Hi All, We use a small group of Mac mini units running VMs for our Apple CI system. Since you can't login to an Apple ID on an Apple Silicon VM we wanted to use an App Store Connect API token to handle all the authentication for us. In the past this has not worked but I wanted to see if it could now. The answer is no, you can not use an API token with Developer ID Cloud certificates. The reason is that, even on an Admin role token, the DevID certificates are not enabled by default. When you are using an Apple ID this is no big deal as you can check the box to allow access, but with tokens they are minted with only the default settings for the role. This means that the option for Access to Cloud Managed Developer ID Certificates is always disabled and you can't enable it. If we could continue logging in with an Apple ID we could stumble along with that still, but even this ability is gone on AS VMs. Right now this pretty much means that we either give up on using stateless VMs to build or we go back to manually managing all of our code signing materials. The longer term solution would be to move to Xcode Cloud, but that will take us quite some time. I filed FB13687073 to see if there is any way to create a token that can use this checkbox.

We use CocoaPods to manage third-party SDKs, so how should we sign and use these third-party SDKs

Hello, I am setting up a build (Gitlab CICD) runner. I create a keychain and imported certificate and my signing key. $ security find-identity -v XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)" (CSSMERR_TP_NOT_TRUSTED) 1 valid identities found $ security find-identity -p codesigning -v XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)" 1 valid identities found Codesign fails with unable to build chain to self-signed root for signer "Developer ID Application: XXXXXX, INC. (XXXXXX)" errSecInternalComponent On the local machine everything is fine. I think the point is that the identity is both valid and CSSMERR_TP_NOT_TRUSTED. What can I do about it?

The current structure of my SDK xcframework is XXXX-Release.xcframework. Inside that, I have an XXXX.xcframework and a LICENSE.md file. Currently, this structure works fine in Swift Package Manager, dropping the XXXX-Release.xcframework file into Xcode and CocoaPods. When I sign my xcframework as per Apple's requirements, I need to sign XXXX.xcframework, which is on the second level. Signing this works fine. Will this meet Apple's requirements for signing an xcframework? I just want to make sure the current structure of my SDK does not need to change. Thanks

Hi, we are working on an application which will perform scheduled backup tasks in macOS 14. The app has been granted full disk permission. Recently we updated the code signing for the executable (/Applications/MyApp.app/Contents/MacOS/MyApp below) for passing the new notarization. After that, we found launchctl unable to load the plist for the schedule job <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <key>Label</key> <string>com.MyApp.scheduler</string> <key>ProgramArguments</key> <array> <string>/Applications/MyApp.app/Contents/MacOS/MyApp</string> <string>/Applications/MyApp.app</string> </array> <key>RunAtLoad</key> <true/> <key>AbandonProcessGroup</key> <true/> <key>WorkingDirectory</key> <string>/Applications/MyApp.app/bin</string> </dict> </plist> Related error message found in /var/log/com.apple.xpc.launchd/launchd.log* 2023-12-13 13:59:34.639672 (system/com.MyApp.scheduler [13434]) <Notice>: internal event: SOURCE_ATTACH, code = 0 2023-12-13 13:59:34.644530 (system/com.MyApp.scheduler [13434]) <Error>: Service could not initialize: posix_spawn(/Applications/MyApp.app/Contents/MacOS/MyApp), error 0x1 - Operation not permitted 2023-12-13 13:59:34.644545 (system/com.MyApp.scheduler [13434]) <Error>: initialization failure: 23C64: xpcproxy + 38300 [1097][925DE4E7-0589-3B33-BB64-7BC2F8629897]: 0x1 2023-12-13 13:59:34.644548 (system/com.MyApp.scheduler [13434]) <Notice>: internal event: INIT, code = 1 2023-12-13 13:59:34.644915 (system/com.MyApp.scheduler [13434]) <Notice>: xpcproxy exited due to exit(78) We have tried to update the entitlements for library and main executable files while still not success on make it works again. We have no idea what else could do for troubleshooting this. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.debugger</key> <true/> <key>com.apple.application-identifier</key> <string>...</string> <key>com.apple.developer.team-identifier</key> <string>...</string> </dict> </plist> Appreciate for any suggestions. Thank you.

