Search results for

“codesign”

3,222 results found

Post

Replies

Boosts

Views

Activity

Gatekeeper and unsatisfied entitlements
We are developing a macOS application for distribution outside the Mac App Store. This application requires additional entitlements, including Keychain access groups, Network Extension, App Groups, and Sandbox. Both the app and the network extension import a custom framework. After creating the .app via Xcode, I ensured that a new Developer ID Application provisioning profile was generated. These profiles were then injected into the Contents folder of the .app and Plugins/.netappex as embedded.provisionprofile. Next, .entitlements files were created with the necessary -systemextension entitlement for the network extension and used for code signing. When inspecting the extracted entitlements from the .provisioningprofile as described in TN3125, everything appears correct. Code signing flow: codesign --force --options runtime --timestamp --sign Developer ID Application: <.app>/Contents/Frameworks/.framework/ codesign --force --options runtime --timestamp --sign Developer ID Application:
Topic: Code Signing SubTopic: Entitlements Tags:
2
0
273
Mar ’25
Code signing error.
There is something wrong with my keychain. Can someone point me in the right direction? codesign --force --sign Developer ID Application: Denis Putnam (2368694WQF) --options runtime /Users/denisputnam/git/expense_tracker/dist/ExpenseTracker.app /Users/denisputnam/git/expense_tracker/dist/ExpenseTracker.app: replacing existing signature Warning: unable to build chain to self-signed root for signer Developer ID Application: Denis Putnam (2368694WQF) /Users/denisputnam/git/expense_tracker/dist/ExpenseTracker.app: errSecInternalComponent Deniss-MacBook-Pro:expense_tracker denisputnam$ security find-certificate -c Developer ID Certification Authority -p /Library/Keychains/System.keychain | openssl x509 -noout -dates notBefore=Sep 22 18:55:10 2021 GMT notAfter=Sep 17 00:00:00 2031 GMT Deniss-MacBook-Pro:expense_tracker denisputnam$
Topic: Code Signing SubTopic: General Tags:
1
0
114
Mar ’25
Reply to SystemPolicyAllFiles code signing requirement
I’m not exactly an expert on MDM stuff, but my understanding is that the CodeRequirement property is a requirement. It doesn’t have to be the designated requirement of the code in question. Thus, you can create a profile with this property set to a custom requirement, one that’ll accept a development-signed app built by any of your team members. For more background on this, see TN3127 Inside Code Signing: Requirements. Consider this: % codesign -d -r - Test777163 Executable=/Users/quinn/Library/Developer/Xcode/DerivedData/Test777163-cihuekycmkocddfnmmrztacqdito/Build/Products/Debug/Test777163 designated => identifier Test777163 and anchor apple generic and certificate leaf[subject.CN] = Apple Development: Quinn Quinn (7XFU7D52S4) and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */ % cat custom.txt identifier Test777163 and anchor apple generic and certificate leaf[subject.OU] = SKMME9E2Y8 and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */ % codesign -v -vvv -R custo
Topic: Code Signing SubTopic: General Tags:
Mar ’25
Ad Hoc deployment - This app was not installed because its integrity could not be verified
Distribution Method: Custom -> Release Testing Errors: canceled by client MobileInstallation for reason Error Domain=IXUserPresentableErrorDomain Code=14 This app was not installed because its integrity could not be verified. installcoordinationd(MobileInstallation)[161] : {app-id}:5:11:1:1:Updating PlaceholderMetadata for {app-id} with failure 14 Steps done trying to resolve the problem: Creating new Provisioning Profile Confirmed registered Device UDID Manually Resigned the App using codesign Manually installed the mobileprovision certificate on the device Checked matching Apple Distribution Certificate Full Code-Signing Clean-Up There is also no Trust this xx under the settings -> VPN & Devices tab on the device, we also tested this on multiple devices and tried this aswell with a new blank app. Could there possibly be a core issue with our developer profile?
