Code Signing

RSS for tag

Certify that an app was created by you using Code signing, a macOS security technology.

Code Signing Documentation

Pinned Posts

Posts under Code Signing tag

271 Posts
Sort by:
Post not yet marked as solved
3 Replies
3.1k Views
I am trying to compile Xcode project on an online platform Bitrise. I am facing issue with sign in and provisioning .. after trying 4-5 days I am approaching you. Please solve this. ❌ error: No profiles for 'my app bundle id' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'my app bundle id'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'myapp-Development' from project 'myapp') How to enable this "allowProvisioningUpdates" also why it is too difficult to do such processes with apple development.. I tried for android and it compiled successfully in a single attempt. please help.
Posted
by mradul007.
Last updated
.
Post not yet marked as solved
0 Replies
50 Views
Hi, We are getting timestamp error while signing the binaries and installers. Following is the error. pkgbuild[376:6714336] CMS signature encoding failed: A timestamp was expected but was not found. (-67882) Error signing data. sometimes nc -v timestamp.apple.com 80 command gets timeout. nc: connectx to timestamp.apple.com port 80 (tcp) failed: Operation timed out For some reason, I am not able to attach the Wireshark capture. We worked with ISP and they could not find issue with the n/w. Could you please help in identifying the issue? regards Prema Kumar
Posted Last updated
.
Post not yet marked as solved
0 Replies
60 Views
I am working on a mac application which controls some other mac application using apple events. So from my understanding whenever mac application tries to control other mac application using apple event for the first time, mac system will throw a dialog box with text saying something like "This application want to control this application" and we have to allow on the dialog box and once user allows the access to control the other app this will get reflected in 'automation' section for security and privacy setting, and user can access the application every time afterwards. Before the notarization process becomes mandatory for all mac application everything was working fine, when my application tries to control other application system automatically throws the access dialog box. But once we have started the notarization process this dialog box is not appearing at all. I have tried to find the solution on web, I have found one point that when user enabled 'Hardened Runtime' some of the functionality gets blocked like apple event is also part of that. So for the solution I have added the apple event entitlement('com.apple.security.automation.apple-events') with my application when I codesign my application and also added 'NSAppleEventsUsageDescription' in info.plist. But it is still not working. below is the command I use to code sign my application and 'MyApp.entitlements' file have the 'com.apple.security.automation.apple-events' entitlement. codesign --deep --verify --verbose --force --timestamp --options runtime --entitlements "$PROJECT_ROOT/MyApp.entitlements" --sign "XYZ inc" "MyApp.app" Is there anything I am missing to get the dialog box that is essential to access other app. Thanks in advance for the help.
Posted
by One1One.
Last updated
.
Post not yet marked as solved
1 Replies
110 Views
I have an Apple Development certificate issued by: Apple Worldwide Developer Relations Certification Authority (until February 20, 2030). From time to time the Xcode build fails and I see that my certificate is invalid. In this situation, I see two "Apple Worldwide Developer Relations Certification Authority" certificates. One is valid until 2030 and the other is valid until 2023. When I remove the second one (until 2023), my Apple Development certificate becomes valid and the build goes fine. But after a while CodeSign fails again, and I have to remove the second certificate again to build the application. Seems to be that second certificates is auto downloaded by Xcode, how can i fix it?
Posted
by Cuddy.
Last updated
.
