I have received email about your development certificate has been revoked, but couldn't identify who did that, due to this revocation one of our enterprise application stopped working. So posting here to seek some suggestion on following 1.) Identification of Revoking Party: Though I have already raised a support ticket to Apple still waiting for their reply. Is it possible for Apple to send logs or account activity logs that from which account or who did the revocation? 2.) How much does Apple take to reply to the support tickets. 3.) No one else received email in my development team. Is it because the certificate which I created is revoked that's the reason only I have received email? 4.) May I know what are the other scenarios that certificate can be revoked other than a human error? 5.) Is there a way for us to internally monitor activity within our developer account, such as identifying who has been actively logged in and updating certificates?

Hello Team, I am building an Electron app and building platform-related installers line exe, appimage and dmg. To build an installer, I am using the electron builder library. When I do code signing and notarization, the signing process gets stuck without any error. I have verified certificate and other information are correct. Below are more details. Versions @electron/notarize": "^2.5.0 @electron/rebuild": "3.3.0 electron": "26.2.1 electron-builder": "^25.1.8 electron-devtools-installer": "3.2.0 Current Setup CircleCI pipeline Developer ID Application certificate is properly installed and verified Notarization is configured in both package.json and build arguments I see the last log as below where it gets stuck without any error. • selecting signing options file=release/build/mac-arm64/xxxx Assistant.app entitlements=assets/entitlements.mac.plist hardenedRuntime=true timestamp=http://timestamp.apple.com/ts01 requirements=undefined additionalArguments=[] Package.json "build": { "productName": "xxxxx - Your AI Work xxxxx", "executableName": "xxxx xxxxx", "artifactName": "xxxxx-Assistant-${version}-${arch}.${ext}", "appId": "org.erb.xxxx", "asar": true, "asarUnpack": "**\\*.{node,dll}", "files": [ "dist", "node_modules", "package.json", "assets/tray.ico", "!**/*.lproj/**/*", "!**/locale.pak", "!locales/**/*" ], "afterSign": ".erb/scripts/notarize.js", "mac": { "timestamp": "http://timestamp.apple.com/ts01", "identity": "xxxxx Technology Inc (xxxxxxxx)", "target": [ "dmg", "zip" ], "electronLanguages": [ "en-US" ], "icon": "build/mac-icon/Logo512x512.icns", "type": "distribution", "hardenedRuntime": true, "entitlements": "assets/entitlements.mac.plist", "entitlementsInherit": "assets/entitlements.mac.plist", "gatekeeperAssess": false }, "dmg": { "icon": "build/mac-icon/xxxxxxLogo512x512.icns", "contents": [ { "x": 130, "y": 220 }, { "x": 410, "y": 220, "type": "link", "path": "/Applications" } ] }, "directories": { "app": "release/app", "buildResources": "assets", "output": "release/build" }, "extraResources": [ "./assets/**" ] } Entitlement <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <!-- Required for Electron/Chromium JIT --> <key>com.apple.security.cs.allow-jit</key> <true/> <!-- Required for basic Electron functionality --> <key>com.apple.security.inherit</key> <true/> <!-- Required for network communication (REST APIs) --> <key>com.apple.security.network.client</key> <true/> </dict> </plist> I have made the following verification. I already tried on multiple macos with different processors. Verified on a high-speed network. Certificate is exported to .p12 and verified. All Env Variables are set with the correct value. (APPLE_APP_SPECIFIC_PASSWORD+APPLE_ID+APPLE_TEAM_ID ) I have tried with CSC_LINK/CSC_KEY_PASSWORD + Keystore as well. Appriciate any help.

