codesign

I just had WindowServer crash. Xcode stopped working shortly after that. I tried restarting Xcode 26.0.1 universal but it refused. I rebooted macOS 26.0.1 Tahoe and tried to start the same Xcode, no joy. I tried...six different already installed Xcodes, all displaying the Xcode_26.1b quit unexpectedly. alert. Looking at the report: Exception Type: EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid)) Exception Subtype: UNKNOWN_0x32 at 0x00000001111e4000 Exception Codes: 0x0000000000000032, 0x00000001111e4000 Termination Reason: Namespace CODESIGNING, Code 2, Invalid Page This seems wild to me. Thanks! -Mike

Hi there, I am trying to build the Apple SimpleAudioDriver example but fail with codesign and/or provisioning. I would be ok for now with the local option, but XCode 16.4 doesn't show the option build to run locally (SIP is disabled). When using Automatically manage signing it ends in a Please file a bug report. I found that having two different development teams tripped it up, so I deleted all certificates and keys and made sure to be only signed into one account in Xcode. Can anyone give advice? Thanks a ton! Here is the URL to the sample: https://developer.apple.com/documentation/coreaudio/building-an-audio-server-plug-in-and-driver-extension macOS: 15.6.1 XCode: 16.4 Hardware: MacBook Pro M2 Max SIP: disabled

I'm on a MacBook Air 2025 M4 (Apple Silicon) using Flutter 3.35.5 on channel stable, Xcode 26.0.1, and CocoaPods 1.16.2. Actual Setup: Component Version macOS 15.0 Sequoia CPU Apple M4 (ARM64) Flutter 3.35.5 on channel stable Dart 3.9.2 DevTools 2.48.0 CocoaPods 1.16.2 Xcode 26.0.1 Build 17A400 Since updating Flutter from 3.24 → 3.35, iOS builds consistently fail with the following errors (not matter if simulation or real device, also ios version no matter): fatal error: 'Flutter/Flutter.h' file not found Error logs: /Users/myuser/.pub-cache/hosted/pub.dev/app_links-6.4.1/ios/app_links/Sources/app_links/AppLinksIosPlugin.swift /Users/myuser/.pub-cache/hosted/pub.dev/app_links-6.4.1/ios/app_links/Sources/app_links/AppLinksIosPlugin.swift:1:8 Unable to find module dependency: 'Flutter' import Flutter ^ flutter_native_splash /Users/myuser/.pub-cache/hosted/pub.dev/flutter_native_splash-2.4.6/ios/flutter_native_splash/Sources/flutter_native_splash/include/flutter_native_splash/FlutterNativeSplashPlugin.h /Users/m

Dear Apple Developer Support, I am experiencing a critical issue with Developer ID certificates issued for Turkish (C=TR) developer accounts that prevents code signing on macOS. Issue Summary All Turkish Developer ID certificates issued on October 4, 2025, contain an Apple proprietary extension (OID 1.2.840.113635.100.6.1.13) marked as critical that both OpenSSL and codesign cannot handle. Technical Details Team ID: 4B529G53AG Certificate Country: TR (Turkey) Issue Date: October 4, 2025 macOS Version: 15.6.1 (24G90) Problematic Extension OID: 1.2.840.113635.100.6.1.13 (marked as critical) Evidence I have verified this issue across THREE different Turkish Developer ID certificates: Serial: 21F90A51423BA96F74F23629AD48C4B1 Serial: 461CBAF05C9EDE6E Serial: 184B6C2222DB76A376C248EC1E5A9575 All three certificates contain the same critical extension. Error Messages OpenSSL: error 34 at 0 depth lookup: unhandled critical extension Codesign: unable to build chain to self-signed root for signer errSe

Hello everyone, I am migrating a legacy KEXT to a DriverKit (DEXT) architecture. While the DEXT itself is working correctly, I am completely blocked by a code signing issue when trying to establish the UserClient connection from our SwiftUI management app. Project Goal & Status: Our DEXT (com.accusys.Acxxx.driver) activates successfully (systemextensionsctl list confirms [activated enabled]). The core functionality is working (diskutil list shows the corresponding disk device node). The Core Problem: The userclient-access Signing Error To allow the app to connect to the DEXT, the com.apple.developer.driverkit.userclient-access entitlement is required in the app's .entitlements file. However, as soon as this entitlement is added, the build fails. Both automatic and manual signing fail with the same error: `Provisioning profile ... doesn't match the entitlements file's value for the ... userclient-access entitlement.` This build failure prevents the generation of an .app bundle, making it impossible to insp