Post not yet marked as solved
3 Replies
266 Views
crash log ------------------------------------- Translated Report (Full Report Below) ------------------------------------- Process:               OneKey [20876] Path:                  /Applications/OneKey.app/Contents/MacOS/OneKey Identifier:            so.onekey.wallet Version:               3.16.2 (202211070943) App Item ID:           1609559473 Code Type:             ARM-64 (Native) Parent Process:        launchd [1] User ID:               501 Date/Time:             2022-11-07 17:32:42.4372 +0800 OS Version:            macOS 12.5 (21G72) Report Version:        12 Anonymous UUID:         Sleep/Wake UUID:       5E78A6FD-4E76-458B-B1F7-DC8CCC4497B6 Time Awake Since Boot: 80000 seconds Time Since Wake:       7078 seconds System Integrity Protection: enabled Crashed Thread:        0  Dispatch queue: com.apple.main-thread Exception Type:        EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid)) Exception Codes:       UNKNOWN_0x32 at 0x0000000148048a40 Exception Codes:       0x0000000000000032, 0x0000000148048a40 Exception Note:        EXC_CORPSE_NOTIFY Termination Reason:    Namespace CODESIGNING, Code 2 VM Region Info: 0x148048a40 is in 0x148048000-0x14807c000;  bytes after start: 2624  bytes before end: 210367       REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL       Memory Tag 255              148044000-148048000    [   16K] ---/rwx SM=NUL   --->  Memory Tag 255              148048000-14807c000    [  208K] r-x/rwx SM=PRV         Memory Tag 255              14807c000-14fe80000    [126.0M] ---/rwx SM=NUL   Kernel Triage: VM - pmap_enter failed with resource shortage VM - pmap_enter failed with resource shortage VM - pmap_enter failed with resource shortage VM - pmap_enter failed with resource shortage Thread 0 Crashed::  Dispatch queue: com.apple.main-thread 0   ???                                      0x148048a40 ??? 1   ???                                      0x14fe8c918 ??? 2   ???                                      0x14ff1fe4c ??? 3   ???                                      0x14fe8c918 ??? 4   ???                                      0x14fe8ab4c ??? 5   ???                                      0x14fe8a7e8 ??? 6   Electron Framework                       0x115ffcbb0 v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) + 2080 7   Electron Framework                       0x115ffc41c v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) + 140 8   Electron Framework                       0x115eff0b0 v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) + 356 9   Electron Framework                       0x11ac00720 node::MultiIsolatePlatform::Create(int, v8::TracingController*, v8::PageAllocator*) + 804 10  Electron Framework                       0x11ac00518 node::MultiIsolatePlatform::Create(int, v8::TracingController*, v8::PageAllocator*) + 284 11  Electron Framework                       0x11ac00638 node::MultiIsolatePlatform::Create(int, v8::TracingController*, v8::PageAllocator*) + 572 12  Electron Framework                       0x11ac007f0 node::NewContext(v8::Isolate*, v8::Local<v8::ObjectTemplate>) + 112 13  Electron Framework                       0x115193a34 v8::Signature::New(v8::Isolate*, v8::Local<v8::FunctionTemplate>) + 9516 14  Electron Framework                       0x11517f870 v8::internal::compiler::RawMachineAssembler::TargetParameter() + 5588 15  Electron Framework                       0x116d227bc v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 3293908 16  Electron Framework                       0x116d25bb4 v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 3307212 17  Electron Framework                       0x116d22180 v8::internal::SetupIsolateDelegate::SetupHeap(v8::internal::Heap*) + 3292312 18  Electron Framework                       0x11534588c v8::internal::compiler::BasicBlock::set_loop_header(v8::internal::compiler::BasicBlock*) + 