I've made an MacOS app with Unity Cloud Build and I want to sign and distribute it using App Store Connect. I download the compiled .app file and use codesign to sign all the appropriate files. I also use an entitlements file when I sign the runtime binary. I used the command codesign -d --entitlements on the resulting .app file to confirm that com.apple.security.app-sandbox is set to true, which it is. But when I use productbuild to create the .pkg file and upload it using Transporter, I get an e-mail from App Store Connect saying that "ITMS-90296: App sandbox not enabled" I don't know how to further debug this... Does anyone have any pointers on how to fix this? Note: it has to be doable either via the Unity Editor, Unity Build Cloud or the MacOS CLI... Codesign showing that app-sandbox is enabled: The error from App Store Connect:

My app has been "In Progress" for over a day. It's release date and these absurd behaviours are happening. Hasn't Apple been able to fix this? We're approaching 2025 with issues that have been happening since 2023. Are these guys serious or they just ignore these issues?

hi I am using fastlane and match to upload an app to test flight. The app requires com.apple.developer.storekit.external-link.account to be activated. My identifier has activated the capabilities and when I look at provisional profile, it also has it, but when the app has been uploaded, it's missing (although all other entitlements are there). Now it gets weird: Every time I run my flow I delete derived data, deletes all downloaded provisional profiles and use match to redownload them with read only (force is not an option). It does not work. I go to Apple dev and Toggles the capability off and on and saves. This invalidates the profile. I press edit and save. So no real changes. Run my flow and the app is uploaded correctly WITH the correct capabilities. Runs the flow again without the manual steps and the entitlements will be missing once again. Repeats the toggle stuff and the subsequent behavior repeats itself. Same flow and same code and same settings, app and profile.... I am building automated flows so this does not really work for me.... Heeeelp...

I have a bizzare issue with my Apple TV that is shown as "iPod" in Apple developer portal. It's correctly visible in Xcode as Apple TV, but when I add it to developer portal it says "iPod". The problem is since it's there as an iPod I can't use it to my provisioning profile to build on the device Anyone has any idea how this can be solved? [Edited by Moderator]

I would like to code sign an app or installer with an RSA 4096-bit code signing certificate. I created a CSR using RSA4096bit and ECC in Mac Keychain Access, but I was unable to use that CSR to create a code signing certificate on the Apple Developer site. How do I issue an RSA4096-bit or ECC code signing certificate?

Hi everyone! We use to have an intel Mac machine where we generate the Developer ID Installer &amp; Application certs for signing and notarization process. This process works sweet. Now, we move from an intel to a m1 Mac machine, where we want to do the same process as before. I had try two different approaches, but ending up with the same result. I export the cert with the private key from my intel to the m1 machine, but when I try to sign, I get: Invalid signature. (Not sure what this error means in this case as everything works on the intel machine. I am guessing the cipher for creating either the private key or the signature differs between the architecture) I try to generate new certs for this m1 machine, but I get the following error: You already have a current Developer ID installer certificate or a pending certificate request. I try with the same account, but also with a different account. In both cases got the same error. I create a ticket for apple, where they said to expect a reply between one and two business days, but no luck yet.

we are trying to build MacOS Desktop app using electron code sign-in and notarization has completed basically it is angular application but still unable to open the desktop app getting below error pop-up : screenshot of it. CrashReporter Key: XXXX-XXXX-XXXX-XXXX-XXXX Hardware Model: MacBook Pro (Obfuscated) Process: xnode [5798] Path: /Applications/[App Path]/Contents/MacOS/xnode Identifier: ai.xnode.xnode Version: 1.0.0 (1.0.0.43313) Code Type: X86-64 (Native) Role: Default Parent Process: launchd [1] Coalition: ai.xnode.xnode [5056] Date/Time: [Redacted for Privacy] OS Version: macOS 14.6.1 (23G93) Release Type: User Report Version: 104 Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid)) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: CODESIGNING 1 Taskgated Invalid Signature Triggered by Thread: 0 Thread 0 Crashed: 0 dyld_path_missing 0x10dbb4010 _dyld_start + 0 1 main_executable_path_missing 0x10b395000 ??? Thread 0 crashed with X86 Thread State (64-bit): rax: 0x0000000000000000 rbx: 0x0000000000000000 rcx: 0x0000000000000000 rdx: 0x0000000000000000 rdi: 0x0000000000000000 rsi: 0x0000000000000000 rbp: 0x0000000000000000 rsp: 0x00007ff7b4b6abf8 rip: 0x000000010dbb4010

Hi After I added iCloud container and iCloud documents my UITests can't run anymore what is this problem and how can I solve it? Thanks!

