General: Forums topic: Code Signing Forums subtopics: Code Signing > General, Code Signing > Certificates, Identifiers & Profiles, Code Signing > Notarization, Code Signing > Entitlements Forums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Bundle Resources > Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to the other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained forums post --deep Considered Harmful forums post Don’t Run App Store Distribution-Signed Code forums post Resolving errSecInternalComponent errors during code signing forums post Finding a Capability’s Distribution Restrictions forums post Signing code with a hardware-based code-signing identity forums post New Capabilities Request Tab in Certificates, Identifiers & Profiles forums post Isolating Code Signing Problems from Build Problems forums post Investigating Third-Party IDE Code-Signing Problems forums post Determining if an entitlement is real forums post Code Signing Identifiers Explained forums post Mac code signing: Forums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding nonstandard code structures in a bundle documentation Embedding a command-line tool in a sandboxed app documentation Signing a daemon with a restricted entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example forums post The Care and Feeding of Developer ID forums post TestFlight, Provisioning Profiles, and the Mac App Store forums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I've recently updated one of our CI mac mini's to Sequoia in preparation for the transition to Tahoe later this year. Most things seemed to work just fine, however I see this dialog whenever the UI Tests try to run. This application BoostBrowerUITest-Runner is auto-generated by Xcode to launch your application and then run your UI Tests. We do not have any control over it, which is why this is most surprising. I've checked the codesigning identity with codesign -d -vvvv as well as looked at it's Info.plist and indeed the usage descriptions for everything are present (again, this is autogenerated, so I'm not surprised, but just wanted to confirm the string from the dialog was coming from this app) <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>BuildMachineOSBuild</key> <string>22A380021</string> <key>CFBundleAllowMixedLocalizations</key> <true/> <key>CFBundleDevelopmentRegion</key> <string>en</string> <key>CFBundleExecutable</key> <string>BoostBrowserUITests-Runner</string> <key>CFBundleIdentifier</key> <string>company.thebrowser.Browser2UITests.xctrunner</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>BoostBrowserUITests-Runner</string> <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> <string>1.0</string> <key>CFBundleSignature</key> <string>????</string> <key>CFBundleSupportedPlatforms</key> <array> <string>MacOSX</string> </array> <key>CFBundleVersion</key> <string>1</string> <key>DTCompiler</key> <string>com.apple.compilers.llvm.clang.1_0</string> <key>DTPlatformBuild</key> <string>24A324</string> <key>DTPlatformName</key> <string>macosx</string> <key>DTPlatformVersion</key> <string>15.0</string> <key>DTSDKBuild</key> <string>24A324</string> <key>DTSDKName</key> <string>macosx15.0.internal</string> <key>DTXcode</key> <string>1620</string> <key>DTXcodeBuild</key> <string>16C5031c</string> <key>LSBackgroundOnly</key> <true/> <key>LSMinimumSystemVersion</key> <string>13.0</string> <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict> <key>NSAppleEventsUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSBluetoothAlwaysUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSCalendarsUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSCameraUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSContactsUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSDesktopFolderUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSDocumentsFolderUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSDownloadsFolderUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSFileProviderDomainUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSFileProviderPresenceUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSLocalNetworkUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSLocationUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSMicrophoneUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSMotionUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSNetworkVolumesUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSPhotoLibraryUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSRemindersUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSRemovableVolumesUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSSpeechRecognitionUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSSystemAdministrationUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>NSSystemExtensionUsageDescription</key> <string>Access is necessary for automated testing.</string> <key>OSBundleUsageDescription</key> <string>Access is necessary for automated testing.</string> </dict> </plist> Additionally, spctl --assess --type execute BoostBrowserUITests-Runner.app return an exit code of 0 so I assume that means it can launch just fine, and applications are allowed to be run from "anywhere" in System Settings. I've found the XCUIProtectedResource.localNetwork value, but it seems to only be accessible on iOS for some reason (FB17829325). I'm trying to figure out why this is happening on this machine so I can either fix our code or fix the machine. I have an Apple script that will allow it, but it's fiddly and I'd prefer to fix this the correct way either with the machine or with fixing our testing code.

I’m building a macOS app with a DNS Proxy system extension for Developer ID + notarization, deployed via MDM, and Xcode fails the Developer ID Release build with a provisioning profile mismatch for com.apple.developer.networking.networkextension. Environment macOS: Sequoia (15.7.2) Xcode: 26.2 Distribution: Developer ID + notarization, deployed via MDM Host bundle ID: com.mydns.agent.MyDNSMacProxy DNS Proxy system extension bundle ID: com.mydns.agent.MyDNSMacProxy.dnsProxy Host entitlements (Release): File: MyDNSMacProxy/MyDNSMacProxyRelease.entitlements: "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>B234657989.com.mydns.agent.MyDNSMacProxy</string> <key>com.apple.developer.networking.networkextension</key> <array> <string>dns-proxy</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.team-identifier</key> <string>B234657989</string> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>group.com.mydns.MyDNSmac</string> </array> <key>keychain-access-groups</key> <array> <string>B234657989.*</string> </array> </dict> </plist> xcodebuild -showBuildSettings -scheme MyDNSMacProxy -configuration Release : PROVISIONING_PROFILE_SPECIFIER = main MyDNSMacProxy5 CODE_SIGN_IDENTITY = Developer ID Application Host Developer ID profile main_MyDNSMacProxy5.provisionprofile (via security cms -D): "Entitlements" => { "com.apple.application-identifier" => "B234657989.com.mydns.agent.MyDNSMacProxy" "com.apple.developer.team-identifier" => "B234657989" "com.apple.security.application-groups" => [ "group.com.mydns.MyDNSmac", ..., "B234657989.*" ] "keychain-access-groups" => [ "B234657989.*" ] "com.apple.developer.system-extension.install" => 1 "com.apple.developer.networking.networkextension" => [ "packet-tunnel-provider-systemextension", "app-proxy-provider-systemextension", "content-filter-provider-systemextension", "dns-proxy-systemextension", "dns-settings", "relay", "url-filter-provider", "hotspot-provider" ] } So: App ID, team ID, keychain and system‑extension.install match. The profile’s com.apple.developer.networking.networkextension is a superset of what I request in the host entitlements (dns-proxy only). System extension (for context) DNS Proxy system extension target: NSExtensionPointIdentifier = com.apple.dns-proxy NetworkExtension → NEProviderClasses → com.apple.networkextension.dns-proxy → my provider class Entitlements: com.apple.developer.networking.networkextension = ["dns-proxy-systemextension"] This target uses a separate Developer ID profile and builds successfully. Xcode error Release build of the host fails with: …MyDNSMacProxy.xcodeproj: error: Provisioning profile "main MyDNSMacProxy5" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. (in target 'MyDNSMacProxy' from project 'MyDNSMacProxy') Xcode UI also says: Entitlements: 6 Included, 1 Missing Includes com.apple.developer.team-identifier, com.apple.application-identifier, keychain-access-groups, com.apple.developer.system-extension.install, and com.apple.security.application-groups. Doesn’t match entitlements file value for com.apple.developer.networking.networkextension. Because of this, the app bundle isn’t produced and I can’t inspect the final signed entitlements. Questions: For com.apple.developer.networking.networkextension, should Xcode accept a subset of values in the entitlements (here just dns-proxy) as long as that value is allowed by the Developer ID profile, or does it currently require a stricter match? Is the following configuration valid for Developer ID + MDM with a DNS Proxy system extension: Host entitlements: ["dns-proxy"] System extension entitlements: ["dns-proxy-systemextension"] Host profile’s NE array includes the DNS Proxy system extension types. If this is a known limitation or bug in how Xcode validates NE entitlements for Developer ID, is there a recommended workaround? Thanks for any guidance.

When completing signing on Xcode, it shows the following error message "No certificate for team '' matching 'Developer ID Application' found" I have already followed the steps to generate a certificate from keychain and made a new certificate on developer portal, along with its associated provisioning profile. Viewing "Manage Certificate" window shows the newly created certificate, but Xcode seems to not be able to locate it.

iOS app crashes on launch after updating and adding push notifications, but no crash logs are received; however, it works fine after restart. What could be the reason? launch failed, RBSProcessExitContext voluntary

I'm attempting to use Cloud Signing to export the Release version of 3 different apps for App Store, as described in https://developer.apple.com/videos/play/wwdc2021/10204/ The process completes successfully, and appears to be signed correctly, with a newly-created certificate in the developer portal of type "Distribution Managed". When I upload to App Store Connect however, I see the following error for several third-party Swift packages, distributed as frameworks: Validation failed (409) Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “MyApp.app/Frameworks/MyFramework.framework/MyFramework” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing. If I have a manually created Distribution certificate installed in the keychain at the point of export, the same archive is signed with that certificate, and is accepted by App Store Connect without issue. The xcodebuild command I am using (roughly): xcodebuild -exportArchive \ -archivePath "$ARCHIVE_PATH" \ -exportPath "$EXPORT_PATH" \ -exportOptionsPlist "$EXPORT_OPTIONS" \ -authenticationKeyPath "$API_KEY" \ -authenticationKeyID "$API_KEY_ID" \ -authenticationKeyIssuerID "$API_KEY_ISSUER" \ -allowProvisioningUpdates The plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "<http://www.apple.com/DTDs/PropertyList-1.0.dtd>"> <plist version="1.0"> <dict> <key>method</key> <string>app-store-connect</string> <key>teamID</key> <string>$TEAM</string> <key>uploadSymbols</key> <true/> <key>signingStyle</key> <string>automatic</string> </dict> </plist> Is what I’m trying to do supported? Is this a bug?

Notarization submission has been stuck in "In Progress" status for over 15 hours with no resolution. Hi there, I am trying to roll out distribution to paid users who are unable to receive anything from me for quite some time now, and I've read that notarization is quick. But I've found myself to be under quite a delay. Wondering if I could please get some help. Submission Details: ID: e3dff14c-16ab-41a7-a81c-0d1774c66588 Submitted: 2026-02-08T16:42:07.377Z File: Resonant-0.1.0-arm64.dmg (~200MB) Status: In Progress (stuck) Evidence: Upload completed successfully within minutes Delay is entirely server-side processing Same app structure notarized successfully on Feb 5 (submission f5f4c241) Multiple other submissions stuck since Feb 5 (see history below) Stuck Submissions (all "In Progress" for days): e3dff14c (Feb 8, 16:42 UTC) - 15+ hours 3e6bdcb5 (Feb 8, 16:11 UTC) - 16+ hours 37fd1b9f (Feb 8, 12:53 UTC) - 20+ hours f21a1d9b (Feb 8, 12:31 UTC) - 20+ hours (different app, Clippa.zip) 417244e8 (Feb 8, 06:18 UTC) - 26+ hours 891f370f (Feb 7, 11:44 UTC) - 2+ days 1debba51 (Feb 7, 05:44 UTC) - 2+ days 6a06b87f (Feb 6, 14:16 UTC) - 3+ days 9867261c (Feb 6, 13:44 UTC) - 3+ days 1a7c3967 (Feb 6, 12:58 UTC) - 3+ days Last Successful Notarization: f5f4c241 (Feb 5, 18:24 UTC) - Accepted in normal timeframe Impact: Unable to distribute production release. This is blocking critical bug fixes from reaching users. Expected Behavior: Notarization should complete within 2-10 minutes as documented and as experienced prior to Feb 5. Request: Please investigate why submissions are not being processed and either: Clear the backlog and process pending submissions Provide guidance on how to proceed with distribution

I'm submitting my first macOS app (a native SwiftUI menu bar app, signed with Developer ID Application certificate, Hardened Runtime enabled) for notarization using xcrun notarytool submit with keychain profile authentication. All 9 of my submissions have been stuck at "In Progress" for up to 16 hours. None have transitioned to "Accepted" or "Invalid." Logs are unavailable for all of them (notarytool log returns "Submission log is not yet available"). Environment macOS: 26.2 (25C56) Xcode: 26.1.1 (17B100) notarytool: 1.1.0 (39) App: Native SwiftUI, universal binary (x86_64 + arm64), ~2.2 MB DMG Bundle ID: com.gro.ask Team ID: 4KT56S2BX6 What I've verified Code signing is valid: $ codesign --verify --deep --strict GroAsk.app passes with no errors $ codesign -dvvv GroAsk.app Authority=Developer ID Application: Jack Wu (4KT56S2BX6) Authority=Developer ID Certification Authority Authority=Apple Root CA CodeDirectory flags=0x10000(runtime) # Hardened Runtime enabled Runtime Version=26.1.0 Format=app bundle with Mach-O universal (x86_64 arm64) Entitlements are minimal: com.apple.security.app-sandbox com.apple.security.network.client Uploads succeed — each submission receives a valid submission ID and the file uploads to Apple's servers without error. Submission history Created (UTC): 04:40 ID: eeb12389-... File: GroAsk-1.6.0.dmg Status: Invalid (Hardened Runtime missing — since fixed) ──────────────────────────────────────── Created (UTC): 04:42 ID: 6e537a32-... File: GroAsk-1.6.0.dmg Status: In Progress (16+ hrs) ──────────────────────────────────────── Created (UTC): 07:52 ID: 5ee41736-... File: GroAsk-1.6.0.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 08:19 ID: f5c6b9a5-... File: GroAsk-1.6.0.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 08:27 ID: 0f1c8333-... File: GroAsk-1.6.0.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 08:29 ID: 77fd9cd4-... File: GroAsk-1.6.0.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 08:51 ID: db9da93e-... File: GroAsk-1.6.1.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 09:05 ID: 3c43c09f-... File: GroAsk.zip Status: In Progress ──────────────────────────────────────── Created (UTC): 12:01 ID: b2267a74-... File: GroAsk-1.6.3.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 12:15 ID: ae41e45c-... File: GroAsk.zip Status: In Progress The very first submission (eeb12389) came back as Invalid within minutes because Hardened Runtime wasn't enabled on the binary. I fixed the build configuration and confirmed flags=0x10000(runtime) is present on all subsequent builds. However, every submission after that fix has been stuck at "In Progress" with no state transition. What I've tried Submitting both .dmg and .zip formats — same result Verified notarytool log — returns "Submission log is not yet available" for all stuck submissions Apple Developer System Status page shows the Notary Service as "Available" I've also emailed Apple Developer Support but have not received a response yet Questions Is this the expected behavior for a first-time notarization account? I've seen other threads mentioning that new accounts may be held for "in-depth analysis," but 16+ hours with zero feedback seems excessive. 2. Is there any manual configuration Apple needs to do on their end to unblock my team for notarization? 3. Should I stop submitting and wait, or is there something else I can try? Any guidance from DTS would be greatly appreciated. This is blocking the release of my app.

I have been trying to package a FileMaker 18 runtime app* for Mac distribution for - oh - a year and a half on and off (the Windows version was packaged in an afternoon). I succeeded - or thought I had - until I updated to Tahoe. Now my packaging process does everything it did formerly (creates the DMG, etc.), but when opened, fails to see/load a third-party plugin (BaseElements.fmplugin). Does anyone know why this should be? I have attached 4 of my build files in the hope that someone can point me in the right direction. Thanks in advance for any advice you may provide. Regards, L *Claris deprecated the runtime feature years ago, but it still runs and is useful for proof of concept. P.S. A contributor to an earlier query kindly suggested I go down the zip file or pkg installer route, rather than the DMG route. I tried doing as much but found both as susceptible to Mac spaghetti signage. build_all.txt repair_and_sign.txt build_dmg.txt notarize_dmg.txt

Hello, We're developing endpoint security software using the Endpoint Security framework, and we've encountered challenges with the behavior change in macOS 15 regarding provisioning UDIDs in cloned VMs. The Change Prior to macOS 15, cloning a VM preserved its UDID (format: 0000FE00-9C4ED9F68BBDC72D). Starting with macOS 15, cloned VMs receive a new UDID generated from the host's Secure Enclave (format: b043d27202c7ac37ca3c6b82673302225485cae9), making each clone effectively a new device. Our Workflow We maintain a clean base VM image and clone it for each test run. We add the base VM's UDID to our provisioning profile once, then create clones which (previously) retained that same UDID, allowing us to start new testing cycles without re-registering devices. This is essential because our product involves low-level system integration through the Endpoint Security framework, and if something goes wrong during development, it has the potential to affect system stability. To prevent any cascading issues between test runs or different product versions, we need each test to start from a known clean state rather than reusing the same VM. The Challenge With each VM clone generating a new UDID, we're hitting Apple's device registration limits quickly. This particularly impacts: New team members who spin up VMs for the first time and can't run signed builds Our CI/CD pipeline where multiple test environments need provisioning profiles Developers testing different branches who need separate clean environments Current Workaround We've found that VMs created on macOS 14 and upgraded to macOS 15+ retain their original UDID format. However, we're concerned this workaround may stop working in future macOS versions, which would leave us without a viable path forward. If the workaround stops working, our fallback would be signing each CI build with a Developer ID signature to allow running on any device. However, we'd prefer to avoid this as it would significantly increase load on Apple's signing infrastructure for what are essentially internal test builds. We completely understand the security reasoning behind tying UDIDs to the host's Secure Enclave for Apple Account support. However, for development workflows that don't require Apple Account features in VMs but do require clean, isolated test environments, the previous behavior was quite valuable. Question Is there a recommended approach for teams in our situation? We're happy to explore alternative workflows if there's a pattern we're missing, or we'd be glad to provide more context if this is a use case Apple is considering for future updates. Thanks for any guidance you can provide! Feedback case: FB21389730

Hi, we are sending MacOS apps packaged in a ZIP archive or DMG disk image to the Notary Service. Before we send the app for notarization, we check the code signature via command codesign -vvv --deep --strict /path/to/app_or_bundle The result is positive and it does not provide any gaps. (And yes, we are following the inside out code signing approach, mentioned at Using the codesign Tool's --deep Option Correctly) Unfortunately, the result of the Notary service provided that one file has no signature, which was not detected by the signature verification command. The path of the binary was in <app_name>.app.zip/<app_name>.app/Contents/Resources/inst/<binary> How I can be verify like a the Notary service does it on our side? Best regards, Stefan

Hello, We are currently using Apple Notarization (notarytool) for distributing a macOS app, and we are experiencing very long notarization times for large app bundles. [Issue] For apps with large binary sizes, notarization consistently takes around 3.5 to 4.5 hours from submission to completion. This delay is causing practical issues in our release pipeline, especially when: A hotfix or urgent update is required Multiple builds must be notarized in a short time CI/CD-based distribution is expected to complete within a predictable timeframe [Environment] Platform: macOS Notarization method: notarytool Distribution: Outside Mac App Store App size: 100 GB~ (compressed ZIP) Signing: Hardened Runtime enabled, codesigned correctly Submission status: Successfully accepted, but processing time is very long [What we have confirmed] The notarization eventually succeeds (no failures) Re-submitting the same build shows similar processing times Network upload itself completes normally; the delay is in Apple-side processing Smaller apps complete notarization much faster [Questions] Is a 3–4+ hour notarization time expected behavior for large macOS apps? Are there recommended best practices to reduce notarization processing time for large binaries? For example, splitting components, adjusting packaging, or specific signing strategies Is there any official guidance or limitation regarding notarization queueing or processing based on app size? Are there known service-side delays or regional differences that could affect processing time? Any insight or confirmation would be greatly appreciated, as this directly impacts our production release workflow. Thank you.