After confirming an order for an Apple Developer account, the bottom of the page says: Need some help? Chat now or call 1‑800‑MY‑APPLE. Question 1: Why make your developers translate from 1-800-MY-APPLE to a phone number manually? It would cost no more to say call 1-800-MY-APPLE or 1-800-555-5555 or whatever the translation is. It's just one example where Apple could provide a bit more information and make it better for the developers than they do. The whole Apple Developer enrollment / account / team / certification process is astonishingly unintuitive and could be helped so much by simply providing additional information as we work through the process. You say "Sign in to run locally" but offer no info about where to sign in. (A place for name and email appeared briefly, I entered my password incorrectly and now it doesn't seem to show up at all?) Question 2: That number seems to go to support for hardware orders (iPhones, machines, etc.). Is there a different number for developer account issues? Question 3: I paid $99 to renew the dev account, but I still can't build my SwiftUI XCode project due to Signing & Certificate Issues, and there's a bit of conflicting feedback. Feedback 1: When I click my order, it says: Apple Developer Program - Membership for one year Enrollment Complete Order Placed(Completed) Electronically Delivered (Completed) Thanks for being a part of the Apple Developer Program. Feedback 2: When I go to https://developer.apple.com/enroll/purchase, it says: Complete your purchase. Once you complete your purchase, you’ll receive a purchase acknowledgement and a membership confirmation email, and it wants me to pay $99 again. Seems unnecessarily challenging just to be able to build and run my XCode app on my own machine. Many of the involved options have little help associated to resolve issues. XCode recognizes my account, and I have a cert for running on my machine but it appears to be "in progress" so I'm dead in the water for now. Question 4: Any ideas how many days it takes before the payment will clear and I can play with my app again?

Hello, I am trying to use XCode to generate a 'embedded.provisionprofile' file. My Xcode macos project keeps giving me an error saying: Provisioning profile "BRandNewMebedded" doesn't include signing certificate "Apple Distribution: Martin Barker (LV6WXG529F)". When I download the Provisioning Profile file "BRandNewMebedded" from online, I make sure it has "Mac App Distribution" checked, but even if i edit it to use the first option "Distribution" and re-download it, my XCode keeps saying the same error in red.

Electron-Builder Version: 24.12.0 Electron-Builder-notarize Version: 1.5.1 Node Version: v15.14.0 Electron Version: 11.3.0 Electron-updater version: ^4.3.5 Target: Mac Apple Store (mas) Hello, I am trying to build and sign a new version of my electron app for the mac apple store (mas), but when I get to the final step of uploading the RenderTune.pkg file to the mac transporter app, I get a failed status with 22 errors all the same formatting like so: Asset validation failed (90284) Invalid Code Signing. The executable 'com.martinbarker.digifyunique.pkg/Payload/RenderTune.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/etc....dylib' must be signed with the certificate that is contained in the provisioning profile. (ID: abc-abc-abc-abc-abc) In order to build and sign this RenderTune.pkg file, first I run the command npm run build-mas locally while on branch v1.1.5 ( code here ) Which runs the following command: "build-mas": "electron-builder build --mac && sh signmasscript.sh", So first it runs electron-builder build --mac and gives this output: Martins-MacBook-Air:rendertune-v1.1.5-feb-24 martinbarker$ npm run build-mas > rendertune@1.1.5 build-mas > electron-builder build --mac && sh signmasscript.sh • electron-builder version=24.12.0 os=20.6.0 • loaded configuration file=package.json ("build" field) • writing effective config file=dist/builder-effective-config.yaml • packaging platform=darwin arch=x64 electron=11.3.0 appOutDir=dist/mac • signing file=dist/mac/RenderTune.app platform=darwin type=distribution identity=ACBACBACBACBACBACBACBACBACB provisioningProfile=none • skipped macOS notarization reason=`notarize` options were not provided • building target=DMG arch=x64 file=dist/RenderTune-mac.dmg • building target=macOS zip arch=x64 file=dist/RenderTune-mac.zip • building block map blockMapFile=dist/RenderTune-mac.dmg.blockmap • building block map blockMapFile=dist/RenderTune-mac.zip.blockmap Completes without issue. The next part is running the signmasscript.sh file, which does complete but gives these errors: Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 productbuild: Adding component at /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/dist/mas/RenderTune.app productbuild: Signing product with identity "3rd Party Mac Developer Installer: Martin Barker (LV6WXG529F)" from keychain /Users/martinbarker/Library/Keychains/login.keychain-db productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority" productbuild: Adding certificate "Apple Root CA" productbuild: Wrote product to /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/RenderTune.pkg productbuild: Supported OS versions: [10.10.0, ) The final output RenderTune.pkg file gives 22 error messages saying `` when I try to deliver it via the mac os transport app. Asset validation failed (90284) Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile Is my app even being signed correctly? Or is there just one file that I need to fix? Please help me out !