We have an enterprise app for which one of the Users is facing the below error. Unable to verify app Internet connection is required to verify trust of the developer "&lt;Enterprise_distribution_Profile&gt;". This app will not be available until verified. What could be the reason behind this error as only one user is facing the issue. Is there a way to fix it.

It has been 3 days and it is still in progress. As you can see in the history, I retried a few hours after the initial attempt, both are stuck. For what it's worth, this is my first notary attempt on this Apple Developer Account, I am aware that first-time submission can take longer. What should I do at this point? Wait another few days? Is there a human in the loop that needs to manually allow my submission? I have seen posts about this for the last 2 years. Seems like Apple is not going to do anything about it, xcrun notarytool history --keychain-profile '[redacted]' Successfully received submission history. history -------------------------------------------------- createdDate: 2024-11-30T01:59:08.408Z id: 3de4f35a-a950-4b34-8a74-21252b3e49a4 name: Notes.ai.zip status: In Progress -------------------------------------------------- createdDate: 2024-11-29T20:49:53.437Z id: 268e5416-640c-419f-b22a-efe55212b50a name: Notes.ai.zip status: In Progress

As of Nov 25, 2024, Xcode 16.1 won't recognize an App Store provisional profile as Eligible so you cannot select the provisional profile for signing. Which means you cannot archive it for upload to Apple. Setting it to manual or automatic signing does not help. Even going to the dev site and making new, fresh provisional profiles did not work. rebooting xcode did not work. rebooting the computer did not work.

Despite the recommendation of DTS Engineers at [https://forums.developer.apple.com/forums/thread/766500, Xcode 16.1 ](https://forums.developer.apple.com/forums/thread/766500, Xcode 16.1 ) the same behavior when automatically signing in our CI/CD environment: The operation couldn’t be completed. Unable to log in with account '<APPLE-ID>'. The login details for account '<APPLE-ID>' were rejected. error: No profiles for '<BUNDLE-ID>' were found: Xcode couldn't find any iOS App Development provisioning profiles matching '<BUNDLE-ID>' ** ARCHIVE FAILED ** In addition, we see several orphaned Xcode username entries in the local keychain / Keychain Access app that match the identifier stored in com.apple.dt.Xcode.plist under the key DVTDeveloperAccountManagerAppleIDLists - IDE.Identifiers.Prod. (Preferences read com.apple.dt.Xcode DVTDeveloperAccountManagerAppleIDLists) or we see that the DeveloperID stored in Xcode - Settings - Accounts is lost. We have reset a Mac mini (2023 / arm) to factory settings, reinstalled Sequoia in the current version and installed Xcode 16.1 (16B40). Nevertheless, we see the behavior described above. This behavior is not reproducible for us. We have opened the following tickets, but have not received a response that explains the behavior or offers a solution. Case ID: 9935876 Feedback: FB15700530

We get a "The application "Finder" does not have permission to open "(null)“" error message in macOS 15.1 when trying to open unsigned applications. Is this a known bug in macOS 15.1 ? If so any indications of whether it will be fixed in the future. In macOS 15.0.1 the workaround for launching unsigned applications still worked.