13620 19  Electron Framework                       0x1153468b0 v8::internal::compiler::BasicBlock::set_loop_header(v8::internal::compiler::BasicBlock*) + 17752 20  Electron Framework                       0x115346448 v8::internal::compiler::BasicBlock::set_loop_header(v8::internal::compiler::BasicBlock*) + 16624 21  Electron Framework                       0x115344f50 v8::internal::compiler::BasicBlock::set_loop_header(v8::internal::compiler::BasicBlock*) + 11256 22  Electron Framework                       0x11534541c v8::internal::compiler::BasicBlock::set_loop_header(v8::internal::compiler::BasicBlock*) + 12484 23  Electron Framework                       0x1150bf12c ElectronMain + 128 24  dyld                                     0x104d4908c start + 520 ... Thread 0 crashed with ARM Thread State (64-bit):     x0: 0x0000000000000002   x1: 0x00000074000452c1   x2: 0x0000000148048a40   x3: 0x00000074000023e9     x4: 0x00000074002516f5   x5: 0x0000000000000811   x6: 0x0000007400045255   x7: 0x0000000000000000     x8: 0x0000000000242159   x9: 0x0000007400005c35  x10: 0x0000000000242159  x11: 0x00000000000000f1    x12: 0x0000000000002000  x13: 0x0000000000000302  x14: 0x000000000000000c  x15: 0x000000011b06ce80    x16: 0x0000000000000004  x17: 0x0000000148048a40  x18: 0x0000000000000000  x19: 0x0000000000000067    x20: 0x0000007400254305  x21: 0x000000011f014a10  x22: 0x0000000000000016  x23: 0x00000000000000b7    x24: 0x0000007400005db5  x25: 0x00000000a04425fa  x26: 0x0000000128008000  x27: 0x0000007400045255    x28: 0x0000007400000000   fp: 0x000000016b4aa930   lr: 0x000000014fe8c918     sp: 0x000000016b4aa860   pc: 0x0000000148048a40 cpsr: 0x40001000    far: 0x0000000148048a40  esr: 0x8200000f (Instruction Abort) Permission fault Binary Images:                0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???        0x114f08000 -        0x11bed7fff com.github.Electron.framework (*) <4c4c4472-5555-3144-a157-f562934e98a4> /Applications/OneKey.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework        0x104d44000 -        0x104da3fff dyld (*) <75627683-a780-32ad-ae34-cf86dd23a26b> /usr/lib/dyld        0x18a601000 -        0x18a60dfff libsystem_pthread.dylib (*) <f32ff902-ba43-30b0-ad43-a2a8a9ff69fe> /usr/lib/system/libsystem_pthread.dylib        0x18a5c9000 -        0x18a600fff libsystem_kernel.dylib (*) <67f22904-88ed-3847-bbf0-5c4c599fd79e> /usr/lib/system/libsystem_kernel.dylib
Posted
by jellySha.
Last updated
.
Post not yet marked as solved
1 Replies
124 Views
I need some clarification regarding the Enterprise App distribution. I am a developer and have developed an App for a different organization. I don't have an Apple Enterprise Development account. My question is with which certificate should I sign the IPA to give to the organization for which I developed the App? I don't know which path to follow Get the Enterprise distribution certificate and the private key from the organization and sign it using that and share the IPA with the organization? Share the IPA that I created with my developer certificate and give it to the organization, and ask their IT guys to resign it using their Enterprise distribution certificate? Or Is there an MDM that will accept the IPA that I created with my developer certificate and will resign the IPA with their distribution certificate? Can you please suggest to me the best approach? I am aware of the Custom Apps. But in my case, I don't want to go via App Store.
Posted Last updated
.
Post marked as solved
2 Replies
481 Views
I am working on a Mac application that cannot work on "sandboxing" environment. My app is dealing with file system etc. Question I have is, will I need Code Signing Cert? Do we need EV Code Signing Cert - to reduce the number of errors ? If someone can list general app signing requirement, it will be great. Also pls let me know best place to acquire such certs?
Posted Last updated
.
