Search results for

“codesign”

3,221 results found

Post

Replies

Boosts

Views

Activity

Reply to All notarization submissions stuck "In Progress" for 24-36+ hours (first-time submission)
Hello! I'm trying to notarize my first app. My notarization submissions via xcrun notarytool submit are hanging indefinitely. The upload completes, but the processing never finishes. Upload ID: d1a3ef28-4255-4938-96e1-c6a9b73beb06 122ba838-f362-44fb-aaff-bbf27ec9d963 Details: Artifact type: macOS .app bundle packaged as .zip via ditto -c -k --keepParent Signing identity: Developer ID Application Code signing flags: --force --options runtime --deep Architecture: arm64 (also amd64 in previous attempts) macOS version: Darwin 25.3.0 What I've verified: Code signature passes codesign --verify --deep --strict
Topic: App Store Distribution & Marketing SubTopic: App Review
3w
All notarization submissions stuck "In Progress" for 24-36+ hours (first-time submission)
I am submitting my first macOS app for notarization and all submissions have been stuck at In Progress for over 24-36 hours. The notarytool log command returns Submission log is not yet available for all of them. App details: macOS menu bar app (Apple Silicon only, arm64) Signed with Developer ID Application certificate Hardened Runtime enabled Secure timestamp included No get-task-allow entitlement Team ID: 3426FSU868 Submission history: bd5a8bf3-809f-42d5-9ab3-1cb665e4dfa6 (Mar 3, 13:02 UTC) - Status: Invalid This was expected. It was a Debug build with get-task-allow and missing secure timestamp. c3e54eef-650e-41ba-ac8f-8948147cc7e1 (Mar 3, 13:06 UTC) - Status: In Progress (36+ hours) b6c4515a-93dd-417c-8956-158a73f62dee (Mar 3, 14:06 UTC) - Status: In Progress (35+ hours) 478b7e57-3492-46eb-98fb-04b52bff1f17 (Mar 4, 01:08 UTC) - Status: In Progress (24+ hours) Submissions 2-4 were all built with Release configuration, signed with Developer ID Application certificate, hardened runtime, and secure timestamp
Topic: App Store Distribution & Marketing SubTopic: App Review
7
0
380
4w
Reply to Can't get USBSerialDriverKit driver loaded
OK, so for some reason, the provisioning profile includes the USB entitlement for vendorID= and I thought because I requested a specific vendor id that I only get that. So after putting into the vendor id field in my USB entitlement in Xcode, they now match, and it works. Strange.... These are the development only entitlements. See this forum post for a detailed run-through of the codesigning side of this. In terms of the matching side of this: The comments feature of the forums is not particularly useful, so please post a complete copy of your IOKitPersonalities dictionary, posted using the code option (which makes it easy to copy out). I have a rundown of the matching and loading process here, so please start by reviewing and validating your DEX against that. That document specifically covers this: Should I set something else for IOClass if my driver does bind to USB interfaces and takes care about exposing them as USB serial devices to the os? I currently have IOClass=IOUserService Also mentioned
Topic: App & System Services SubTopic: Drivers Tags:
Mar ’26
Notarization submissions stuck "In Progress" — native macOS app with Sparkle.framework (12+ attempts)
I'm submitting a native macOS app (Swift/SwiftUI, arm64) that includes Sparkle.framework for auto-updates. All binaries are signed with a Developer ID Application certificate using --options runtime and --timestamp. I've submitted 12+ times over the past two days, both from local notarytool submit and from GitHub Actions CI. Every submission uploads successfully and returns a valid submission ID, but then stays at In Progress indefinitely — none have resolved to Accepted or Invalid. Two early submissions did eventually come back Invalid — Apple's rejection log showed the Sparkle nested binaries had ad-hoc signatures (they were being signed as individual Mach-O files instead of bundle directories). I fixed this with proper inside-out bundle signing. Since the fix, local codesign --verify --deep --strict passes cleanly, but all ~10 subsequent submissions remain stuck at In Progress. 9UT54V24XG Would appreciate any guidance, or if someone from the notary team could check our queue. Happy to provide spec