I am working on an open source app. I have been testing the package installer, and something unexpected is happening: the .pkg won't run on my test machine and will instead show a banner saying "myApp.app can't be opened because Apple cannot check it for malicious software"; nevertheless, if I wait some minutes, the installer will run just fine! After reading through many of ekimo's posts, I assumed it may have something to do with stapler. I was not stapling my .dmg originally, so that's something I may be missing (my app is installed by a .pkg inside a .dmg). Nevertheless, the computer where I am testing the app has internet connection, meaning stapler should not even come into play. Regardless, I decided to staple my .dmg. Running xcrun stapler staple -v myApp.dmg after notarizing produces this result: builder ~ % xcrun stapler staple -v /Users/builder/Data/HEAD/installation/Packages/myApp.dmg Processing: /Users/builder/Data/HEAD/installation/Packages/myApp.dmg Properties are { NSURLIsDirectoryKey = 0; NSURLIsPackageKey = 0; NSURLIsSymbolicLinkKey = 0; NSURLLocalizedTypeDescriptionKey = "Disk Image"; NSURLTypeIdentifierKey = "com.apple.disk-image-udif"; "_NSURLIsApplicationKey" = 0; } Creating synthetic cdHash for unsigned disk image, myApp.dmg. Humanity must endure. Signing information is { cdhashes = ( {length = 20, bytes = 0xdd018313b1c574a403f01dccc96c21705987d76c} ); "cdhashes-full" = { 2 = {length = 32, bytes = 0xdd018313 b1c574a4 03f01dcc c96c2170 ... 918d33f3 d5a74dc3 }; }; cms = {length = 0, bytes = 0x}; "digest-algorithm" = 2; "digest-algorithms" = ( 2 ); flags = 2; format = "disk image"; identifier = ADHOC; "main-executable" = "file:///Users/builder/Data/HEAD/installation/Packages/myApp.dmg"; source = "explicit detached"; unique = {length = 20, bytes = 0xdd018313b1c574a403f01dccc96c21705987d76c}; } Stored Codesign length: 12 number of blobs: 0 Total Length: 12 Found blobs: 0 JSON Data is { records = ( { recordName = "2/2/dd018313b1c574a403f01dccc96c21705987d76c"; } ); } Headers: { "Content-Type" = "application/json"; } Domain is api.apple-cloudkit.com Response is <NSHTTPURLResponse: 0x600003b85ba0> { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers { Connection = ( "keep-alive" ); "Content-Encoding" = ( gzip ); "Content-Type" = ( "application/json; charset=UTF-8" ); Date = ( "Mon, 26 Feb 2024 15:34:15 GMT" ); Server = ( "AppleHttpServer/78689afb4479" ); "Strict-Transport-Security" = ( "max-age=31536000; includeSubDomains;" ); "Transfer-Encoding" = ( Identity ); Via = ( "xrail:st53p00ic-qujn15041902.me.com:8301:24R11:grp60,631194250daa17e24277dea86cf30319:59e17ac665e1de7388b8f4e69e92e383:defra2" ); "X-Apple-CloudKit-Version" = ( "1.0" ); "X-Apple-Edge-Response-Time" = ( 99 ); "X-Apple-Request-UUID" = ( "9fc0fe2d-49fd-4e74-b718-660c56edb3bb" ); "X-Responding-Instance" = ( "ckdatabasews:16306401:st42p63ic-ztfb05112901:8807:2409B432:afc827b7b1ebf24829e9c4856d4b69205f23804f" ); "access-control-expose-headers" = ( "X-Apple-Request-UUID,X-Responding-Instance,Via" ); "x-apple-user-partition" = ( 63 ); } } Size of data is 165 JSON Response is: { records = ( { reason = "Record not found"; recordName = "2/2/dd018313b1c574a403f01dccc96c21705987d76c"; serverErrorCode = "NOT_FOUND"; } ); } CloudKit query for myApp.dmg (2/dd018313b1c574a403f01dccc96c21705987d76c) failed due to "Record not found". Could not find base64 encoded ticket in response for 2/dd018313b1c574a403f01dccc96c21705987d76c The staple and validate action failed! Error 65 What does this show? Thank you.