Topic: App Store Distribution & Marketing SubTopic: General
0
0
77
Mar ’25
Reply to DNS Proxy network extension doesn't start even after saving preferences successfully
System Extensions framework is meant to be called from a GUI application. Is that the case here? I see a lot of folks try to use the framework from a command-line tool (or daemon or whatever) that’s pretending to be a GUI app, and that often ends badly. I'm using a gui container app, it's just the default App macos template from xcode with the init for the App class changed to start the system extension. Check that you’re container app has a reasonable structure and that the sysex is embedded within that: Seems almost identical:  tree Applications/dns-proxy-tests.app Applications/dns-proxy-tests.app └── Contents ├── Info.plist ├── Library │ └── SystemExtensions │ └── com.myteam.dns-proxy-tests.ne.systemextension │ └── Contents │ ├── Info.plist │ ├── MacOS │ │ └── com.myteam.dns-proxy-tests.ne │ ├── _CodeSignature │ │ └── CodeResources │ └── embedded.provisionprofile ├── MacOS │ ├── __preview.dylib │ ├── dns-proxy-tests │ └── dns-proxy-tests.debug.dylib ├── PkgInfo ├── Resources ├── _CodeSignature │ └── CodeR
Topic: App & System Services SubTopic: Networking Tags:
Mar ’25
keychain and codesigning local dev
Trying to play around with Secure Enclave Protected keychain operations in a Tauri-based MacOS app and running into issues. After much digging and trial and error, here is my understanding and where I'm at: To access these keychain related APIs, the app must be codesigned, and have the following entitlements: com.apple.application-identifier XXXXXXXXXX.com.myorg.myapp com.apple.developer.team-identifier XXXXXXXXXX keychain-access-groups XXXXXXXXXX.* Currently using a Development cert, generated from Xcode, not a paid account I had to install the intermediate cert from https://www.apple.com/certificateauthority/ XXXXXXXXXX is the Team ID, which can be found on my Development cert under Details > Organizational Unit If I build the app and run it (without signing) I get code 34018 If I sign the app and try to run it, I am no longer able to boot it, with error: The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 Launch failed. UserInfo={NSLocali
Topic: Code Signing SubTopic: Entitlements Tags:
2
0
203
Mar ’25
SystemPolicyAllFiles code signing requirement
Hello. I have an enterprise application that requires specific privileges to execute correctly on MacOS. One of these privileges is SystemPolicyAllFiles (aka Full Disk Access), as we use the endpoint security framework. When we distribute our application, we generate: A signed, notarized pkg consisting of our application binaries. An MDM-compatible .mobileconfig, which contains the SystemPolicyAllFiles setting. We expect our users to install both to get the application to function correctly. However, we have three environments we deploy to: Internal (local development on a developer's workstation), development (where features are integrated prior to release) and production (what our customers get). For local, our developers create an Apple account and use a Mac Development certificate for signing. They also generate their own embedded.provisionprofile and drop that into their local installation config. For development/production, we use our Developer ID certificate and Developer Installer certificate, with an
Topic: Code Signing SubTopic: General Tags:
8
0
300
Mar ’25
Reply to DNS Proxy network extension doesn't start even after saving preferences successfully
Error 1 in the OSSystemExtensionErrorDomain is OSSystemExtensionErrorUnknown. That doesn’t sound good. [quote='829698022, conectado, /thread/776759?answerId=829698022#829698022, /profile/conectado'] after that I don't see any of the delegate being called [/quote] And that’s also not good. System Extensions framework is meant to be called from a GUI application. Is that the case here? I see a lot of folks try to use the framework from a command-line tool (or daemon or whatever) that’s pretending to be a GUI app, and that often ends badly. Check that you’re container app has a reasonable structure and that the sysex is embedded within that: QNE2DNSProxyMac.app/ Contents/ Info.plist Library/ SystemExtensions/ com.example.apple-samplecode.QNE2DNSProxyMac.SysEx.systemextension/ Contents/ Info.plist MacOS/ com.example.apple-samplecode.QNE2DNSProxyMac.SysEx _CodeSignature/ CodeResources embedded.provisionprofile MacOS/ QNE2DNSProxyMac … _CodeSignature/ CodeResources embedded.provisionprofile Check that the app is si