Topic: Code Signing SubTopic: Notarization
3
0
153
Mar ’26
Reply to All notarization submissions stuck "In Progress" for 24+ hours — first-time Electron app
Experiencing the same issue here — native macOS (Swift/SwiftUI) app with Sparkle.framework, signed with Developer ID Application certificate using --options runtime and --timestamp on all binaries. We've submitted 12+ times over the past two days, both from local notarytool submit and from GitHub Actions CI. Two early submissions eventually came back Invalid (Sparkle nested binaries needed proper bundle-level signing rather than file-level). After fixing that, codesign --verify --deep --strict passes cleanly on every binary in the bundle. But every submission since the fix — about 10 of them — has been stuck at In Progress indefinitely. We're using App Store Connect API key auth (--key / --key-id / --issuer), and the submissions upload successfully with valid submission IDs. They just never resolve. Team ID: 9UT54V24XG Would appreciate any guidance or if someone from Apple could take a look at our queue. Happy to provide submission IDs if that helps.
Topic: Code Signing SubTopic: Notarization Tags:
Mar ’26
`sysextd` rejects new `NEFilterDataProvider` activation with "no policy" on macOS 26 — despite valid Developer ID + notarization
I'm building a macOS network monitor using NEFilterDataProvider as a system extension, distributed with Developer ID signing. On macOS 26.3 (Tahoe), sysextd consistently rejects the activation request with no policy, cannot allow apps outside /Applications — despite the app being in /Applications and passing every verification check. I'm aware of the known Xcode NE signing bug (r. 108838909) and have followed the manual signing process from Exporting a Developer ID Network Extension. I've also tried both xcodebuild build and xcodebuild archive workflows — identical failure. Environment macOS 26.3 (25D125), SIP enabled Xcode 26.3 (17C529) Hardware Apple M2 Pro Certificate Developer ID Application (issued Jan 30, 2026 — 27 days old) MDM/Profiles None installed Signing & Verification (all pass) $ spctl -a -vv /Applications/Chakshu.app /Applications/Chakshu.app: accepted source=Notarized Developer ID origin=Developer ID Application: ROBIN SHARMA (R65679C4F3) $ codesign --verify --deep --strict -vv /A
Topic: App & System Services SubTopic: Networking Tags:
5
0
183
Feb ’26
Reply to Title: Developer ID + DNS Proxy system extension: profile mismatch for `com.apple.developer.networking.networkextension`
I can’t really help you with MDM stuff. If you need help in that space, you can try over in Business & Education > Device Management but you might have more luck over in the Apple Support Community, run by Apple Support, and specifically in the Business and Education topic areas. However, I can help you with this: [quote='877476022, Leo_Nagano, /thread/815340?answerId=877476022#877476022, /profile/Leo_Nagano'] on that MDM‑managed macOS 14.4 (Apple Silicon) device the app still cannot be launched. [/quote] That sounds less like an MDM issue and more like a Gatekeeper issue. [quote='877476022, Leo_Nagano, /thread/815340?answerId=877476022#877476022, /profile/Leo_Nagano'] codesign -dvv confirms the app is signed with our Developer ID Application certificate and has … [/quote] I see no mention of the App ID (com.apple.application-identifier) and Team ID (com.apple.developer.team-identifier) entitlements. Any app that uses restricted entitlement should be signed with those entitlements because they
Topic: App & System Services SubTopic: Networking Tags:
Feb ’26
Reply to Title: Developer ID + DNS Proxy system extension: profile mismatch for `com.apple.developer.networking.networkextension`