Hello! I'm dealing with a strange code signing issue which is preventing me from distributing a game through Steam. I'm able to sign and notarise the app in Xcode without any issues. I can verify that the app and all frameworks in /Contents/Frameworks/ are signed, and Gatekeeper allows the app to run without complaining. $ spctl --assess -vvv ~/Temp/CodeSigningTest/GoodApp.app /Users/ruairi/Temp/CodeSigningTest/GoodApp.app: accepted source=Notarized Developer ID origin=Developer ID Application: Ruairi Dorrity (3F97UA4BF8) $ codesign --verify -vvv ~/Temp/CodeSigningTest/GoodApp.app --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/ogg.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/ogg.framework/Versions/Current/. --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/mpg123.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/mpg123.framework/Versions/Current/. --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/libmodplug.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/libmodplug.framework/Versions/Current/. --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/freetype.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/freetype.framework/Versions/Current/. --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/Lua.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/Lua.framework/Versions/Current/. --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/vorbis.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/vorbis.framework/Versions/Current/. --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/OpenAL-Soft.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/OpenAL-Soft.framework/Versions/Current/. --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/theora.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/theora.framework/Versions/Current/. --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/love.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/love.framework/Versions/Current/. --prepared:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/SDL2.framework/Versions/Current/. --validated:/Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/SDL2.framework/Versions/Current/. /Users/ruairi/Temp/CodeSigningTest/GoodApp.app: valid on disk /Users/ruairi/Temp/CodeSigningTest/GoodApp.app: satisfies its Designated Requirement However, if I zip the app and upload it to Steam, the app that the Steam client downloads is blocked by Gatekeeper ("damaged and can't be opened") and re-running the above commands shows that the code signing seal has been broken somehow on the downloaded app: $ spctl --assess -vvv ~/Temp/CodeSigningTest/BadApp.app /Users/ruairi/Temp/CodeSigningTest/BadApp.app: cannot find code object on disk $ codesign --verify -vvv ~/Temp/CodeSigningTest/BadApp.app /Users/ruairi/Temp/CodeSigningTest/BadApp.app: code object is not signed at all In subcomponent: /Users/ruairi/Temp/CodeSigningTest/BadApp.app/Contents/Frameworks/love.framework The second command can be re-run, showing a seemingly random framework from /Contents/Frameworks/ each time e.g. $ codesign --verify -vvv ~/Temp/CodeSigningTest/BadApp.app /Users/ruairi/Temp/CodeSigningTest/BadApp.app: code object is not signed at all In subcomponent: /Users/ruairi/Temp/CodeSigningTest/BadApp.app/Contents/Frameworks/ogg.framework Further investigation shows that these frameworks are now unsigned, when they were signed before uploading and downloading: $ codesign --verify -vvv ~/Temp/CodeSigningTest/BadApp.app/Contents/Frameworks/ogg.framework /Users/ruairi/Temp/CodeSigningTest/BadApp.app/Contents/Frameworks/ogg.framework: code object is not signed at all $ codesign --verify -vvv ~/Temp/CodeSigningTest/BadApp.app/Contents/Frameworks/love.framework /Users/ruairi/Temp/CodeSigningTest/BadApp.app/Contents/Frameworks/love.framework: code object is not signed at all ... $ codesign --verify -vvv ~/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/ogg.framework /Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/ogg.framework: valid on disk /Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/ogg.framework: satisfies its Designated Requirement $ codesign --verify -vvv ~/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/love.framework /Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/love.framework: valid on disk /Users/ruairi/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/love.framework: satisfies its Designated Requirement I'm stumped as to what's happening here. Is is possible that the app is being modified being the scenes by Steam, which breaks the code signing? This seems unfathomable because it would surely break code signing on every Mac game on Steam, but I really can't understand what else would be going on. I'm sure I need to expand my knowledge on code signing; any pointers, suggestions or assistance is greatly appreciated! Thank you!