Post not yet marked as solved
2 Replies
280 Views
Created a fresh Xcode project using the macOS App template. Set up a Xcode Cloud Workflow with a "Test - macOS" action. Using the latest environment available, currently Xcode 14.1 (14B47b) and macOS Ventura 13 RC 2 (22A380). App builds and tests run fine locally in Xcode 14.1 (14B47b). But on Xcode Cloud, this is resulting in a code signing error when the test-without-building step is reached. Foo (7828) encountered an error (Failed to load the test bundle. If you believe this error represents a bug, please attach the result bundle at /Volumes/workspace/resultbundle.xcresult. (Underlying Error: The bundle “FooTests” couldn’t be loaded. The bundle couldn’t be loaded. Try reinstalling the bundle. dlopen(/Volumes/workspace/TestProducts/Debug/Foo.app/Contents/PlugIns/FooTests.xctest/Contents/MacOS/FooTests, 0x0109): tried: '/Volumes/workspace/TestProducts/Debug/FooTests' (no such file), '/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/usr/lib/FooTests' (no such file), '/Volumes/workspace/TestProducts/Debug/Foo.app/Contents/PlugIns/FooTests.xctest/Contents/MacOS/FooTests' (code signature in <AEE218C5-FDB4-3327-B270-99D8A86530EB> '/Volumes/workspace/TestProducts/Debug/Foo.app/Contents/PlugIns/FooTests.xctest/Contents/MacOS/FooTests' not valid for use in process: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?)), '/System/Volumes/Preboot/Cryptexes/OS/Volumes/workspace/TestProducts/Debug/Foo.app/Contents/PlugIns/FooTests.xctest/Contents/MacOS/FooTests' (no such file), '/Volumes/workspace/TestProducts/Debug/Foo.app/Contents/PlugIns/FooTests.xctest/Contents/MacOS/FooTests' (code signature in <AEE218C5-FDB4-3327-B270-99D8A86530EB> '/Volumes/workspace/TestProducts/Debug/Foo.app/Contents/PlugIns/FooTests.xctest/Contents/MacOS/FooTests' not valid for use in process: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?)))) I was able to narrow the command line flags Xcode Cloud is using to reproduce it locally. Running xcodebuild test -scheme Foo CODE_SIGN_IDENTITY=- locally results in a similar error.
Posted
by joshpeek.
Last updated
.
Post not yet marked as solved
6 Replies
3.5k Views
When archiving the app with Xcode 14 beta, we got some errors regarding resources bundle code signing. xxxResources does not support provisioning profiles. xxxResources does not support provisioning profiles, but provisioning profile <...> has been manually specified. Set the provisioning profile value to "Automatic" in the build settings editor... It turns out that in Xcode 14 beta, CODE_SIGNING_ALLOWED of resource bundle is being set to YES by default while it's NO in Xcode 13.x. Is this an expected change or a bug introduced by Xcode 14 beta?
Posted
by ntduyet.
Last updated
.
Post not yet marked as solved
5 Replies
675 Views
I'm hitting an error in codesign. It's reporting "The timestamp service is not available." Are other people hitting this error? I confirmed that if I use -timestamp=none, it works (but of course I cannot notarize). So I'm inclined to believe that the error message actually means what it says. I tried rebooting, checked my certificates haven't expired, and tried using three different LANs to eliminate networking issues. The app I'm signing is Electron, and I've noticed that the specific file it dies on changes each time. That makes me suspect the timestamp service might be only working intermittently.
Posted
by jesmith.
Last updated
.
Post not yet marked as solved
0 Replies
190 Views
I am Archiving my app in Xcode 13.4.1 and signing it for AdHoc distribution using Automatic signing. I then distribute output to directory on my M1 Mac mini running Monterey 12.5. I install this version of the app on iPhone 16 and it works. I have a script that uses PListBuddy to change the name of the App and put in a URL for in a user defined field in the Plist for the app to use to retrieve information used in the app. The script is below at bottom. In the script I then remove the .app/_CodeSignature and copy the mobile provision to the .app/embedded.mobileprovison. In the script I then use codesign to resign the .app and move it to a directory passed into the script. I install using DistributionSummary.plist listed below at bottom. This worked before an unfortunate incident forced me to change the login to the Mac mini which is also the admin user. I had to use the terminal process of “replacepassword” (?) which was done by Apple rep at the physical App Store in my town. This allowed me back into the Mac Mini but sadly invalidated the KeyChain in KeyAccess. I have downloaded the Apple Development Cert and Apple Distribution Cert from Apple/developer to the KeyChain and the mobileprovision to the directory containing the script. When I install this app over the air and click on it I, I get “Unable to Install .app - This app cannot be installed because its integrity could not be verified.” When I click on Get Info on both Certificates it says “This certificate is valid” When I try to evaluate the certificates in KeyAccess and click on code signing it does not stick and the radio button is blank next time I evaluate it. I think this may be the root of the problem. Thanks Script: #!/bin/sh unzip XXApp.ipa /usr/libexec/PlistBuddy -c "Set :CFBundleDisplayName $1" Payload/XXApp.app/Info.plist /usr/libexec/PlistBuddy -c 'Print :CFBundleDisplayName' Payload/XXApp.app/Info.plist /usr/libexec/PlistBuddy -c "Set :XXApp21URL $2" Payload/XXXApp.app/Info.plist /usr/libexec/PlistBuddy -c 'Print :XXApp21URL' Payload/XXApp.app/Info.plist rm -rf Payload/GenApp.app/_CodeSignature cp XXapps.mobileprovision Payload/XXApp.app/embedded.mobileprovision codesign -f -s 'Apple Development: MyName (CCCCCC)’ --entitlements entitlements.plist Payload/XXApp.app zip -qr XXApp21.ipa Payload rm -r Payload NEWPATH=$(echo $1 | tr -d ' ') Mkdir -p $NEWPATH cp XXApp21.ipa $NEWPATH DistributionSummary.plist
Posted Last updated
.