Topic: App & System Services SubTopic: Networking Tags:
Mar ’25
Apple Developer Certificate not recognized for codesigning
I’m building an Electron app for macOS that I plan to distribute to users in a .dmg outside the Mac App Store. I have a Developer ID Application certificate (from Apple’s Developer Portal) and a private key, and I can see “Developer ID Certification Authority” in my System Roots keychain. • My Developer ID Application certificate is in the login keychain, and it shows up under “My Certificates” with its private key. • On Keychain, certificate shows red message not trusted, but when I evaluate and check it specifically for codesigning it shows a green checkmark and success • Developer ID Certification Authority is in System Roots. • security find-identity -p codesigning – shows my certificate, but shows 0 valid identities • Updated operating system and deleted and recreated a new certificate, still get the same issue
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
2
0
188
Mar ’25
Reply to Local Network Privacy not Working as Documented
The devil is in the details here. First, this: [quote='776479021, baxterjo, /thread/776479, /profile/baxterjo'] from a VScode terminal and I am getting permissions prompts. [/quote] A VS Code terminal is not Terminal. The exception carved out for Terminal doesn’t apply to other terminal-ish apps. What’ll actually happen in the VS Code case is gonna depend on how it implemented its terminal environment. It’s possible that the system will see VS Code as the responsible code for your program and thus VS Code’s Local Network privilege will apply. However, it’s also possible for programs to do things that break that responsibility chain, in which case your program will look like a tool being run in a background context. What happens then is complex. Regardless, this is something to talk about with the VS Code folks. Coming back to Terminal, that exception works as documented, at least in my experience. Consider my built copy of the TLSTool sample code: % codesign -d -vvv `which TLSTool` … Authority=Develo
Topic: App & System Services SubTopic: Networking Tags:
Mar ’25
Codesign login password
Xcode is prompting I enter a codesign login password when I am archiving my project. My password seems incorrect since there is no action after I enter my password and tap allow. what could be the problem?
Topic: Code Signing SubTopic: General
1
0
140
Mar ’25
Reply to AppStore submission for Ruby/Glimmer app on MacOS without Xcode
[quote='829245022, chipcastle, /thread/774923?answerId=829245022#829245022, /profile/chipcastle'] ran my codesigning script which signs in the following order [/quote] Step 2 is unnecessary here. Using the terms from Creating distribution-signed code for macOS, your app is bundled code. That means you only need to sign the bundle. If you sign the PATHmanager executable separately, that signature is just overwritten when you sign the PATHmanager.app. [quote='829245022, chipcastle, /thread/774923?answerId=829245022#829245022, /profile/chipcastle'] so I continue to be puzzled [/quote] That error is misleading, in that there are two potential causes: The executable is missing this entitlement. The executable’s code signature is broken, which means that App Store Connect is unable to check that the entitlement is present. I suspect you’re hitting the second case. If you unpack the installer [1] and check the app’s code signature like so: % codesign --verify -vvv PATHmanager.app what does it repor
Topic: Code Signing SubTopic: General
Mar ’25
Reply to AppStore submission for Ruby/Glimmer app on MacOS without Xcode
Thanks for the suggestion. I was able to extract libui.dylib by running bundle install with the following configuration: cat ~/code/ruby/pathos_macos/.bundle/config --- BUNDLE_PATH: vendor/ BUNDLE_WITHOUT: development:test This created vendor/ruby/3.3.0/gems/libui-0.1.2-arm64-darwin/vendor/libui.dylib, which I ditto'd over to ~/Desktop/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib I bumped version (as described previously) and ran my codesigning script which signs in the following order (under /Users/chip/Desktop/distribution/PATHmanager.app/): Contents/Frameworks/libui.dylib Contents/MacOS/PATHmanager PATHmanager.app directory After uploading the .pkg file using Transporter, I get this old error: Validation failed (409) App sandbox not enabled. The following executables must include the com.apple.security.app-sandbox entitlement with a Boolean value of true in the entitlements property list: [( com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/MacOS/PATHmanager )] Refer
Topic: Code Signing SubTopic: General
Mar ’25
Codesign Error When Publishing iOS MAUI App in Visual Studio Code
I am experiencing an issue when publishing my .NET MAUI application for iOS using Visual Studio Code. During the publishing process, I encountered a codesign error. Hope someone can help me. This is the error: Warning: unable to build chain to self-signed root for signer Apple Distribution: SOFTBUILDER SDN. BHD. (********) /Users/frankongthuanhong/Desktop/App/MLBusinessCafe_Maui/MLBusinessCafe_Maui/bin/Release/net8.0-ios/ios-arm64/MLBusinessCafe_Maui.app: errSecInternalComponent /usr/local/share/dotnet/packs/Microsoft.iOS.Sdk.net8.0_18.0/18.0.8316/tools/msbuild/iOS/Xamarin.Shared.targets(2335,3): error : /usr/bin/codesign exited with code 1: [/Users/frankongthuanhong/Desktop/App/MLBusinessCafe_Maui/MLBusinessCafe_Maui/MLBusinessCafe_Maui.csproj::TargetFramework=net8.0-ios] /usr/local/share/dotnet/packs/Microsoft.iOS.Sdk.net8.0_18.0/18.0.8316/tools/msbuild/iOS/Xamarin.Shared.targets(2335,3): error : Warning: unable to build chain to self-signed root for signer Apple Distribution: SOFTBUILDER
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
2
0
395
Mar ’25
Gatekeeper and unsatisfied entitlements
We are developing a macOS application for distribution outside the Mac App Store. This application requires additional entitlements, including Keychain access groups, Network Extension, App Groups, and Sandbox. Both the app and the network extension import a custom framework. After creating the .app via Xcode, I ensured that a new Developer ID Application provisioning profile was generated. These profiles were then injected into the Contents folder of the .app and Plugins/.netappex as embedded.provisionprofile. Next, .entitlements files were created with the necessary -systemextension entitlement for the network extension and used for code signing. When inspecting the extracted entitlements from the .provisioningprofile as described in TN3125, everything appears correct. Code signing flow: codesign --force --options runtime --timestamp --sign Developer ID Application: <.app>/Contents/Frameworks/.framework/ codesign --force --options runtime --timestamp --sign Developer ID Application:
Topic: Code Signing SubTopic: Entitlements Tags:
Replies
2
Boosts
0
Views
273
Activity
Mar ’25
Code signing error.
There is something wrong with my keychain. Can someone point me in the right direction? codesign --force --sign Developer ID Application: Denis Putnam (2368694WQF) --options runtime /Users/denisputnam/git/expense_tracker/dist/ExpenseTracker.app /Users/denisputnam/git/expense_tracker/dist/ExpenseTracker.app: replacing existing signature Warning: unable to build chain to self-signed root for signer Developer ID Application: Denis Putnam (2368694WQF) /Users/denisputnam/git/expense_tracker/dist/ExpenseTracker.app: errSecInternalComponent Deniss-MacBook-Pro:expense_tracker denisputnam$ security find-certificate -c Developer ID Certification Authority -p /Library/Keychains/System.keychain | openssl x509 -noout -dates notBefore=Sep 22 18:55:10 2021 GMT notAfter=Sep 17 00:00:00 2031 GMT Deniss-MacBook-Pro:expense_tracker denisputnam$
Topic: Code Signing SubTopic: General Tags:
Replies
1
Boosts
0
Views
114
Activity
Mar ’25
Reply to SystemPolicyAllFiles code signing requirement
I’m not exactly an expert on MDM stuff, but my understanding is that the CodeRequirement property is a requirement. It doesn’t have to be the designated requirement of the code in question. Thus, you can create a profile with this property set to a custom requirement, one that’ll accept a development-signed app built by any of your team members. For more background on this, see TN3127 Inside Code Signing: Requirements. Consider this: % codesign -d -r - Test777163 Executable=/Users/quinn/Library/Developer/Xcode/DerivedData/Test777163-cihuekycmkocddfnmmrztacqdito/Build/Products/Debug/Test777163 designated => identifier Test777163 and anchor apple generic and certificate leaf[subject.CN] = Apple Development: Quinn Quinn (7XFU7D52S4) and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */ % cat custom.txt identifier Test777163 and anchor apple generic and certificate leaf[subject.OU] = SKMME9E2Y8 and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */ % codesign -v -vvv -R custo