Hello, appreciate any help here. Objective: perform a scoped write to a removable block device (using low-level system frameworks in C). Issue: launchd-run privileged helper (as root) denied permission to open block device. Manual 'sudo ./helper' call succeeds, however. Importantly: the entire process works flawlessly if the main app is granted Full Disk Access in Privacy & Security. However, this should be completely unnecessary for this objective, as scoped access should be sufficient, and FDA is in fact not required for other apps which perform this task. Architecture and flow: Main GUI process collects ISO path and target removable device path (queried via IOKit). Main GUI process installs a Privileged Helper via SMJobBless. The Privileged Helper is started on demand by launchd as root (UID 0, EUID 0). Main GUI process communicates selected ISO and device paths to Privileged Helper via XPC. Privileged Helper conducts security and sanity checks, unmounts volumes from target device via DiskArbitration.

In our local test configurations, a developer can sign test apps for device installation using any key associated with the company team. However, if a developer accidentally chooses an identity from some other team, installation fails with no information about the problem. It just mentions that no provisioning profile could be found, leaving everyone in the dark about what is wrong. Instead, we would like to pre-validate the selected signing identity by checking the team name or id. This could be done, for example, by extracting the x509 certificate from the signing identity and checking the OU field (which is set to the team id). However, none of the apple commands will divulge the x509 certificate from a developer id. So far our best options is to create a fake app, sign the app, then use command: codesign --display --extract-certificates This solution seems excessively serpentine. Is there no direct command that will accept the sha of a signing identity and return a nice .pem containing the associ

I'm developing this app that uses python (pythonkit) to access certain python tools. It works fine locally but I was trying to validate it in order to upload it for the final testing and submission but I'm getting this signing error: codesign command failed (/var/folders/w0/9xsxryw94ps9n139w7g9q3gh0000gp/T/XcodeDistPipeline.~~~jO0urX/Root/Applications/RubyEyes.app/Contents/Frameworks/Python.framework/Versions/3.13/lib/python3.13/config-3.13-darwin/python.o: operation inapplicable or not supported for this type of code ) can someone help me?

I'm trying to sign a .app package coming from Py2app. Unfortunately I keep running into the same two issues: The binary is not signed with a valid Developer ID certificate. and The signature does not include a secure timestamp. I tried everything, from recreating the signatures, with different arguments, different keys and certificates, but it keeps complaining with these two errors on a long list of files. For reference I added the python script I use for signing the files. code_singing.py

Hey, Just recently I realized something I have been overlooking in my build pipelines. I thought that by adding the the hardened runtime, I disable 3rd-party library injection (I do not have the disable-library-validation entitlement added). However, I was using some checks on my code and I noticed that the library validation code signature check fails on my applications (e.g. adding the .libraryValidation requirement via the LightweightCodeRequirements framework) - with codesign -dvvvv /path/to/app I can check it doesn't have the CS_REQUIRE_LV flag: [...] CodeDirectory v=20500 size=937 flags=0x10000(runtime) hashes=18+7 location=embedded [...] then I used in Xcode the Other Code Signing Flags setting and added the -o library option, which added the flag: [...] CodeDirectory v=20500 size=937 flags=0x12000(library-validation,runtime) hashes=18+7 location=embedded [...] Is this flag something I should be explicitly setting? Because I was under the impression enabling hardened runtime would be enough. P

I tried building a macOS app with Electron, but I ran into problems during notarization. I used notarytool to upload my DMG and got status: Invalid. xcrun notarytool log output { logFormatVersion: 1, jobId: 680bf475-a5f4-4675-9083-aa755d492b18, status: Invalid, statusSummary: Archive contains critical validation errors, statusCode: 4000, archiveFilename: BODYPARK-v3.6.0-mac.app.zip, uploadDate: 2025-09-25T02:50:41.523Z, sha256: e61074b9bba6d03696f2d8b0b13870daafc283960e61ab5002d688e4e82ef6f6, ticketContents: null, issues: [ { severity: error, code: null, path: BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag, message: The signature of the binary is invalid., docUrl: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735, architecture: x86_64 }, { severity: error, code: null, path: BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMa