I've been at this for hours, searching all over, trying to find a solution. I've created a very simple app, basically 1 window that has a label saying "Hello World". 'm trying to sign this app with a Provisioning Profile that was created like so:
Created "Mac App Distribution" and "Mac Installer Distribution" certificates. Installed them, they show as valid "3rd Party Mac Developer..." in Keychain Access.
Created an Identifier for an "app", gave a Description and Bundle ID
Created a Profile for a "Mac App Store" type Distribution, used my ID from step 2, chose the "Mac App Distribution" certificate (there was only one), inputted a profile name
Then, over to xcode. In Signing & Capabilities uncheck "Automatically manage signing", enter the Bundle Identifier as it was made in step 2 above, import profile as was created in step 3 above. All seems well, however when I press that play button in order to compile and run, I immediately get a "quit unexpectedly" with the following in the details:
Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid))
Exception Codes: 0x0000000000000000, 0x0000000000000000
Termination Reason: CODESIGNING 1 Taskgated Invalid Signature
I can create a "Developer ID Application" no problem, but all goes awry when trying to build in order to make it to the Apple Store.
I'm on 16-inch 2019 MacBook Pro, Sonoma 14.1.1, xcode 15.0.1.
Is there something super lame I've looked over?
Provisioning Profiles
RSS for tagA provisioning profile is a type of system profile used to launch one or more apps on devices and use certain services.
Posts under Provisioning Profiles tag
111 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
I am getting this error while synching the automatic signing profiles on my Xcode.
Can anyone help with what this error indicates and where is the issue?
I have a problem while publishing the app on the store. I have created the app in appstoreconnect with it's bundle ID and also on Xcode I have put the same ID but in Xcode those error occurs:
The operation couldn’t be completed. (OSStatus error -2147416032.)
No profiles for 'com.my.bundle' were found Xcode couldn't find any iOS App Development provisioning profiles matching 'com.my.bundle'.
In Xcode I have the option manage automatic signing checked.
There seems to be a bug in macOS 14 (14-14.1.2) that causes VPN connections to regularly disconnect after 24 or 48 minutes, causing a short network interrupt for 1-2 seconds. Prior macOS versions up to 13 do not have the issue. Release notes do not mention any breaking changes for 14, or 14.1.
The bug seems to be on the macOS side somewhere in the rekey/cert/proposal process. My vpn servers run libreswan 4.12 and are set to match the default security params from apple dev docs ikesecurityassociationparameters and childsecurityassociationparameters:.
How can I modify a VPN Profile (e.g. mobileconfig) to workaround the bug, or is there some new security param requirement in macos 14?
macOS logs
Console logs from macOS 14.1.2 process = NEIKEv2Provider show rekey failures. After each disconnect though, the connection successfully reconnects.
10:18 NEIKEv2Provider [CREATE_CHILD_SA R resp2 8A7ADF123EF55B23-DCF9CDCBGFBDE2A1] Rekey child received notify error Error Domain=NEIKEv2ProtocolErrorDomain Code=14 "NoProposalChosen" UserInfo={NSDebugDescription=NoProposalChosen}
10:18 NEIKEv2Provider Failed to process Create Child SA packet
10:18 NEIKEv2Provider <NEIKEv2Provider: Primary Tunnel (ifIndex 15)>: : Failed to set interface availability for ipsec0
10:18 NEIKEv2Provider Bootstrapping; external subsystem UIKit_PKSubsystem refused setup
10:18 NEIKEv2Provider cannot open file at line 46986 of [554764a6e7]
10:18 NEIKEv2Provider os_unix.c:46986: (2) open(/private/var/db/DetachedSignatures) - No such file or directory
10:18 NEIKEv2Provider [IKE_SA_INIT R resp0 BBA5FCDAD5CCD32C-09141E6F23975F7C] Initiator init received notify error Error Domain=NEIKEv2ProtocolErrorDomain Code=17 "InvalidKEPayload" UserInfo={NSDebugDescription=InvalidKEPayload}
10:18 NEIKEv2Provider <NEIKEv2Provider: Primary Tunnel (ifIndex 15)>: : Failed to set interface availability for ipsec0
10:18 NEIKEv2Provider <NEIKEv2Provider: Primary Tunnel (ifIndex 15)>: : Failed to set interface availability for ipsec0
VPN Server Logs (running Libreswan latest v4.12)
In recreating the issue, I noticed a difference on first connection when the client sets OnDemandEnabled=0 vs OnDemandEnabled=1. To be clear though, disconnects happen either way, perhaps after the first connection is cached on the system.
With OnDemandEnabled=0, the server shows the macOS sent only 1 proposal.
Dec 6 9:53:22 pluto "ikev2-cp" #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 6 9:53:22 pluto "ikev2-cp" #2: proposal 1:ESP=AES_CBC_256-HMAC_SHA2_256_128-DISABLED SPI=04591279 chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match]
However, with OnDemandEnabled=1 the server shows macOS sent 4 proposals.
Dec 6 9:54:27 pluto "ikev2-cp" #5: proposal 4:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=ECP_256 2:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 4:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 6 9:54:27 pluto "ikev2-cp" #6: proposal 4:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=ECP_256 2:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 4:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 6 9:54:27 pluto "ikev2-cp" #7: proposal 3:ESP=AES_CBC_256-HMAC_SHA2_256_128-DISABLED SPI=0490053d chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] 4:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Here are the actions I performed on my developer account:
1 - I created an IOS Development certificate. 2 - I registered my device: IPhone 10 IOS 16.7.2
3 - I created an identifier for my application4 - I cannot generate a correct provisioning profile to debug my application on my iPhone:Review Provisioning Profile
Name: ProfileProvisionIPhone10
Status: Active
Platform: iOS
Expires: 2024/12/09
Type: Development
Created By: Michel Poulet
Enabled Capabilities: In-App Purchase
App ID: AppIdGenTurfEvo (com.companyname.GenTurfEvo)
Certificates: 1 total
Devices: 1 totalWhen I import my provisioning profile to my iPhone with Xcode, I get the following error:
Failed to install one or more provisioning profiles on the device. Please ensure the provisioning profile is configured for this device. If not, please try to generate a new profile.