Hi, We're having problems starting an Ad Hoc ipa on an iPad with iOS 12.7.7 and 12.7.8. The iPad's UUID has been added to the provisioning profile. The iPad that we are trying to start the app on is online, so Apple's certificate validation server should be reachable. We don't have any problems with iOS versions above iOS 12. The .ipa was built using the latest version of Xcode (26.2, build 17C52). Here is the anonymised and reduced console log (only the app launch / bootstrap part): default 07:29:35.683108+0100 SpringBoard Icon touch began: <private> default 07:29:35.752640+0100 SpringBoard Icon tapped: <private> default 07:29:35.768538+0100 trustd cert[0]: SubjectCommonName =(leaf)[]> 0 default 07:29:35.791500+0100 SpringBoard Trust evaluate failure: [leaf IssuerCommonName LeafMarkerOid SubjectCommonName] default 07:29:35.793654+0100 trustd cert[0]: IssuerCommonName =(path)[]> 0 default 07:29:36.043497+0100 assertiond Submitting new job for "<APP_BUNDLE_ID>" on behalf of SpringBoard (pid: 48) default 07:29:36.044393+0100 SpringBoard Bootstrapping <APP_BUNDLE_ID> with intent foreground-interactive error 07:29:36.045124+0100 SpringBoard [<APP_BUNDLE_ID>] Bootstrap failed with error: domain: BKSProcessErrorDomain, code: 1 (bootstrap-failed), reason: "Failed to start job" error 07:29:36.045214+0100 SpringBoard Bootstrapping failed for <APP_BUNDLE_ID> (pid: -1): Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID <APP_BUNDLE_ID>" NSLocalizedFailureReason=Failed to start job NSUnderlyingError=NSPOSIXErrorDomain Code=3 "No such process" BKLaunchdOperation=launch_get_running_pid_4SB BKLaunchdJobLabel=<LAUNCHD_JOB_LABEL> BKSProcessJobLabel=<LAUNCHD_JOB_LABEL> default 07:29:36.046078+0100 assertiond Submitted job with label: <LAUNCHD_JOB_LABEL> default 07:29:36.046442+0100 assertiond Unable to get pid for '<LAUNCHD_JOB_LABEL>': No such process (3) error 07:29:36.046542+0100 assertiond Failed to start job: NSPOSIXErrorDomain Code=3 "No such process" default 07:29:36.046607+0100 assertiond Deleted job with label: <LAUNCHD_JOB_LABEL> default 07:29:36.081068+0100 SpringBoard Application process state changed for <APP_BUNDLE_ID>: pid: -1; taskState: Not Running