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Mar ’25
Ad Hoc deployment - This app was not installed because its integrity could not be verified
Distribution Method: Custom -> Release Testing Errors: canceled by client MobileInstallation for reason Error Domain=IXUserPresentableErrorDomain Code=14 This app was not installed because its integrity could not be verified. installcoordinationd(MobileInstallation)[161] : {app-id}:5:11:1:1:Updating PlaceholderMetadata for {app-id} with failure 14 Steps done trying to resolve the problem: Creating new Provisioning Profile Confirmed registered Device UDID Manually Resigned the App using codesign Manually installed the mobileprovision certificate on the device Checked matching Apple Distribution Certificate Full Code-Signing Clean-Up There is also no Trust this xx under the settings -> VPN & Devices tab on the device, we also tested this on multiple devices and tried this aswell with a new blank app. Could there possibly be a core issue with our developer profile?
Topic: App Store Distribution & Marketing SubTopic: General
Replies
0
Boosts
0
Views
77
Activity
Mar ’25
Reply to DNS Proxy network extension doesn't start even after saving preferences successfully
System Extensions framework is meant to be called from a GUI application. Is that the case here? I see a lot of folks try to use the framework from a command-line tool (or daemon or whatever) that’s pretending to be a GUI app, and that often ends badly. I'm using a gui container app, it's just the default App macos template from xcode with the init for the App class changed to start the system extension. Check that you’re container app has a reasonable structure and that the sysex is embedded within that: Seems almost identical:  tree Applications/dns-proxy-tests.app Applications/dns-proxy-tests.app └── Contents ├── Info.plist ├── Library │ └── SystemExtensions │ └── com.myteam.dns-proxy-tests.ne.systemextension │ └── Contents │ ├── Info.plist │ ├── MacOS │ │ └── com.myteam.dns-proxy-tests.ne │ ├── _CodeSignature │ │ └── CodeResources │ └── embedded.provisionprofile ├── MacOS │ ├── __preview.dylib │ ├── dns-proxy-tests │ └── dns-proxy-tests.debug.dylib ├── PkgInfo ├── Resources ├── _CodeSignature │ └── CodeR
Topic: App & System Services SubTopic: Networking Tags:
Replies
Boosts
Views
Activity
Mar ’25
keychain and codesigning local dev
Trying to play around with Secure Enclave Protected keychain operations in a Tauri-based MacOS app and running into issues. After much digging and trial and error, here is my understanding and where I'm at: To access these keychain related APIs, the app must be codesigned, and have the following entitlements: com.apple.application-identifier XXXXXXXXXX.com.myorg.myapp com.apple.developer.team-identifier XXXXXXXXXX keychain-access-groups XXXXXXXXXX.* Currently using a Development cert, generated from Xcode, not a paid account I had to install the intermediate cert from https://www.apple.com/certificateauthority/ XXXXXXXXXX is the Team ID, which can be found on my Development cert under Details > Organizational Unit If I build the app and run it (without signing) I get code 34018 If I sign the app and try to run it, I am no longer able to boot it, with error: The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 Launch failed. UserInfo={NSLocali
Topic: Code Signing SubTopic: Entitlements Tags:
Replies
2
Boosts
0
Views
203
Activity
Mar ’25
SystemPolicyAllFiles code signing requirement
