“codesign”

I am having an issue with signing and provisioning a Vision OS app. I have an iOS app and a VisionOS app. Everything works fine on the iOS but having issues with the VisionOS. First, I am having issues with xcodebuild -exportArchive. When I run it on an archive of my VisionOS app I get ** EXPORT FAILED ** error: exportArchive No Accounts error: exportArchive No profiles for 'X' were found Where X is my bundle ID. Meanwhile the iOS app succeeds. This is on a CI machine but I confirmed the distribution provision profile for the vision OS app is installed on the machine. Even if I change the value of the -exportOptionsPlist to the one I used for the iOS project I get this error. Is the issue in the archive itself? The archives are generated from building in Unity and archiving the xcodeproject with xcodebuild archive Second, as a workaround I archived a debug ipa on my machine and uploaded this ipa to my CI machine which has the credentials to sign for distribution. I use this script as an example as how to resi

I spent 20 minutes trying to figure out why codesigning was failing -- I had the pf block set up correctly, my keychains were unlocked, and then, eventually, it occurred to me, hey, maybe an IP address changed, so I disabled IPv6 except for link local, and then amazingly, it went back to working. I filed FB13706261 over a year ago. This is ridiculous.

Note: This failure occurs even when running on the same machine that performed the build, signing, and notarization steps. We are developing a command-line Endpoint Security (ES) client for macOS, distributed to customers as part of an enterprise security suite. We have a valid Apple Developer Team ID (redacted for privacy) and have requested and received the Endpoint Security entitlement for our account. What We’ve Done Built a universal (x86_64/arm64) CLI ES client using Xcode on macOS Sonoma. Signed with a Developer ID Application certificate (matching our Team ID). Applied the entitlement: com.apple.developer.endpoint-security.client. Notarized the binary via notarytool after receiving Apple’s confirmation that the entitlement was “assigned to our account.” Distributed and unzipped the notarized ZIP (with com.apple.quarantine xattr intact). What Happens: When we run the binary (as root, via sudo) on any test Mac—including the original build/notarization machine—the process is killed immediately at launch.

We are building an installer application to install a dext. Building in Xcode, the installer app launches fine locally and installs the dext. We then try to sign it with the company Developer ID application certificate. However after doing so we cannot launch the application anymore as we get the following crash at launch: Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: CODESIGNING 1 Taskgated Invalid Signature Triggered by Thread: 0 Thread 0 Crashed: 0 dyld_path_missing 0x102e187c0 _dyld_start + 0 Thread 0 crashed with ARM Thread State (64-bit): x0: 0x0000000000000000 x1: 0x0000000000000000 x2: 0x0000000000000000 x3: 0x0000000000000000 x4: 0x0000000000000000 x5: 0x0000000000000000 x6: 0x0000000000000000 x7: 0x0000000000000000 x8: 0x0000000000000000 x9: 0x0000000000000000 x10: 0x0000000000000000 x11: 0x0000000000000000 x12: 0x0000000000000000 x13: 0x0000000000000000 x14: 0x0000000000000000 x15: 0x0000000000000000 x16: 0x0000000000000000 x17: 0x0000000000000000 x18: 0x00000

Hi, I am using Xcode 16.4, and my test device is Iphone 16 pro max. Everything was working fine until today when I get an error that I cannot install the app on the device. The error I get is: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.cRjyg7/extracted/[myapp].app : 0xe8008015 (A valid provisioning profile for this executable was not found.) Please ensure sure that your app is signed by a valid provisioning profile. Creating a new project and installing it to the mobile works fine. Please can someone from Apple or the community respond? there are many posts with this error but none were solved. Troubleshooting attempts included: Resetting all certificates. delete the app from the device unpairing device codesigning via cli reloading older git code commit Nothing is working. thanks

We're seeing a pretty big problem with 15.x hosts and using SSH to execute builds. Yet this works just fine in the terminal over VNC. We see similar limitations with SSH and Virtualization too. They look related, but don't know. Xcode 16.4 15.4.1 Host OS Mac Mini M1. Let me know what else is needed. + xcodebuild -workspace /Users/veertu/anka-arm/./Anka.xcworkspace . . . build build /Users/veertu/anka-arm/build/Build/Products/Release/libpolicy.dylib: errSecInternalComponent Command CodeSign failed with a nonzero exit code ** BUILD FAILED ** /Users/veertu/anka-arm/build/Build/Products/Release/libpolicy.dylib: errSecInternalComponent Command CodeSign failed with a nonzero exit code ** BUILD FAILED ** Watching the Console logs I see . . . codesign CSSM Exception: -2147415840 CSSMERR_CSP_NO_USER_INTERACTION codesign error while checking integrity, denying access: CSSM CSSMERR_CSP_NO_USER_INTERACTION error 14:53:57.404848-0500 codesign SecKeyCreateSignature failed: Error

I am building an application using .NET and Avalonia UI. The application is cross-platform. One of the tasks of the application is to coordinate data collection that is then routed into a Docker container for analysis. Everything works as expected in Windows. Everything works as expected in macOS on the development workstation and before packaging. After I package/codesign into a hardened runtime, I start seeing crashes at the moment when I try to execute the system calls to Docker. I am reasonably confident that this has something to do with an entitlement flag or some other permissions issue. I have been trying to sort this on my own for a while. I am only hoping someone can nudge me in the right direction. Thanks, Kevin

We recently had an external pentest for one of our company's macOS applications and they brought up the topic of library validation. Our app has hardened runtime enabled and passes notarization. The codesign verification output includes: flags=0x10000(runtime) The pentesters brought up that both validation and runtime should be present, so I discovered that you could also add library validation by augmenting our flags with: OTHER_CODE_SIGN_FLAGS = --timestamp -o library which changes the flags to: flags=0x12000(library-validation,runtime) The pentesters insist that both options are necessary, especially to avoid library injection when SIP is off, but Apple's docs say that hardened runtime already implies library validation (see here ) My question is: does explicitly specifying library validation provide something that hardened runtime does not already? Or is it correct that hardened runtime already imply library validation? For what it's worth, I did a quick scan of some of the apps on my system, int