Update (MDM‑managed macOS 14.4 device): After some additional testing with our third‑party MDM, the Custom macOS app now does get installed via MDM (the notarized Developer ID PKG is assigned to a group with Install Method = MDM and Auto Deploy, and /Applications/MyProxy.app appears on the target Mac with the expected bundle id and version). However, on that MDM‑managed macOS 14.4 (Apple Silicon) device the app still cannot be launched. Finder shows a generic “MyProxy can’t be opened” error, and the process is killed immediately on launch. The key detail from the system log is that the decision is coming from the ConfigurationProfiles / MDM side rather than from Gatekeeper: taskgated-helper[…]: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] Disallowing com.myapp.agent.MyProxy because no eligible provisioning profiles found At the same time: spctl --assess -vvv -t exec /Applications/MyProxy.app reports source=Notarized Developer ID. codesign -dvv confirms the app is signed with
Topic: App & System Services SubTopic: Networking Tags:
Feb ’26
Duplicate Certificates Cause codesign errSecInternalComponent failures
Original Problem We use codesign and notarytool in a scripted environment to build and distribute binaries daily. We also do manual builds by logging into the build server using SSH. This has been working for many years, but after updating to a new Developer ID Application certificate, codesign was failing with errSecInternalComponent and the console logs showed errSecInteractionNotAllowed. Summary of Resolution Attempting to fix the problem resulted in multiple copies of the same Certificate which were NOT shown by Keychain Access. I had to run security delete-identity multiple times to clear out the redundant Identities and then imported the certificate using the security CLI tool. Details I originally followed these instructions for requesting and installing a new certificate: https://developer.apple.com/help/account/certificates/create-developer-id-certificates/ Tip: Use the security tool intead These instructions fail to mention two critical points: 1) they assume the machine you genera
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
1
0
163
Feb ’26
Reply to iOS app from TestFlight cannot be opened due to Code signing
It does, and the exception reason tripped me up at first: Exception Type: EXC_BAD_ACCESS (SIGKILL) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Codes: 0x0000000000000001, 0x0000000000000000 VM Region Info: 0 is not in any region. Bytes before following region: 4339253248 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 102a3c000-102a40000 [ 16K] r-x/r-x SM=COW /var/containers/Bundle/Application/5BD67EC6-39CC-428C-944B-C2E2FCA311B4/.app/ Termination Reason: CODESIGNING 2 Invalid Page Turns put it was likely a problem with an async closure passed to a Combine subject as indicated by the first stack frames: 0 ??? 0x0000000000000000 0x0 + 0 1 0x0000000102edacc8 type metadata accessor for (nonisolated(nonsending) (), ()) + 44 (/:0) 2 0x0000000102edac64 type metadata accessor for PassthroughSubject<(nonisolated(nonsending) (), ()), Never> + 44 (/:0)
Topic: Code Signing SubTopic: General Tags:
Feb ’26
Reply to No certificate for team '' matching 'Developer ID Application' found
It sounds like you’re trying to use Developer ID signing for day-to-day development. That’s something I recommend you avoid. Rather, use an Apple Development signing identity for development. For background on this, The Care and Feeding of Developer ID. Having said that, I can help you debug this specific problem. I recommend that you start out by isolating this from Xcode. If you run these commands, what do you see: % cp /usr/bin/true MyTrue % codesign -s Developer ID Application -f MyTrue Run these from Terminal, logged into the same GUI login session as you’re using for Xcode. If that prints a no identity found message, what do you see when you run this command: % security find-identity -p codesigning Policy: Code Signing Matching identities … 11) ADC03B244F4C1018384DCAFFC920F26136F6B59B Developer ID Application: Quinn Quinn (SKMME9E2Y8) (CSSMERR_TP_CERT_EXPIRED) 12) 3F8BE319780F84EB2E94ABDFA24E8045A0572A7B Developer ID Application: Quinn Quinn (SKMME9E2Y8) 12 identities found Valid ident
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Feb ’26
Reply to How can I create a more complex XPCPeerRequirement?