Hello. I have an enterprise application that requires specific privileges to execute correctly on MacOS. One of these privileges is SystemPolicyAllFiles (aka Full Disk Access), as we use the endpoint security framework. When we distribute our application, we generate: A signed, notarized pkg consisting of our application binaries. An MDM-compatible .mobileconfig, which contains the SystemPolicyAllFiles setting. We expect our users to install both to get the application to function correctly. However, we have three environments we deploy to: Internal (local development on a developer's workstation), development (where features are integrated prior to release) and production (what our customers get). For local, our developers create an Apple account and use a Mac Development certificate for signing. They also generate their own embedded.provisionprofile and drop that into their local installation config. For development/production, we use our Developer ID certificate and Developer Installer certificate, with an
Topic: Code Signing SubTopic: General Tags:
Replies
8
Boosts
0
Views
300
Activity
Mar ’25
Reply to DNS Proxy network extension doesn't start even after saving preferences successfully
Error 1 in the OSSystemExtensionErrorDomain is OSSystemExtensionErrorUnknown. That doesn’t sound good. [quote='829698022, conectado, /thread/776759?answerId=829698022#829698022, /profile/conectado'] after that I don't see any of the delegate being called [/quote] And that’s also not good. System Extensions framework is meant to be called from a GUI application. Is that the case here? I see a lot of folks try to use the framework from a command-line tool (or daemon or whatever) that’s pretending to be a GUI app, and that often ends badly. Check that you’re container app has a reasonable structure and that the sysex is embedded within that: QNE2DNSProxyMac.app/ Contents/ Info.plist Library/ SystemExtensions/ com.example.apple-samplecode.QNE2DNSProxyMac.SysEx.systemextension/ Contents/ Info.plist MacOS/ com.example.apple-samplecode.QNE2DNSProxyMac.SysEx _CodeSignature/ CodeResources embedded.provisionprofile MacOS/ QNE2DNSProxyMac … _CodeSignature/ CodeResources embedded.provisionprofile Check that the app is si
Topic: App & System Services SubTopic: Networking Tags:
Replies
Boosts
Views
Activity
Mar ’25
Apple Developer Certificate not recognized for codesigning
I’m building an Electron app for macOS that I plan to distribute to users in a .dmg outside the Mac App Store. I have a Developer ID Application certificate (from Apple’s Developer Portal) and a private key, and I can see “Developer ID Certification Authority” in my System Roots keychain. • My Developer ID Application certificate is in the login keychain, and it shows up under “My Certificates” with its private key. • On Keychain, certificate shows red message not trusted, but when I evaluate and check it specifically for codesigning it shows a green checkmark and success • Developer ID Certification Authority is in System Roots. • security find-identity -p codesigning – shows my certificate, but shows 0 valid identities • Updated operating system and deleted and recreated a new certificate, still get the same issue
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
2
Boosts
0
Views
188
Activity
Mar ’25
Reply to Local Network Privacy not Working as Documented
The devil is in the details here. First, this: [quote='776479021, baxterjo, /thread/776479, /profile/baxterjo'] from a VScode terminal and I am getting permissions prompts. [/quote] A VS Code terminal is not Terminal. The exception carved out for Terminal doesn’t apply to other terminal-ish apps. What’ll actually happen in the VS Code case is gonna depend on how it implemented its terminal environment. It’s possible that the system will see VS Code as the responsible code for your program and thus VS Code’s Local Network privilege will apply. However, it’s also possible for programs to do things that break that responsibility chain, in which case your program will look like a tool being run in a background context. What happens then is complex. Regardless, this is something to talk about with the VS Code folks. Coming back to Terminal, that exception works as documented, at least in my experience. Consider my built copy of the TLSTool sample code: % codesign -d -vvv `which TLSTool` … Authority=Develo
Topic: App & System Services SubTopic: Networking Tags:
Replies
Boosts
Views
Activity
Mar ’25
Reply to Codesign login password
codesign wants too access my certain key in my keychain
Topic: Code Signing SubTopic: General
Replies
Boosts
Views
Activity
Mar ’25
Codesign login password
Xcode is prompting I enter a codesign login password when I am archiving my project. My password seems incorrect since there is no action after I enter my password and tap allow. what could be the problem?