Post marked as solved
2 Replies
254 Views
I get the following error in Xcode Cloud when attempting to prepare a build for App Store: "ITMS-90334: Invalid Code Signature Identifier. The identifier "SwiftCharts-555549449cfa473253483215b74c174849d2ec9c" in your code signature for "SwiftCharts" must match its Bundle Identifier "SwiftCharts". This is an iOS app and Swift Charts is swift package dependency which the app depends on. Since it is a dynamic library, it is included via the "Embed & Sign" option. This was reported on SO by another user. They worked around it by making changes to the source package, I believe. That workaround may be difficult in my case as I do not control the source package. It's a 3rd party dependency that I'd prefer not to maintain a fork of. Any ideas of why Xcode cloud is hitting this issue or any other workarounds? I've confirmed via a codesign check that the Identifier is resolving to that special hash when doing this from Xcode Cloud. It does not have that hash when I attempt to build/archive/upload locally. $ codesign -d -v SwiftCharts.framework/SwiftCharts  Identifier=SwiftCharts-555549449cfa473253483215b74c174849d2ec9c Format=bundle with Mach-O thin (arm64) CodeDirectory v=20400 size=6872 flags=0x0(none) hashes=205+5 location=embedded Signature size=4765 Signed Time=Oct 30, 2022 at 8:33:59 AM Info.plist entries=22 TeamIdentifier=<redacted> Sealed Resources version=2 rules=10 files=0 Internal requirements count=1 size=220
Posted Last updated
.
Post not yet marked as solved
1 Replies
178 Views
I am trying to sign a Java application, packaged in a disk image, via jpackage, invoked via Ant (so no XCode anywhere). The packaging itself works fine, but I am having trouble figuring out the signing parameters. In particular, it seems I will have to provide a parameter --mac-signing-key-user-name What value should I give to this parameter? I have an Apple Developer Account (well, obviously...), I have generated a certificate and quite a few other things, but I am confused as to what the "signing-key-user-name" should be. The error message I currently get from jpackage is: No certificate found matching [...] using keychain [] I am on MAC OS 12.6 and JDK 17. Any help would be greatly appreciated.
Posted Last updated
.
Post not yet marked as solved
4 Replies
1.6k Views
i am trying to build a IOS IPA for generic device, followed all the instructions, added signing certificates, team etc. but i am unable to build the product. any one please help me to resolve this issue. Checked to automatically managed signing. added device in developer site. when archiving product, at the end of process it gives error 'exit with non zero code' sent 435785657 bytes received 92 bytes 58104766.53 bytes/sec total size is 435732165 speedup is 1.00 Warning: unable to build chain to self-signed root for signer "Apple Development: ********" /Users/Saif/Library/Developer/Xcode/DerivedData/Runner-bemaxobcrmqabgcgltuauohrwrje/Build/Intermediates.noindex/ArchiveIntermediates/Runner/InstallationBuildProductsLocation/Applications/myapp.app/Frameworks/App.framework/App: errSecInternalComponent Command PhaseScriptExecution failed with a nonzero exit code i am just stuck on this error for about 3 days. tried each and every solution available on stackoverflow and apple developer forums. Flutter : 2.0.1 Xcode : 11.2.1
Posted Last updated
.