Entitlements and code-signing requirements are very different. See the following for more background on each: TN3125 Inside Code Signing: Provisioning Profiles TN3127 Inside Code Signing: Requirements You can use a code-signing requirement to check for an entitlement, for example: % codesign --verify -R '=entitlement [com.apple.security.app-sandbox] exists' -v /Applications/Pages.app … /Applications/Pages.app: explicit requirement satisfied % codesign --verify -R '=entitlement [com.apple.security.app-sandbox] exists' -v /usr/bin/true … test-requirement: code failed to satisfy specified code requirement(s) However, entitlements are tricky to use in this situation because: You can’t create a provisioning profile that authorises a custom requirement. Many of of the popular entitlements are either unrestricted on macOS, or only restricted in that they clear the entitlement-validate flag [1]. Given that, I think maintaining your previous approach makes sense, that is, check for the Team ID and a
Topic: Code Signing SubTopic: Entitlements Tags:
Feb ’26
Reply to com.apple.developer.payment-pass-provisioning missing in TestFlight build despite provisioning profile having it
Thanks for that dump. Much nicer! My reading of the stuff in your latest post suggests that you’re authorised to use the entitlement but you’re not actually claiming it. Remember that a provisioning profile acts an allowlist. It tells the system what entitlements you’re allowed to claim, but it doesn’t actually claim them. You actually claim entitlements in your app’s code signature. Note To learn more about how this works, see TN3125 Inside Code Signing: Provisioning Profiles. I usually debug problems like this by first confirming the nature of the problem: Instead of sending my app directly to App Store Connect, I export an archive. For example, when using Xcode’s organiser window I click Distribute App and then follow the Custom > App Store Connect > Export workflow. I then upload that archive using Transporter. Presuming that reproduces the problem, I unpack the archive by hand. See Unpacking Apple Archives. I can then dump the profile and the entitlements in the resulting app. The profile dump comm
Topic: Code Signing SubTopic: Entitlements Tags:
Feb ’26
Notarization stuck "In Progress" for 48+ hours - 6 submissions (Team ID: Y7T24GD249)
I'm experiencing a persistent issue where all my notarization submissions remain stuck in In Progress indefinitely. This is my first time notarizing an app. Environment: macOS 26.2 (Tahoe) Using xcrun notarytool submit Team ID: Y7T24GD249 App: Electron-based desktop application (~400MB) Stuck submissions (oldest to newest): 51412777-848c-4be1-a952-5ff32d6653f9 - Feb 4, 4:39 PM UTC (48+ hours) 9c4f94a1-d59a-4607-adf1-94c82fb4254b - Feb 4, 11:23 PM UTC 1c593512-ef55-4801-ba60-8b1bbc5a6f66 - Feb 4, 11:30 PM UTC de66e5cf-143c-40ec-ba62-2f07609044b4 - Feb 5, 1:39 PM UTC 964b2196-ad2e-4503-b15f-dc7f6a996ef0 - Feb 5, 2:25 PM UTC c8fdcccf-46cd-4609-bc33-faaa8fad696f - Feb 6, 5:11 PM UTC What I've tried: Verified Developer ID Application certificate is valid Checked code signatures with codesign -vvv --deep --strict Submitted both .zip and .dmg formats Checked Apple System Status (shows operational) notarytool log returns Record not found for all submissions Is there a known issue affecting first-time notariz
Topic: Code Signing SubTopic: Notarization
4
0
177
Feb ’26
Reply to All notarization submissions stuck "In Progress" for 24-36+ hours (first-time submission)
Hello! I'm trying to notarize my first app. My notarization submissions via xcrun notarytool submit are hanging indefinitely. The upload completes, but the processing never finishes. Upload ID: d1a3ef28-4255-4938-96e1-c6a9b73beb06 122ba838-f362-44fb-aaff-bbf27ec9d963 Details: Artifact type: macOS .app bundle packaged as .zip via ditto -c -k --keepParent Signing identity: Developer ID Application Code signing flags: --force --options runtime --deep Architecture: arm64 (also amd64 in previous attempts) macOS version: Darwin 25.3.0 What I've verified: Code signature passes codesign --verify --deep --strict
Topic: App Store Distribution & Marketing SubTopic: App Review
Replies
Boosts
Views
Activity
3w
All notarization submissions stuck "In Progress" for 24-36+ hours (first-time submission)
