeatherKit capability added (in project) and enabled as a Capability & App Service (on developer portal for the identifier). All other iCloud features of my apps are working as expected. I have also done all the normal troubleshooting using codesign / security cms, etc. to verify entitlements. I created the following simple project to verify the integration. import WeatherKit import CoreLocation struct ContentView: View { @State private var temp: Measurement? = nil var body: some View { VStack { if let t = temp { Text((t.value.rounded())°(t.unit.symbol)) } else { Text(Fetching…) .task { let service = WeatherService() do { let location = CLLocation(latitude: 50.318668, longitude: -114.917710) let weather = try await service.weather(for: location, including: .current) temp = weather.temperature } catch { print(Error:

Hello, I have created multiple Developer ID Application and Developer ID Installer certificates across different Apple OS versions without keeping the Certificate Signing Requests (CSR). As I’m not very experienced with Apple’s system, I made this mistake and now I am unable to create new certificates because I have reached the maximum number of certificates allowed. I develop software based on Electron and have been building and signing my applications with electron-builder, integrating the app signing needed to submit the app to the Apple Store via Transporter. Here is the relevant portion of my package.json build config: mac: { appId: com.nome_app.ext, type: distribution, target: [ mas ], artifactName: name_app.${ext}, category: public.app-category.utilities, provisioningProfile: build/prov_prof_mac_name_app.provisionprofile }, mas: { appId: com.name_app.ravia, hardenedRuntime: false, type: distribution, gatekeeperAssess: true, artifactName: name_app.${ext}, category: public.app-category.utilities, entitle