Topic: Code Signing SubTopic: General
Replies
1
Boosts
0
Views
140
Activity
Mar ’25
Reply to AppStore submission for Ruby/Glimmer app on MacOS without Xcode
[quote='829245022, chipcastle, /thread/774923?answerId=829245022#829245022, /profile/chipcastle'] ran my codesigning script which signs in the following order [/quote] Step 2 is unnecessary here. Using the terms from Creating distribution-signed code for macOS, your app is bundled code. That means you only need to sign the bundle. If you sign the PATHmanager executable separately, that signature is just overwritten when you sign the PATHmanager.app. [quote='829245022, chipcastle, /thread/774923?answerId=829245022#829245022, /profile/chipcastle'] so I continue to be puzzled [/quote] That error is misleading, in that there are two potential causes: The executable is missing this entitlement. The executable’s code signature is broken, which means that App Store Connect is unable to check that the entitlement is present. I suspect you’re hitting the second case. If you unpack the installer [1] and check the app’s code signature like so: % codesign --verify -vvv PATHmanager.app what does it repor
Topic: Code Signing SubTopic: General
Replies
Boosts
Views
Activity
Mar ’25
Reply to AppStore submission for Ruby/Glimmer app on MacOS without Xcode
Thanks for the suggestion. I was able to extract libui.dylib by running bundle install with the following configuration: cat ~/code/ruby/pathos_macos/.bundle/config --- BUNDLE_PATH: vendor/ BUNDLE_WITHOUT: development:test This created vendor/ruby/3.3.0/gems/libui-0.1.2-arm64-darwin/vendor/libui.dylib, which I ditto'd over to ~/Desktop/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib I bumped version (as described previously) and ran my codesigning script which signs in the following order (under /Users/chip/Desktop/distribution/PATHmanager.app/): Contents/Frameworks/libui.dylib Contents/MacOS/PATHmanager PATHmanager.app directory After uploading the .pkg file using Transporter, I get this old error: Validation failed (409) App sandbox not enabled. The following executables must include the com.apple.security.app-sandbox entitlement with a Boolean value of true in the entitlements property list: [( com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/MacOS/PATHmanager )] Refer
Topic: Code Signing SubTopic: General
Replies
Boosts
Views
Activity
Mar ’25
Codesign Error When Publishing iOS MAUI App in Visual Studio Code
I am experiencing an issue when publishing my .NET MAUI application for iOS using Visual Studio Code. During the publishing process, I encountered a codesign error. Hope someone can help me. This is the error: Warning: unable to build chain to self-signed root for signer Apple Distribution: SOFTBUILDER SDN. BHD. (********) /Users/frankongthuanhong/Desktop/App/MLBusinessCafe_Maui/MLBusinessCafe_Maui/bin/Release/net8.0-ios/ios-arm64/MLBusinessCafe_Maui.app: errSecInternalComponent /usr/local/share/dotnet/packs/Microsoft.iOS.Sdk.net8.0_18.0/18.0.8316/tools/msbuild/iOS/Xamarin.Shared.targets(2335,3): error : /usr/bin/codesign exited with code 1: [/Users/frankongthuanhong/Desktop/App/MLBusinessCafe_Maui/MLBusinessCafe_Maui/MLBusinessCafe_Maui.csproj::TargetFramework=net8.0-ios] /usr/local/share/dotnet/packs/Microsoft.iOS.Sdk.net8.0_18.0/18.0.8316/tools/msbuild/iOS/Xamarin.Shared.targets(2335,3): error : Warning: unable to build chain to self-signed root for signer Apple Distribution: SOFTBUILDER
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
2
Boosts
0
Views
395
Activity
Mar ’25