I am submitting my first macOS app for notarization and all submissions have been stuck at In Progress for over 24-36 hours. The notarytool log command returns Submission log is not yet available for all of them. App details: macOS menu bar app (Apple Silicon only, arm64) Signed with Developer ID Application certificate Hardened Runtime enabled Secure timestamp included No get-task-allow entitlement Team ID: 3426FSU868 Submission history: bd5a8bf3-809f-42d5-9ab3-1cb665e4dfa6 (Mar 3, 13:02 UTC) - Status: Invalid This was expected. It was a Debug build with get-task-allow and missing secure timestamp. c3e54eef-650e-41ba-ac8f-8948147cc7e1 (Mar 3, 13:06 UTC) - Status: In Progress (36+ hours) b6c4515a-93dd-417c-8956-158a73f62dee (Mar 3, 14:06 UTC) - Status: In Progress (35+ hours) 478b7e57-3492-46eb-98fb-04b52bff1f17 (Mar 4, 01:08 UTC) - Status: In Progress (24+ hours) Submissions 2-4 were all built with Release configuration, signed with Developer ID Application certificate, hardened runtime, and secure timestamp
Topic: App Store Distribution & Marketing SubTopic: App Review
Replies
7
Boosts
0
Views
380
Activity
4w
Reply to Can't get USBSerialDriverKit driver loaded
OK, so for some reason, the provisioning profile includes the USB entitlement for vendorID= and I thought because I requested a specific vendor id that I only get that. So after putting into the vendor id field in my USB entitlement in Xcode, they now match, and it works. Strange.... These are the development only entitlements. See this forum post for a detailed run-through of the codesigning side of this. In terms of the matching side of this: The comments feature of the forums is not particularly useful, so please post a complete copy of your IOKitPersonalities dictionary, posted using the code option (which makes it easy to copy out). I have a rundown of the matching and loading process here, so please start by reviewing and validating your DEX against that. That document specifically covers this: Should I set something else for IOClass if my driver does bind to USB interfaces and takes care about exposing them as USB serial devices to the os? I currently have IOClass=IOUserService Also mentioned
Topic: App & System Services SubTopic: Drivers Tags:
Replies
Boosts
Views
Activity
Mar ’26
Notarization submissions stuck "In Progress" — native macOS app with Sparkle.framework (12+ attempts)
I'm submitting a native macOS app (Swift/SwiftUI, arm64) that includes Sparkle.framework for auto-updates. All binaries are signed with a Developer ID Application certificate using --options runtime and --timestamp. I've submitted 12+ times over the past two days, both from local notarytool submit and from GitHub Actions CI. Every submission uploads successfully and returns a valid submission ID, but then stays at In Progress indefinitely — none have resolved to Accepted or Invalid. Two early submissions did eventually come back Invalid — Apple's rejection log showed the Sparkle nested binaries had ad-hoc signatures (they were being signed as individual Mach-O files instead of bundle directories). I fixed this with proper inside-out bundle signing. Since the fix, local codesign --verify --deep --strict passes cleanly, but all ~10 subsequent submissions remain stuck at In Progress. 9UT54V24XG Would appreciate any guidance, or if someone from the notary team could check our queue. Happy to provide spec
Topic: Code Signing SubTopic: Notarization
Replies
3
Boosts
0
Views
153
Activity
Mar ’26
Reply to All notarization submissions stuck "In Progress" for 24+ hours — first-time Electron app
Experiencing the same issue here — native macOS (Swift/SwiftUI) app with Sparkle.framework, signed with Developer ID Application certificate using --options runtime and --timestamp on all binaries. We've submitted 12+ times over the past two days, both from local notarytool submit and from GitHub Actions CI. Two early submissions eventually came back Invalid (Sparkle nested binaries needed proper bundle-level signing rather than file-level). After fixing that, codesign --verify --deep --strict passes cleanly on every binary in the bundle. But every submission since the fix — about 10 of them — has been stuck at In Progress indefinitely. We're using App Store Connect API key auth (--key / --key-id / --issuer), and the submissions upload successfully with valid submission IDs. They just never resolve. Team ID: 9UT54V24XG Would appreciate any guidance or if someone from Apple could take a look at our queue. Happy to provide submission IDs if that helps.
Topic: Code Signing SubTopic: Notarization Tags:
Replies
Boosts
Views
Activity
Mar ’26
`sysextd` rejects new `NEFilterDataProvider` activation with "no policy" on macOS 26 — despite valid Developer ID + notarization
I'm building a macOS network monitor using NEFilterDataProvider as a system extension, distributed with Developer ID signing. On macOS 26.3 (Tahoe), sysextd consistently rejects the activation request with no policy, cannot allow apps outside /Applications — despite the app being in /Applications and passing every verification check. I'm aware of the known Xcode NE signing bug (r. 108838909) and have followed the manual signing process from Exporting a Developer ID Network Extension. I've also tried both xcodebuild build and xcodebuild archive workflows — identical failure. Environment macOS 26.3 (25D125), SIP enabled Xcode 26.3 (17C529) Hardware Apple M2 Pro Certificate Developer ID Application (issued Jan 30, 2026 — 27 days old) MDM/Profiles None installed Signing & Verification (all pass) $ spctl -a -vv /Applications/Chakshu.app /Applications/Chakshu.app: accepted source=Notarized Developer ID origin=Developer ID Application: ROBIN SHARMA (R65679C4F3) $ codesign --verify --deep --strict -vv /A
Topic: App & System Services SubTopic: Networking Tags:
Replies
5
Boosts
0
Views
183
Activity
Feb ’26
Reply to Title: Developer ID + DNS Proxy system extension: profile mismatch for `com.apple.developer.networking.networkextension`
I can’t really help you with MDM stuff. If you need help in that space, you can try over in Business & Education > Device Management but you might have more luck over in the Apple Support Community, run by Apple Support, and specifically in the Business and Education topic areas. However, I can help you with this: [quote='877476022, Leo_Nagano, /thread/815340?answerId=877476022#877476022, /profile/Leo_Nagano'] on that MDM‑managed macOS 14.4 (Apple Silicon) device the app still cannot be launched. [/quote] That sounds less like an MDM issue and more like a Gatekeeper issue. [quote='877476022, Leo_Nagano, /thread/815340?answerId=877476022#877476022, /profile/Leo_Nagano'] codesign -dvv confirms the app is signed with our Developer ID Application certificate and has … [/quote] I see no mention of the App ID (com.apple.application-identifier) and Team ID (com.apple.developer.team-identifier) entitlements. Any app that uses restricted entitlement should be signed with those entitlements because they
Topic: App & System Services SubTopic: Networking Tags:
Replies
Boosts
Views
Activity
Feb ’26
Reply to Title: Developer ID + DNS Proxy system extension: profile mismatch for `com.apple.developer.networking.networkextension`
Update (MDM‑managed macOS 14.4 device): After some additional testing with our third‑party MDM, the Custom macOS app now does get installed via MDM (the notarized Developer ID PKG is assigned to a group with Install Method = MDM and Auto Deploy, and /Applications/MyProxy.app appears on the target Mac with the expected bundle id and version). However, on that MDM‑managed macOS 14.4 (Apple Silicon) device the app still cannot be launched. Finder shows a generic “MyProxy can’t be opened” error, and the process is killed immediately on launch. The key detail from the system log is that the decision is coming from the ConfigurationProfiles / MDM side rather than from Gatekeeper: taskgated-helper[…]: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] Disallowing com.myapp.agent.MyProxy because no eligible provisioning profiles found At the same time: spctl --assess -vvv -t exec /Applications/MyProxy.app reports source=Notarized Developer ID. codesign -dvv confirms the app is signed with
Topic: App & System Services SubTopic: Networking Tags:
Replies
Boosts
Views
Activity
Feb ’26
Duplicate Certificates Cause codesign errSecInternalComponent failures