I am migrating my project from Xcode 13 to Xcode 14.3.1. My project has five subproject that contains few command line toll and dylibs. I have a custom build script that runs on VSO pipeline. Pipeline failing on 'building submodules and build App' stage. This is my build script snapshot- Pipeline only build my application successfully when I am passing 'CODE-SIGN-REQUIRED' ='NO' But I need a signed build for further action. Please help me how can I get a signed build. Note - Using same certificate I am able to build, run and archive app in my Xcode.

I am facing a problem in electron's apps notarisations. I have submitted my NodeJS code and the validations takes a long time. Hope, anyone can clarify why it takes so long.

I've installed the same developer certificate onto three different Macs. When viewed in the keychain (or in Xcode) on one Mac it says its revoked, on another it says its not trusted, but on a third there's no issue reported. How could there be a difference between the three Macs? (Both Macs have the date/time set to be the same). Can 3rd party software, VPNs etc. interfere in this at all?

Hello everyone, Due to a change in our development team we had to revoke some certificates and regenerate new one. I have generated a Development Mobile profile including needed certificates etc. Also, in Xcode 15 i have disabled "automatically manage signing" and everything look okay as I can see the generated provisioning profile, my team, my certificate etc. Build is working correctly. We are using App Center as a CI to build/archive.. our iOS app. During the last step of the archive export I have the following error which I cannot resolve : [command]/usr/libexec/PlistBuddy -c Print CFBundleIdentifier /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive/Products/Applications/OurStagingApp.app/Info.plist com.OurStagingDomain.OurStagingApp [command]/usr/libexec/PlistBuddy -c Add provisioningProfiles:com.OurStagingApp.OurStagingApp string toktokdoc provisioning profile development _XcodeTaskExportOptions.plist [command]/usr/bin/xcodebuild -exportArchive -archivePath /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive -exportPath /Users/runner/work/1/output/build/export/_XcodeTaskExport_OurStagingApp -exportOptionsPlist _XcodeTaskExportOptions.plist 2024-02-08 14:21:05.218 xcodebuild[18640:56463] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/r0/ztvld9wd66bfpv_g6h3ksl000000gn/T/OurStagingApp_2024-02-08_14-21-05.213.xcdistributionlogs". 2024-02-08 14:21:05.370 xcodebuild[18640:56463] [MT] IDEDistribution: -[IDEDistributionMethodManager orderedDistributionMethodsForTask:archive:logAspect:]: Error = Error Domain=IDEDistributionMethodManagerErrorDomain Code=2 "Unknown Distribution Error" UserInfo={NSLocalizedDescription=Unknown Distribution Error} error: exportArchive: exportOptionsPlist error for key "method": expected one of {}, but found development Error Domain=IDEFoundationErrorDomain Code=1 "exportOptionsPlist error for key "method": expected one of {}, but found development" UserInfo={NSLocalizedDescription=exportOptionsPlist error for key "method": expected one of {}, but found development} ** EXPORT FAILED ** ##[error]Error: /usr/bin/xcodebuild failed with return code: 70 I tried to regen certificates, regen