Post not yet marked as solved
0 Replies
207 Views
I recently had to make a change to my Mac app where I need to add a special "Contact Notes" entitlement, so that means that I can't rely on "Automatic Code Signing" anymore. So here are the steps I took to build and distribute the app with manual code signing: from "Certificates, Identifiers & Profiles" from the Developer, I added entitlement to my app identifier, and then created new manual provisioning profiles (one for "macOS App Development" under Development, and one for "Mac App Store" under Distribution) in Xcode, added the entitlement to the Entitlements files in Xcode, in Signing & Capabilities, unselected the checkbox for "Automatically manage signing", and under "Provisioning Profile", for both Debug and Release builds, I chose to import the new provisioning profiles that were created I can build and run in debug mode, and it works fine. I then created an 'archive' of the app, which also built fine, and opened up Organizer. In Organizer, I choose the "Distribute" button, select "App Store Connect" as the distribution method, and choose "Upload" as the destination. After it prepares the archive, it shows the usual two checkboxes for "upload app symbols" and "manage version and build number", and I select Next. Till now, everything works as expected. Now I get the "Select certificates and Mac App Store profiles" page ... here, for the dropdowns for my app's targets, I select the correct provisioning profiles. BUT .. the "Next" button never next gets enabled, so I can't move forward! There's no error message, or anything in Console that makes sense to me. But I just can't seem to be able to select "Next" to the final step before uploading the build to App Store Connect. When I went back and selected "Automatically manage signing" again, and build and archive, the new archive doesn't have this step again, so it works fine and goes to the final upload page. What can I do to find out the issue that's causing this page to not validate? Can I upload the archive build through some other way (like from Terminal) that might give more information? NEVERMIND: turns out, I needed to "Mac Installer Distribution" Certificate, which I generated from the dropbox.
Posted
by zulfishah.
Last updated
.
Post marked as solved
3 Replies
257 Views
Hello there We have recently discovered an issue where extensions in an app bundle would not open if they are signed (using codesign, in our case). We are assuming that this is because they can either not be run by the main app (because of some signing/security issue) or that the system immediately kills them because they are incorrectly signed. The setup Simply create a main app containing any app extension (we have tried FinderSync and Share) Archive and export the app using the xcodebuild command (though exporting it through Xcode works aswell) Sign the app container (.app) and the extension (.appex file in Contents/PlugIns). Open the app The Extension won't be visible in the Preferences and is not running The problem If we do not sign the app extension, the main app and app extension start as expected (this not an option though, because notarization will fail when the app extension is not signed). If we sign the app extension, the app extension will not start (when running the main app). We assume that this is because macOSs Gatekeeper immediately kills them when started. But we are not sure why. Demo Project You can find a very simple demo project in the Github Repository linked below. This demo project only contains an almost empty main app, a completely default App Extension (everything is left as when generated, except the myFolderURL which was changed to / for testing purposes). The demo project also contains two scripts, one which builds app and signs it completely (with app extension) and one which builds the app and signs everything but the App Extension. Both scripts export a .app file, and a zip file. Make sure to insert the name of your Developer ID Application Certificate into the script (simply replace the XXXXXXX with the name of your certificate) To reproduce our issue: Run the unsigned app and open the preferences with the button to confirm that the app extension have been added. delete the app (to make sure the app extension is not still in the preferences when testing the signed app) Open the app with the signed extension and you'll see that upon opening the app and viewing the preferences that the app extension is not present in the list (and therefore not open). This can be tested using the Activity Monitor or 'top' command as well. You can find the link to the github repository containing the demo project here (I could not directly insert the github link because of the question guidelines): StackOverflow Question Conclusion To summarise: When signing an app extension (Finder Sync in the Demo), the extension does not open/gets killed when the extension is signed. If the extension is not signed everything works as intended. As said, we believe that either signing, notarising, or the gatekeeper might be the cause of this issue, probably this is some issue with our build/sign automation (the demo contains the scripts with our automation code). Can that be the case or are extensions handled differently and we are missing a step?