Original Problem We use codesign and notarytool in a scripted environment to build and distribute binaries daily. We also do manual builds by logging into the build server using SSH. This has been working for many years, but after updating to a new Developer ID Application certificate, codesign was failing with errSecInternalComponent and the console logs showed errSecInteractionNotAllowed. Summary of Resolution Attempting to fix the problem resulted in multiple copies of the same Certificate which were NOT shown by Keychain Access. I had to run security delete-identity multiple times to clear out the redundant Identities and then imported the certificate using the security CLI tool. Details I originally followed these instructions for requesting and installing a new certificate: https://developer.apple.com/help/account/certificates/create-developer-id-certificates/ Tip: Use the security tool intead These instructions fail to mention two critical points: 1) they assume the machine you genera
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
1
Boosts
0
Views
163
Activity
Feb ’26
Reply to iOS app from TestFlight cannot be opened due to Code signing
It does, and the exception reason tripped me up at first: Exception Type: EXC_BAD_ACCESS (SIGKILL) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Codes: 0x0000000000000001, 0x0000000000000000 VM Region Info: 0 is not in any region. Bytes before following region: 4339253248 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 102a3c000-102a40000 [ 16K] r-x/r-x SM=COW /var/containers/Bundle/Application/5BD67EC6-39CC-428C-944B-C2E2FCA311B4/.app/ Termination Reason: CODESIGNING 2 Invalid Page Turns put it was likely a problem with an async closure passed to a Combine subject as indicated by the first stack frames: 0 ??? 0x0000000000000000 0x0 + 0 1 0x0000000102edacc8 type metadata accessor for (nonisolated(nonsending) (), ()) + 44 (/:0) 2 0x0000000102edac64 type metadata accessor for PassthroughSubject<(nonisolated(nonsending) (), ()), Never> + 44 (/:0)
Topic: Code Signing SubTopic: General Tags:
Replies
Boosts
Views
Activity
Feb ’26
iOS app from TestFlight cannot be opened due to Code signing
One of our apps (built with Xcode 26.1.1 and distributed via TestFlight) crashes upon launch on iOS 17 with Exception Type: EXC_BAD_ACCESS (SIGKILL) and Termination Reason: CODESIGNING 2 Invalid Page. I have never seen this before. Any pointers? On iOS 18 & 26 this does not happen btw.
Topic: Code Signing SubTopic: General Tags:
Replies
3
Boosts
0
Views
252
Activity
Feb ’26
Reply to No certificate for team '' matching 'Developer ID Application' found
It sounds like you’re trying to use Developer ID signing for day-to-day development. That’s something I recommend you avoid. Rather, use an Apple Development signing identity for development. For background on this, The Care and Feeding of Developer ID. Having said that, I can help you debug this specific problem. I recommend that you start out by isolating this from Xcode. If you run these commands, what do you see: % cp /usr/bin/true MyTrue % codesign -s Developer ID Application -f MyTrue Run these from Terminal, logged into the same GUI login session as you’re using for Xcode. If that prints a no identity found message, what do you see when you run this command: % security find-identity -p codesigning Policy: Code Signing Matching identities … 11) ADC03B244F4C1018384DCAFFC920F26136F6B59B Developer ID Application: Quinn Quinn (SKMME9E2Y8) (CSSMERR_TP_CERT_EXPIRED) 12) 3F8BE319780F84EB2E94ABDFA24E8045A0572A7B Developer ID Application: Quinn Quinn (SKMME9E2Y8) 12 identities found Valid ident
Topic: Code Signing SubTopic: Certificates, Identifiers & Profiles Tags:
Replies
Boosts
Views
Activity
Feb ’26
Reply to How can I create a more complex XPCPeerRequirement?