provisioning profile, use automatically signed.. Also this is the logs of the last working build : DEV PROV PROFILE TokTokDocRCX [command]/bin/rm -f _xcodetasktmp.plist [command]/usr/libexec/PlistBuddy -c Print CFBundleIdentifier /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive/Products/Applications/OurStagingApp.app/Info.plist com.OurDomain.OurStagingApp [command]/usr/libexec/PlistBuddy -c Add provisioningProfiles:com.OurDomain.OurStagingApp string DEV PROV PROFILE TokTokDocRCX _XcodeTaskExportOptions.plist [command]/usr/bin/xcodebuild -exportArchive -archivePath /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive -exportPath /Users/runner/work/1/output/build/export/_XcodeTaskExport_OurStagingApp -exportOptionsPlist _XcodeTaskExportOptions.plist 2023-08-02 11:20:01.234 xcodebuild[19044:64264] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/cn/nkrr6l5n0jz01kq9jbtb9tg00000gn/T/OurStagingApp_2023-08-02_11-20-01.233.xcdistributionlogs". Exported OurStagingApp to: /Users/runner/work/1/output/build/export/_XcodeTaskExport_OurStagingApp ** EXPORT SUCCEEDED ** I have replaced some logs with "OurStagingApp". Also when trying to build the archive via xcode 15 the button validate is disabled. In my podfile: target.build_configurations.each do |config| config.build_settings['ENABLE_BITCODE'] = 'NO' config.build_settings['CODE_SIGNING_ALLOWED'] = 'NO' config.build_settings['IPHONEOS_DEPLOYMENT_TARGET'] = '14.0' config.build_settings['BUILD_LIBRARY_FOR_DISTRIBUTION'] = 'YES' config.build_settings['SKIP_INSTALL'] = 'NO' end Thanks for your help

When we added a com.apple.developer.associated-domains entitlement to our apps, they crash on launch with a code signing error on our old 2011 Mac running 10.13.6 High Sierra. The signature is accepted on current Macs, and the associated domains do work. The command line utilities say everything is ok, the entitlement is in the signature and the embedded profile. The apps will run fine on High Sierra without the entitlement. The only guess I have is perhaps High Sierra is rejecting any unknown entitlement? The error is Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: No Unsatisfied Entitlements are listed. Removing the entitlements from the signature lets the apps run on High Sierra.

Xcode Cloud succeeds in building the Release configuration of the app, but whenever deployment preparation is set to "TestFlight and App Store" the last step fails with: ITMS-90035: Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “{AppName}.app/{AppName}” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing. When I build for release (with manual signing) everything works as expected and uploading to TestFlight for external testing works. I have tried to removed every imported framework, library, file etc. only keeping the bare minimum and still Xcode Cloud fails with the same error. I even created a new empty project but I still get the same error. My only guess is that something is off with the automatically generated certificates (or provisioning profiles) that Apple creates. Is there any way to figure out what specifically makes the signing fail? Is there a way to reset Xcode Cloud to clear all data and caches, revoke all certificates and remove all accosiated provisioning profiles?