Hi, We're having problems starting an Ad Hoc ipa on an iPad with iOS 12.7.7 and 12.7.8, probably iOS 12 in general. The iPad's UUID is added to the certificate. And we don't have problems with iOS versions > iOS 12. Here is the anonymized Console Log: default 09:05:12.088994+0100 SpringBoard immediate edge swipe: failed default 09:05:12.095189+0100 SpringBoard Icon touch began: <private> default 09:05:12.096204+0100 SpringBoard Found a reasonable launch image for <private>, not pre-warming SplashBoard. Load image into the snapshot instance. default 09:05:12.117737+0100 powerd Activity changes from 0x2 to 0x1. UseActiveState:1 default 09:05:12.118572+0100 powerd hidActive:1 displayOff:0 assertionActivityValid:0 now:0xcb6 hid_ts:0xcb6 assertion_ts:0x0 default 09:05:12.145354+0100 backboardd [HID] [MT] dispatchEvent Dispatching event with 1 children, _eventMask=0x23 _childEventMask=0x3 Cancel=0 Touching=0 inRange=0 default 09:05:12.152820+0100 SpringBoard Icon tapped: <private> default 09:05:12.158236+0100 dasd Trigger: <private> is now [1] default 09:05:12.159538+0100 dasd Don't have <private> for type 1 default 09:05:12.170128+0100 trustd cert[0]: SubjectCommonName =(leaf)[]> 0 default 09:05:12.170407+0100 trustd cert[0]: LeafMarkerOid =(leaf)[]> 0 default 09:05:12.182388+0100 trustd OCSPSingleResponse: nextUpdate 0.54 days ago default 09:05:12.186084+0100 trustd OCSPSingleResponse: nextUpdate 0.62 days ago default 09:05:12.187067+0100 SpringBoard Trust evaluate failure: [leaf IssuerCommonName LeafMarkerOid SubjectCommonName] default 09:05:12.238604+0100 trustd Task <TASK_UUID_REDACTED_1>.<1> resuming, QOS(0x19) default 09:05:12.240650+0100 trustd TIC TCP Conn Start [12:0xADDR_REDACTED] default 09:05:12.241136+0100 trustd [C12 Hostname#HASH_REDACTED:80 tcp, pid: PID_REDACTED, url hash: HASH_REDACTED] start default 09:05:12.245884+0100 trustd TIC TCP Conn Start [13:0xADDR_REDACTED] default 09:05:12.246361+0100 trustd [C13 Hostname#HASH_REDACTED:80 tcp, pid: PID_REDACTED, url hash: HASH_REDACTED] start default 09:05:12.256520+0100 trustd nw_connection_report_state_with_handler_locked [C12] reporting state failed error Network is down error 09:05:12.256978+0100 trustd TIC TCP Conn Failed [12:0xADDR_REDACTED]: 1:50 Err(50) error 09:05:12.262697+0100 trustd Task <TASK_UUID_REDACTED_1>.<1> HTTP load failed (error code: -1009 [1:50]) error 09:05:12.271646+0100 trustd Task <TASK_UUID_REDACTED_1>.<1> load failed with error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." default 09:05:12.271898+0100 trustd Failed to download ocsp response http://ocsp.apple.com/ocsp03-wwdrg311/... with error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." default 09:05:12.280643+0100 SpringBoard Activating <private> from icon default 09:05:12.281399+0100 CommCenter #I CTServerConnection from pid PID_REDACTED has closed (conn=0xADDR_REDACTED) default 09:05:12.513629+0100 SpringBoard Bootstrapping com.example.myapp with intent foreground-interactive default 09:05:12.514084+0100 assertiond Submitting new job for "com.example.myapp" on behalf of <BKProcess: 0xADDR_REDACTED; SpringBoard; com.apple.springboard; pid: PID_REDACTED; ...> default 09:05:12.514909+0100 assertiond Submitted job with label: UIKitApplication:com.example.myapp[REDACTED][REDACTED] error 09:05:12.516769+0100 SpringBoard [com.example.myapp] Bootstrap failed with error: <NSError: 0xADDR_REDACTED; domain: BKSProcessErrorDomain; code: 1 (bootstrap-failed); reason: "Failed to start job"> error 09:05:12.516935+0100 SpringBoard Bootstrapping failed for <FBApplicationProcess: 0xADDR_REDACTED; com.example.myapp; pid: -1> with error: Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID com.example.myapp" default 09:05:12.517589+0100 SpringBoard <FBApplicationProcess: 0xADDR_REDACTED; com.example.myapp; pid: -1> exited. default 09:05:12.542638+0100 SpringBoard Application process state changed for com.example.myapp: <SBApplicationProcessState: 0xADDR_REDACTED; pid: -1; taskState: Not Running; visibility: Unknown> default 09:05:13.072994+0100 SpringBoard Front display did change: <SBApplication: 0xADDR_REDACTED; com.example.myapp> Is there any know problem with running Ad Hoc ipas on iOS 12? Thanks Christian

