codesign

I too am not sure if they'll reject an app simply because it wasn't built with Xcode, but there's also the code signing requirement. I highly doubt that any third-party IDE will be able to process the Apple-issued signing assets. If an app isn't signed by you when you submit it, of course it'll get rejected. You could try running the codesign command line tool to do it yourself, but again, I'm not sure that will work.Besides, if you use a third-party IDE, you won't be able to use the Apple SDKs, which means that you'll likely miss out on everything special Apple hardware has to offer; on top of that, you wouldn't be able to have a truly cross-platform app anyway because iOS and Android are so fundamentally different.Here's my recommendation: split your app into its core (the back end) and its UI (the front end). The core you can write using C++ or whatever suits your fancy; the UI you should write using the preferred IDE for each platform. On Xcode you can compile the core and iOS-specific UI into th

Try moving the built product to /Applications.... Once it's there (before reboot) verify that everything is in order with:spctl -v -a /Applications/MyApp.appWhich should verify the codesign on top of other things. If that's okay, reboot and repeat running spctl on it again once rebooted.Just to add spctl seems to get a better verbosity with the more vvvvv's you add to it... i.e.:spctl -vvvvvv -a /Applicaitons/MyApp.app

Might it be because to get access to the container the app needs to be code-signed, which doesn't necessarily have to be the case when testing on Simulators? We have the exact same problem when we change provisioning profiles and forget to update them & build for simulator. Make sure the app is codesigned.

… you can rename files in a code signed application without breaking the code signature.That’s not my experience.$ codesign -vv RenameTest.app RenameTest.app: valid on disk RenameTest.app: satisfies its Designated Requirement $ mv RenameTest.app/Contents/Resources/MainMenu.nib RenameTest.app/Contents/Resources/foo.nib $ codesign -vv RenameTest.app RenameTest.app: a sealed resource is missing or invalid file added: /Users/quinn/Desktop/RenameTest/build/Debug/RenameTest.app/Contents/Resources/foo.nib file missing: /Users/quinn/Desktop/RenameTest/build/Debug/RenameTest.app/Contents/Resources/MainMenu.nibShare and Enjoy — Quinn The Eskimo! Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com

If you rename a file in the app's bundle (I'm externally calling mv to do this) it seems quite happy. Same if you rename a file directly from the command line.e.gmv /test.app/Contents/Data/niceandsafefile.png /test.app/Contents/Data/FormatDiskIfHere.pngwhere the app is looking for that file to do its hidden nasty stuff. (I should point out that I wasn't doing that, I'm just seeing if I can think up a worst case scenario 🙂 )That seems to pass on the codesigning in that the app will happily run assuming it's happy with the filename in its code.

Just to add some more color:I'm storing oauth2 creds in the keychain. From a fresh start, the following work:* Accessing an existing credential* Deleting a credential and storing a new one.Where I run into problems is in resuming app after being previously logged in, stepping out to settings, and returning. One feature of the internal build is that the identifier for the service to be used is stored in NSUserDefaults, so the user can go to iOS Settings and toggle their service endpoint. When the app resumes after this happends, I check to see if the service changed, and if it did, I force a logout and ask the user to sign in again.It is at this point I run into problems. After having previously been able to read/write the keychain, I get a -34018 for every keychain access. While the deletes happen almost immediately after the app resumes, the adds typically happen quite a while afterwards, since the user has to enter a name and password.I'm using accessibility specifier kSecAttrAccessibleAfterFirstUnlock. I h

That seems to pass on the codesigning in that the app will happily run assuming it's happy with the filename in its code.Running isn’t really a good test of the code signature. You should either:validate the code signature, as I described in my earlier postput the app on a server somewhere, download it from there, and then see if it passes the Quarantine checkLast I checked OS X does not check the entire code signature of the app every time it launches the app; rather, the full check is done as part of the un-Quarantine process.Share and Enjoy — Quinn The Eskimo! Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com

Your entitlements property list file is not meant to be included in your final build product. Rather, it’s an input to the code signing machinery. If you enable the App Sandbox is the standard way (via the Capabilities tab of the target editor in Xcode), you’ll find that it a) adds the entitlements property list file, and b) sets the Code Signing Entitlements (CODE_SIGN_ENTITLEMENTS) building setting to point to that file. Then, when your build your app, you’ll see in the build log two steps, Process product packaging and Sign, that process that file and then use it as part of your code signing. Finally, to check the actual entitlements of a binary, do this:$ codesign -d --entitlements :- /path/to/binaryShare and Enjoy — Quinn The Eskimo! Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com

Xcode uses an XPC service with root privildges to agree to the license and install packages. This does exactly what you mentioned:`sudo xcodebuild -license`However, launchd will not load the XPC service if the code signature of Xcode is broken. 3rd party plugins are a likely culprit here.To verify that your copy of Xcode is not damaged, please run codesign -v --verbose=4 --deep --strict Xcode.appIf the code signature is broken, please delete Xcode and install it again. The Xcode team will attempt to detect this in the future so that it doesn't hang, and give proper instructions to get past the issue.