Posted
by Elia314.
Last updated
.
Post not yet marked as solved
3 Replies
358 Views
Hi! I have an issue to build Archive when using xcodebuild in GitHub Action workflow. The project s quite basic iOS project. Archiving works fine locally using command xcodebuild -quiet -workspace MyProject.xcworkspace -scheme "MyProject Release" clean archive -configuration release -destination=generic/platform=iOS -archivePath MyProject.xcarchive Same command via SSH gives an error errSecInternalComponent. Command CodeSign failed with a nonzero exit code IF I run a command security unlock-keychain beforehand, then creating .xcarchive passes. In Keychain Access, I have necessary certificates. Those are located in login.keychain and every certificate seems to be valid. Also, based on this answer, I have tried to put 6 different Apple Worldwide Developer Relations Certification Authority -certs in System.keychain and removed same stuff from login.keychain. This didn't bring solution either. Our GitHub (Enterprise) Action workflow is quite simple (here is an extract): name: Build_Tests on: push: branches: - 'GHA_tests' workflow_dispatch: jobs: build: runs-on: [ self-hosted, macos-1 ] ..... - name: Archive shell: bash run: | xcodebuild -quiet -workspace MyProject.xcworkspace -scheme "MyProject Release" clean archive -configuration release -destination=generic/platform=iOS -archivePath MyProject.xcarchive In our CI/CD environment is a stack of Macs with latest macOS, and every those has a unique password, so embedding "security unlock-keychain" with password is not a (good) solution. If it is only one to get our build and test environment to work, then we have to start to live with it, but I would love to get some other solution to work. Easiest for us would be that old workflows, with example above, continues to work. I mean that just using commands like "xcodebuild" would work like a charm. I have also run through this excellent post by eskimo and seems like that certificates are fine. No issues found. Locally run security find-identity -p codesigning gives  in "Matching identities" "4 identities found" and in "Valid identities only" "4 valid identities found". Also, I can run codesign -s "Apple Development" -f "MyTrue" for my certificates four time in a row with success. (We have four certificates, yes. There is one dev for in-house, one for public, one Distribution and an old iPhone Distribution from...past.) Also, each 4 certs in login.keychain has in Access Control "Confirm before allowing access" selected and in the list "Always allow access..." there is at least a tools codesign and Keychain Access. Apple Distribution cert's Key has four "Always allow..." apps: Keychain Access, Xcode, codesign and productbuild. These certificates are imported to Keychain Access using commands security unlock-keychain -p <keychain password> login.keychain security import <certificate file>.p12 -k login.keychain -P <cert password> -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k <keychain password> Via SSH I have run command codesign -s and it gave similar issues than in eskimo's example: "MyTrue: errSecInternalComponent". A command security unlock-keychain naturally fixed this. The problem here is that I can't include passwords in CI after unlock-keychain command. Any ideas what I am doing wrong? My guess is that I am not a far of working solution, but just can make in my mind what I am doing wrong atm. I think that I have tried about everything during these two weeks when wondering this issue. I appreciate everyone who reads this posts and specially you who posts a working solution :) -Harri
Posted
by Harri.
Last updated
.