Hey folks, Looking for some assistance with using an API key with xcodebuild commands to archive/export builds on our Enterprise developer account. The goal here is to allow Xcode to completely manage signing/certificates with our cloud distribution certificate, since these builds are happening in CI and we don't want to be manually handling user sessions/certificates on these machines. This is working great with our App Store account, but with our Enterprise account we're getting errors both archiving and exporting the builds. Here's an example of an export command that is giving errors: xcodebuild -exportArchive -exportOptionsPlist /path/to/exportOptions.plist -archivePath /path/to/archive.xcarchive -exportPath /path/to/export -authenticationKeyID *** -authenticationKeyIssuerID *** -authenticationKeyPath /path/to/key.p8 -allowProvisioningUpdates I've put some example values there, but we've double/triple checked the real values when this is actually running. These are the errors we're getting: 2026-02-02 12:30:04.022 xcodebuild[59722:1854348] DVTServices: Received response for 0794248F-E534-474D-ABBF-40C1375B6590 @ <https://appstoreconnect.apple.com/xcbuild/QH65B2/listTeams.action?clientId=XABBG36SBA>. Error = Error Domain=DVTPortalResponseErrorDomain Code=0 "Communication with Apple failed" UserInfo={NSLocalizedDescription=Communication with Apple failed, NSLocalizedRecoverySuggestion=A non-HTTP 200 response was received (401) for URL https://appstoreconnect.apple.com/xcbuild/QH65B2/listTeams.action?clientId=XABBG36SBA} 2026-02-02 12:30:04.173 xcodebuild[59722:1854348] DVTServices: Received response for 1D51FCD1-1876-4881-BE89-DD44E78EA776 @ <https://appstoreconnect.apple.com/xcbuild/QH65B2/listTeams.action?clientId=XABBG36SBA>. Error = Error Domain=DVTPortalResponseErrorDomain Code=0 "Communication with Apple failed" UserInfo={NSLocalizedDescription=Communication with Apple failed, NSLocalizedRecoverySuggestion=A non-HTTP 200 response was received (401) for URL https://appstoreconnect.apple.com/xcbuild/QH65B2/listTeams.action?clientId=XABBG36SBA} 2026-02-02 12:30:04.322 xcodebuild[59722:1854344] DVTServices: Received response for 25D7983F-1153-47C9-AE8A-03A8D10B6453 @ <https://appstoreconnect.apple.com/xcbuild/QH65B2/listTeams.action?clientId=XABBG36SBA>. Error = Error Domain=DVTPortalResponseErrorDomain Code=0 "Communication with Apple failed" UserInfo={NSLocalizedDescription=Communication with Apple failed, NSLocalizedRecoverySuggestion=A non-HTTP 200 response was received (401) for URL https://appstoreconnect.apple.com/xcbuild/QH65B2/listTeams.action?clientId=XABBG36SBA} 2026-02-02 12:30:04.483 xcodebuild[59722:1854344] DVTServices: Received response for 8A56C98B-E786-4878-856F-4D7E3D381DEA @ <https://appstoreconnect.apple.com/xcbuild/QH65B2/listTeams.action?clientId=XABBG36SBA>. Error = Error Domain=DVTPortalResponseErrorDomain Code=0 "Communication with Apple failed" UserInfo={NSLocalizedDescription=Communication with Apple failed, NSLocalizedRecoverySuggestion=A non-HTTP 200 response was received (401) for URL https://appstoreconnect.apple.com/xcbuild/QH65B2/listTeams.action?clientId=XABBG36SBA} error: exportArchive Communication with Apple failed error: exportArchive No signing certificate "iOS Distribution" found We get very similar errors when archiving as well. Are we doing something incorrect here? Is API key usage with xcodebuild not supported for Enterprise builds? Appreciate any help y'all can provide!

Hi there, When I deploy my app to the iPhone for testing, I get the following error: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.4gpZFc/extracted/c_mll.app : 0xe8008018 (The identity used to sign the Please ensure that the certificates used to sign your app have not expired. If this issue persists, please attach an IPA of your app when sending a report to Apple. executable is no longer valid.) My account was mistakenly deactivated by Apple last month. After appealing, Apple restored it at the end of last month. Currently, my Apple Developer account seems to be working fine. Today, I recreated the developer certificate and identifier, added the account in XCode, everything seemed fine, and I clicked the XCode button (Start the active scheme). The build was successful, but I got the error: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.4gpZFc/extracted/c_mll.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Both my certificate and identifier were created just a few hours ago and show no issues. Before my account was deactivated, everything was working fine. I used a regular non-Apple developer account in XCode and performed the same steps, and it worked fine. I looked at relevant posts on the forum and tried the suggestions, but none of them solved my problem.