I recently added a new target for Apple Watch, which works fine on the simulator. However, I wasn't able to run it on real Apple watches. First, I don't see it in the list of devices, even after I click "trust" and connect to my Mac over charging cable. Second, I've always used automatic code signing, and everything seems OK here. Third, I also tried distributing it over TestFlight, but that build doesn't appear in the TF. I restarted my phone and relaunched the TF app. So, when I install the app to my iPhone over the cable, the watch app doesn't appear on Apple watches. Then, If I go to watch app and install my app manual (I see it at the bottom with the "install" button), it fails with the error "This app cannot be installed because its integrity could not be verified.". Also, there's an icon on the Apple watch, but it shows the same error when I click it. I unpaired and paired it again, but it didn't help. Also, I tried another pair of phones, and the same thing happened. I use an AppStore account (not enterprise), and the main app works fine. Is there a way how to fix it?

Hi, we have received an Application via App Transfer recently. I am now trying to generate a provisioning profile for App Store distribution. When we set the checkmark in Capabilities to use "iCloud Key-value storage" we cannot get "automatically manage signing" to work with an error: Provisioning profile "iOS Team Provisioning Profile: com.some.bundle.identifier" doesn't match the entitlements file's value for the com.apple.developer.ubiquity-kvstore-identifier entitlement. When a Provisioning Profile is manually generated via Developer Portal the com.apple.developer.ubiquity-kvstore-identifier entry shows the value of the previous app owner: "OLDTEAM.com.some.bundle.identifier". How can we change the com.apple.developer.ubiquity-kvstore-identifier value in our provisioning profile to get rid of the old team identifier? Help is much appreciated, thank you. FB15898983

My non-cloud Developer ID certificate will expire soon, and my account also has a cloud-managed Developer ID Certificate. My Mac application build workflow uses Archiving, so the cloud cert should be fine for that. But my workflow also signs bundled apps, such as Sparkle framwork's Autodupate app, using the codesign tool. Is it correct that codesign only uses certificates from the local Keychain, and so cannot use a Cloud-managed Developer ID certificate? Before I manually renew the non-cloud Developer ID certificate, I want to make sure I'm not missing some easier method. Thanks.

Hi there, I have a Multiplatform app with just one app target with an iPhone, iPad and Мас Destination. On the Mac my app is a developer singed App that is being distributed outside of the Mac App Store. I want to use App Groups, but as long as there are multiple destinations, Xcode only allows Group Identifiers starting with group.. However, for macOS I need to have a group ID that starts with the TeamID as explained here. So I created two separate entitlements, which are identical, but with different group IDs: With Automatic Code Signing enabled, I get this warning: Xcode still seems thinks it has to use the macOS Group ID for the iOS version. In the App Groups section, the mac Group ID is red and the iOS Group ID is not checked. The app builds and runs without issues on all platforms. The App Store Connect validation (for the iOS version) also works without any errors. Am I doing something wrong? Do I need a separate Mac target because Xcode does not support separate Group IDs for Multiplatform apps?

I have an app Arpeggio.app which I build and then sign without errors: "electron-osx-sign dist/mac-arm64/Arpeggio.app --identity="Developer ID Application: XXXX (XXXXXX)" --hardened-runtime --no-gatekeeper-assess --entitlements=entitlements.plist". It returns "Application signed: dist/mac-arm64/Arpeggio.app". I then use "/usr/bin/ditto -c -k --sequesterRsrc --keepParent src dst" to make a zip with the same signatures. I then submit the zip for notarization: "xcrun notarytool submit dist/mac-arm64/Arpeggio.zip --apple-id XXXX etc" which returns "Waiting for processing to complete. Current status: Accepted.............. Processing complete id: xxx-xxx-xx-xx status: Accepted". Then I staple the notarization to the app and get "The staple and validate action worked!". Now it shows all validated and that the notarization is stapled. I then run "spctl --assess --type execute -vv 'dist/mac-arm64/Arpeggio.app'" as a last check and always get this: dist/mac-arm64/Arpeggio.app: unknown error 99999=1869f Why is this happening? I can't seem to debug the issue but out notarization and signing is always successful and the app works as expected. Pleas ehelp me get to the bottom of this.