Post not yet marked as solved
4 Replies
490 Views
I am trying to run my app on my iPhone (version 16). And I have the latest Xcode version 14. Also, I have a provision profile and certificate set. System Information macOS Version 12.6 (Build 21G115) Xcode 14.0.1 (21336) (Build 14A400) Domain: com.apple.dt.MobileDeviceErrorDomain Code: -402620395 -- A valid provisioning profile for this executable was not found. Domain: com.apple.dt.MobileDeviceErrorDomain Code: -402620395 -- Analytics Event: com.apple.dt.IDERunOperationWorkerFinished : {   "device_model" = "iPhone13,4";   "device_osBuild" = "16.0 (20A362)";   "device_platform" = "com.apple.platform.iphoneos";   "launchSession_schemeCommand" = Run;   "launchSession_state" = 1;   "launchSession_targetArch" = arm64;   "operation_duration_ms" = 5463;   "operation_errorCode" = "-402620395";   "operation_errorDomain" = "com.apple.dt.MobileDeviceErrorDomain";   "operation_errorWorker" = IDEInstalliPhoneLauncher;   "operation_name" = IDEiPhoneRunOperationWorkerGroup;   "param_consoleMode" = 0;   "param_debugger_attachToExtensions" = 0;   "param_debugger_attachToXPC" = 1;   "param_debugger_type" = 5;   "param_destination_isProxy" = 0;   "param_destination_platform" = "com.apple.platform.iphoneos";   "param_diag_MainThreadChecker_stopOnIssue" = 0;   "param_diag_MallocStackLogging_enableDuringAttach" = 0;   "param_diag_MallocStackLogging_enableForXPC" = 1;   "param_diag_allowLocationSimulation" = 1;   "param_diag_checker_tpc_enable" = 1;   "param_diag_gpu_frameCapture_enable" = 0;   "param_diag_gpu_shaderValidation_enable" = 0;   "param_diag_gpu_validation_enable" = 0;   "param_diag_memoryGraphOnResourceException" = 0;   "param_diag_queueDebugging_enable" = 1;   "param_diag_runtimeProfile_generate" = 0;   "param_diag_sanitizer_asan_enable" = 0;   "param_diag_sanitizer_tsan_enable" = 0;   "param_diag_sanitizer_tsan_stopOnIssue" = 0;   "param_diag_sanitizer_ubsan_stopOnIssue" = 0;   "param_diag_showNonLocalizedStrings" = 0;   "param_diag_viewDebugging_enabled" = 1;   "param_diag_viewDebugging_insertDylibOnLaunch" = 1;   "param_install_style" = 0;   "param_launcher_UID" = 2;   "param_launcher_allowDeviceSensorReplayData" = 0;   "param_launcher_kind" = 0;   "param_launcher_style" = 0;   "param_launcher_substyle" = 0;   "param_runnable_appExtensionHostRunMode" = 0;   "param_runnable_productType" = "com.apple.product-type.application";   "param_runnable_type" = 2;   "param_testing_launchedForTesting" = 0;   "param_testing_suppressSimulatorApp" = 0;   "param_testing_usingCLI" = 0;   "sdk_canonicalName" = "iphoneos16.0";   "sdk_osVersion" = "16.0";   "sdk_variant" = iphoneos; } --
Posted Last updated
.
Post not yet marked as solved
1 Replies
193 Views
Hello, i am bill I have a question. develop lanuage : node.js + electron.js ide : vscode, xcode altools i tried my app notarize. but it returned error message. "message": "The binary is not signed.", "message": "The signature does not include a secure timestamp.", "message": "The executable does not have the hardened runtime enabled.",
Posted Last updated
.
Post marked as solved
3 Replies
247 Views
We are creating a universal build of our application for the Mac App Store by merging separate x86_64 and arm64 bundles using a script. Codesign verification fails for some dylibs if they are signed after merging: % lipo -create x86_64/test.dylib arm64/test.dylib -o universal/test.dylib % codesign -s *** -f --timestamp universal/test.dylib % codesign --verify --verbose=2 universal/test.dylib test.dylib: invalid Info.plist (plist or signature have been modified) It seems verification fails for only those dylibs that have an Info.plist embedded in them. We were able to work around this issue by signing the individual dylibs before merging, but now AppStore verification is failing with the following error: ITMS-90336: Mismatched Embedded Info.plist: The executable 'test.dylib' has mismatched embedded Info.plists. This could be due to the use of 3rd party build tools. Does this mean that the __info_plist section in all the slices in the universal binary should be exactly the same (bitwise)? Some of these are third-party binaries and we don't know whether they were created using third-party build tools.
Posted Last updated
.