Entitlements and code-signing requirements are very different. See the following for more background on each: TN3125 Inside Code Signing: Provisioning Profiles TN3127 Inside Code Signing: Requirements You can use a code-signing requirement to check for an entitlement, for example: % codesign --verify -R '=entitlement [com.apple.security.app-sandbox] exists' -v /Applications/Pages.app … /Applications/Pages.app: explicit requirement satisfied % codesign --verify -R '=entitlement [com.apple.security.app-sandbox] exists' -v /usr/bin/true … test-requirement: code failed to satisfy specified code requirement(s) However, entitlements are tricky to use in this situation because: You can’t create a provisioning profile that authorises a custom requirement. Many of of the popular entitlements are either unrestricted on macOS, or only restricted in that they clear the entitlement-validate flag [1]. Given that, I think maintaining your previous approach makes sense, that is, check for the Team ID and a
Topic: Code Signing SubTopic: Entitlements Tags:
Replies
Boosts
Views
Activity
Feb ’26
Reply to com.apple.developer.payment-pass-provisioning missing in TestFlight build despite provisioning profile having it
Thanks for that dump. Much nicer! My reading of the stuff in your latest post suggests that you’re authorised to use the entitlement but you’re not actually claiming it. Remember that a provisioning profile acts an allowlist. It tells the system what entitlements you’re allowed to claim, but it doesn’t actually claim them. You actually claim entitlements in your app’s code signature. Note To learn more about how this works, see TN3125 Inside Code Signing: Provisioning Profiles. I usually debug problems like this by first confirming the nature of the problem: Instead of sending my app directly to App Store Connect, I export an archive. For example, when using Xcode’s organiser window I click Distribute App and then follow the Custom > App Store Connect > Export workflow. I then upload that archive using Transporter. Presuming that reproduces the problem, I unpack the archive by hand. See Unpacking Apple Archives. I can then dump the profile and the entitlements in the resulting app. The profile dump comm
Topic: Code Signing SubTopic: Entitlements Tags:
Replies
Boosts
Views
Activity
Feb ’26
Notarization stuck "In Progress" for 48+ hours - 6 submissions (Team ID: Y7T24GD249)
I'm experiencing a persistent issue where all my notarization submissions remain stuck in In Progress indefinitely. This is my first time notarizing an app. Environment: macOS 26.2 (Tahoe) Using xcrun notarytool submit Team ID: Y7T24GD249 App: Electron-based desktop application (~400MB) Stuck submissions (oldest to newest): 51412777-848c-4be1-a952-5ff32d6653f9 - Feb 4, 4:39 PM UTC (48+ hours) 9c4f94a1-d59a-4607-adf1-94c82fb4254b - Feb 4, 11:23 PM UTC 1c593512-ef55-4801-ba60-8b1bbc5a6f66 - Feb 4, 11:30 PM UTC de66e5cf-143c-40ec-ba62-2f07609044b4 - Feb 5, 1:39 PM UTC 964b2196-ad2e-4503-b15f-dc7f6a996ef0 - Feb 5, 2:25 PM UTC c8fdcccf-46cd-4609-bc33-faaa8fad696f - Feb 6, 5:11 PM UTC What I've tried: Verified Developer ID Application certificate is valid Checked code signatures with codesign -vvv --deep --strict Submitted both .zip and .dmg formats Checked Apple System Status (shows operational) notarytool log returns Record not found for all submissions Is there a known issue affecting first-time notariz
Topic: Code Signing SubTopic: Notarization
Replies
4
Boosts
0
Views
177
Activity
Feb ’26