codesign

Hey, Just recently I realized something I have been overlooking in my build pipelines. I thought that by adding the the hardened runtime, I disable 3rd-party library injection (I do not have the disable-library-validation entitlement added). However, I was using some checks on my code and I noticed that the library validation code signature check fails on my applications (e.g. adding the .libraryValidation requirement via the LightweightCodeRequirements framework) - with codesign -dvvvv /path/to/app I can check it doesn't have the CS_REQUIRE_LV flag: [...] CodeDirectory v=20500 size=937 flags=0x10000(runtime) hashes=18+7 location=embedded [...] then I used in Xcode the Other Code Signing Flags setting and added the -o library option, which added the flag: [...] CodeDirectory v=20500 size=937 flags=0x12000(library-validation,runtime) hashes=18+7 location=embedded [...] Is this flag something I should be explicitly setting? Because I was under the impression enabling hardened runtime would be enough. P

I tried building a macOS app with Electron, but I ran into problems during notarization. I used notarytool to upload my DMG and got status: Invalid. xcrun notarytool log output { logFormatVersion: 1, jobId: 680bf475-a5f4-4675-9083-aa755d492b18, status: Invalid, statusSummary: Archive contains critical validation errors, statusCode: 4000, archiveFilename: BODYPARK-v3.6.0-mac.app.zip, uploadDate: 2025-09-25T02:50:41.523Z, sha256: e61074b9bba6d03696f2d8b0b13870daafc283960e61ab5002d688e4e82ef6f6, ticketContents: null, issues: [ { severity: error, code: null, path: BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag, message: The signature of the binary is invalid., docUrl: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735, architecture: x86_64 }, { severity: error, code: null, path: BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMa

Does anyone know how to fix their launch agents list to remove suspicious applications. I found out there is a codesigning tool allowing suspicious applications to snatch Apple's certificates and codesign their own binaries with them. How do I know, I've literally done it test the restrictions / requirements. Once a binary or application has been signed, it can run anywhere and the system will trust it. I found a process called com.apple.seserviced in the file path /usr/libexec/seserviced. I checked the entitlments and this straight up looks like a commercial sized entrance for this binaries to trample on my computer and iPhone. I'm thinking about putting the code in jail or a lock on the file until I can figure out it's purpose. codesign -d --entitlements :- /usr/libexec/seserviced

We have an application that sets a code signing requirement on a XPC connection between a File Provider extension and the main application. Only with a specific Developer ID certificate that designated requirement is not accepted and the application crashes with EXC_CRASH (SIGABRT) and the stacktrace Thread 1 Crashed:: Dispatch queue: com.apple.root.default-qos 0 libsystem_kernel.dylib 0x19b556388 __pthread_kill + 8 1 libsystem_pthread.dylib 0x19b58f88c pthread_kill + 296 2 libsystem_c.dylib 0x19b498a3c abort + 124 3 libc++abi.dylib 0x19b545384 abort_message + 132 4 libc++abi.dylib 0x19b533cf4 demangling_terminate_handler() + 344 5 libobjc.A.dylib 0x19b1b8dd4 _objc_terminate() + 156 6 libc++abi.dylib 0x19b544698 std::__terminate(void (*)()) + 16 7 libc++abi.dylib 0x19b547c30 __cxxabiv1::failed_throw(__cxxabiv1::__cxa_exception*) + 88 8 libc++abi.dylib 0x19b547bd8 __cxa_throw + 92 9 libobjc.A.dylib 0x19b1aecf8 objc_exception_throw + 448 10 Foundation 0x19d5c3840 -[NSXPCConnection setCodeSigningRequirement:] +

Hardware & OS: MacBook Pro 15,4 (mid-2019) macOS 15.7 (24G222) Apple Hardware Diagnostics: Passed (ADP000) Xcode crashes on every launch attempt with identical CoreSimDeviceIO framework failures. This started after an automatic Xcode update and affects multiple Xcode versions. Versions tested (all crash identically): Xcode 16.0 (26.0/24228) Xcode 16.4 (23792) *Unable to download Xcode 15.4 due to my ios Crash signature: Exception Type: EXC_BAD_ACCESS (SIGKILL Code Signature Invalid) Crashed Thread: 0 (main thread) Crashing Framework: CoreSimDeviceIO.framework Termination Reason: CODESIGNING, Code 2 Invalid Page Troubleshooting completed: Multiple fresh Xcode downloads from Apple Developer portal Security database rebuild and SystemPolicy reset Complete macOS clean reinstall Developer tools reset (xcode-select) NVRAM reset Hardware diagnostics (passed) Additional problem: macOS compatibility enforcement prevents installing Xcode 15.x as a workaround, showing update to latest version errors even fo

Hi, hoping someone can help here. I recently updated my Mac to macOS 15 (Tahoe) and am using Xcode 15+ (possibly 16). I’m working on a Flutter app and testing on a real iPhone device. Here's the situation: I’m using the free Apple Developer account. My signing certificate and provisioning profile both show as valid and active in Keychain and says signing... in Xcode. When I build and run the app from Xcode, it works completely fine on a simulator. But when I try to run the same project from VS Code using flutter run, whether on an simulator phone or my personal iphone, I get a code signing error, specifically: Failed to codesign Flutter.framework with identity... I believe the app is set to use the correct Team ID because it says my name and (team) (my team ID isBDKUKWVRBY), and I can see my certificate in Keychain under My Certificates. What I’ve already tried: flutter clean pod install / pod update Manually selecting my team in Xcode Signing settings Restarting my machine and VS Code Confirming the