Hi, I am reaching out to seek assistance with a persistent code signing issue that is preventing our team from installing our iOS app, "Scoopz" (https://apps.apple.com/us/app/scoopz-real-life-real-video/id6449206831) on physical devices. We suspect there may be an issue with our Apple Developer account, as we have exhausted all standard troubleshooting steps without success. Below, I’ve provided details about the issue, the error logs, and the steps we’ve taken. Issue Description: When attempting to install the app on an iPhone using Xcode, we encounter the following error: Unable to Install “Scoopz: Debug” Domain: IXUserPresentableErrorDomain Code: 14 Recovery Suggestion: Failed to verify code signature of /[REDACTED_PATH]/OurApp.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) The app builds successfully to the iOS Simulator and can be released to the App Store without issues, but it fails to debug on physical devices. Steps Taken: Our team has attempted the following troubleshooting steps without resolving the issue: Verified that our Apple Developer account is active and our team membership is valid. Checked certificates in Keychain Access and the Apple Developer Portal, ensuring they are not expired or revoked. We created and installed new Apple Development certificates. Confirmed that the provisioning profile includes the target device’s UDID, is associated with a valid certificate, and is not expired. We regenerated and reinstalled the profile. We tried both xcode managed and manually installed profiles. Cleaned the Xcode build folder, deleted the app from the device, and rebuilt the project. Despite these efforts, the issue persists across our entire development team, leading us to believe there may be a problem with our Apple Developer account or its associated certificates/profiles. Request for Assistance: We kindly request your help to: Investigate any potential issues with our Apple Developer account that could be causing this code signing error. Verify the status of our certificates and provisioning profiles on Apple’s servers. Provide guidance on any additional steps or configurations needed to resolve the error. If necessary, suggest how we can escalate this issue for further investigation. Full error log: Unable to Install “Scoopz: Debug” Domain: IXUserPresentableErrorDomain Code: 14 Recovery Suggestion: Failed to verify code signature of /[REDACTED_PATH]/OurApp.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Please ensure that the certificates used to sign your app have not expired. If this issue persists, please attach an IPA of your app when sending a report to Apple. User Info: { DVTErrorCreationDateKey = "2025-08-20 23:50:11 +0000"; IDERunOperationFailingWorker = IDEInstallCoreDeviceWorker; } Failed to install the app on the device. Domain: com.apple.dt.CoreDeviceError Code: 3002 User Info: { *** } Unable to Install “Scoopz: Debug” Domain: IXUserPresentableErrorDomain Code: 14 Failure Reason: This app cannot be installed because its integrity could not be verified. Recovery Suggestion: Failed to verify code signature of /[REDACTED_PATH]/OurApp.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Failed to verify code signature of /[REDACTED_PATH]/OurApp.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Domain: MIInstallerErrorDomain Code: 13 User Info: { FunctionName = "+[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]"; LegacyErrorString = ApplicationVerificationFailed; LibMISErrorNumber = "-402620392"; SourceFileLine = 78; } Event Metadata: com.apple.dt.IDERunOperationWorkerFinished : { "device_identifier" = "-*********"; "device_isCoreDevice" = 1; "device_model" = "iPhone16,2"; "device_osBuild" = "17.1 (21B80)"; "device_platform" = "com.apple.platform.iphoneos"; "device_thinningType" = "iPhone16,2"; "dvt_coredevice_version" = "397.21"; "dvt_coresimulator_version" = 987; "dvt_mobiledevice_version" = "1784.101.1"; "launchSession_schemeCommand" = Run; "launchSession_state" = 1; "launchSession_targetArch" = arm64; "operation_duration_ms" = 4926; "operation_errorCode" = 14; "operation_errorDomain" = IXUserPresentableErrorDomain; "operation_errorWorker" = IDEInstallCoreDeviceWorker; "operation_name" = IDERunOperationWorkerGroup; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 1; "param_debugger_type" = 3; "param_destination_isProxy" = 0; "param_destination_platform" = "com.apple.platform.iphoneos"; "param_diag_113575882_enable" = 0; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_tpc_enable" = 1; "param_diag_gpu_frameCapture_enable" = 0; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 0; "param_diag_guardMalloc_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_mtc_enable" = 1; "param_diag_queueDebugging_enable" = 1; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_enable" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 2; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 99; "param_launcher_substyle" = 0; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = "com.apple.product-type.application"; "param_structuredConsoleMode" = 1; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "iphoneos18.0"; "sdk_osVersion" = "18.0"; "sdk_variant" = iphoneos; } System Information macOS Version 15.4.1 (Build 24E263) Xcode 16.0 (23051) (Build 16A242d) Timestamp: 2025-08-20T16:50:11-07:00

i am creating a app on "appmysite" while it runs its build test an error message pops up saying build failed. "it seems your app build has encountered an issue. the certificate used to generate the uploaded provisioning profile does not match the uploaded certificate." I understand why its saying it because the uploaded certificate had to be uploaded as ".p12". The certificate in the provisioning profile is made of ".cert". I am using a apple mac book and a xenovo windows computer. Im simply trying to figure out how to put the ".p12" certificate into the provisioning profile? whenever i go to my developer account and try to create a new provisioning account with the new ".p12" certificate. The only options that pop up for me to select are only the certificates that are in ".cert" form. I've tried exporting through "key access" and they show up in my files but no way to transfer to my developer account to combine it with a provisioning account. Any help is greatly appreciated, this is literally the only thing keeping my app from being ready for submission to review. ive been stuck on this for 3 days.

My iOS app uses CloudKit key-value storage. I have not updated the app in a few years but it works fine. Since it was last updated, I transferred the app from an old organization to my personal developer account. Now that I'm working on the app again I get an error: Provisioning profile "iOS Team Provisioning Profile: com.company.app" doesn't match the entitlements file's value for the com.apple.developer.ubiquity-kvstore-identifier entitlement. In the entitlement file, it has $(TeamIdentifierPrefix)$(CFBundleIdentifier) as the value for iCloud Key-Value Store. I've verified the variables resolve as expected. When I parse the provisioning profile there is no entitlement value for key-value storage. What am I getting wrong?

I can't upload my macOS app to app store connect. Each time i try to upload, i see this message: Provisioning profile failed qualification Profile doesn't support App Groups. An empty app without an app group uploads fine, but if i add an app group to it, it does not upload.