Do you have an idea of the problem ?
Thank you in advance for your help.
We got an app for iPad which has two targets one for the App itself (MainApp target ) and another one for the Driver ( Driver Target ) using DriverKit.
The app works fine in Development, but I'm trying to distribute it with adhoc.
I've requested the Distribution Entitlement to Apple, after getting it, the App Id for the Driver has the following Capabilities:
DriverKit, DriverKit (development), DriverKit USB Transport (development), DriverKit USB Transport - VendorID, In-App Purchase
Now in the profile section, I've created a adhoc profile for the Driver AppId (Identifier). Obviously I've also created an Adhoc profile for the Main AppId
Finally in the Signing & Capabilities Section I set up the profiles for MainApp target, int the Debug one I set up the Development one and int the Release one I set up the adhoc one.
I do the same in the Driver Target, but when I set up the Adhoc one in the Release, I've got a warning:
Xcode 14 and later requires a DriverKit development profile enabled for iOS and macOS. Visit the developer website to create or download a DriverKit profile
Also interestingly the Signing Certificate section says: None
I also set up the Capabilities for the Driver Target:
DriverKit USB Transport - VendorID
DriverKit USB Transport ( Development )
Inside these capabilities I set up the vendor ID as dictionary
The problem is, if I try to Archive the app I will get the previous Warning message as error:
Xcode 14 and later requires a DriverKit development profile enabled for iOS and macOS. Visit the developer website to create or download a DriverKit profile.
Any idea what I'm missing?
Thanks
I have been pulling out my hair the past day over this. I am adding push / remote notifications (using FCM) and running into an issue with the APN entitlement not being added to provisioning profile - using automatic signing.
Now I am somewhat of a new / hobbyist developer but I'm sure I've covered all the bases:
Have added (and removed and re-added) the capability in Xcode.
Created (and recreated) the APN key in the developer portal (combined with Sign in with Apple)
AppDelegate is fine
FCM returns a device key without issue.
Cleaned build folder and rebuilt app
Despite this I am still getting "10.18.0 [FirebaseMessaging][I-FCM012002] Error in application:didFailToRegisterForRemoteNotificationsWithError: no valid
*aps-environment" entitlement string found for application" error.
Include is a screen capture of the automatically generated profile which seems to illustrate the issue.
Any and all advice is greatly appreciated ;)
Hi there :)
We are trying to install our application from Xcode to an iPhone 14 Pro. After building the app, we must go to General -> VPN & Device Management to trust the certificate.
Unfortunately, the certificate is not showing on the iPhone, and we can not install the app. Does anyone know how we can solve this problem?
Thank you very much in advance for your help!
Hi there :)
We are trying to install our application from Xcode to an iPhone 14 Pro. After building the app, we need to go to General -> VPN & Device Management to trust the certificate.
Unfortunately, the certificate is not showing on the iPhone, and we can not install the app. Does anyone know how we can solve this problem?
Thank you very much in advance for your help!
Hi all,
I'm attempting to test integration of the Sensitive Content Analysis (SCA) framework in my iOS application. To do so, my understanding is that I need to install the SCA debugging profile in order to generate false-positives. However, when I attempt to download and install the profile on my iOS device, I receive this error message:
The error message indicates that the "Profile 'SensitiveContentAnalysis Debug Profile' has an invalid signature." Is there something on my device that's improperly configured and preventing its installation, or does the linked debug profile from Apple really, truly contain an invalid signature?
We've got 3 MacOS apps on TestFlight that all suddenly became unusable to our testers who upgraded the OS to 14.2.
The error message says:
"The application can't be opened. -10673"
But also there was another window that opened up stating "The beta app, , is no longer available. The provisioning profile is invalid"
The provisioning profile doesn't specify OS versions - it's signed with distribution and installation certificates for AppStore.
These apps have been used that's been successfully provisioned, uploaded, downloaded and tested by various testers prior to now.
Each app has an explicit Apple ID and provisioning profile - all still valid.
What would cause this? How can I fix this?
I registered a Mac as a device in apple-developer using a third-party UID for collaboration, but the Mac cannot be selected when creating a provisioning profile. And they say udid and uuid are the same. Why is that?
The third party's Mac has been updated to Ventura OS using Open Core patcher.
We asked for and received confirmation that we have received the Critical alert entitlement.
I have also tested it in development build with a development profile and it worked.
However when we try to send an update to test flight to test in release mode on our device, we get the following error:
The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.usernotifications.critical-alerts'
NSLocalizedFailureReason = "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.usernotifications.critical-alerts' in our app.
SUnderlyingError = "Error Domain=IrisAPI Code=-19241 "Asset validation failed" UserInfo={status=409, detail=Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.usernotifications.critical-alerts in our app code=STATE_ERROR.VALIDATION_ERROR.90163, title=Asset validation failed
we added the following entitlement to the entitlements.plist file:
com.apple.developer.usernotifications.critical-alerts
I send a macOS app build to appStoreConnect. The app is displayed inside TestFlight but when I click on it to open it, two modal appear.
The first one:
the application "AppName" can't be opened. -10673
The second one:
"AppName" No longer Available. The beta app, AppName, is no longer available. The provisioning profile is invalid.
I followed the following step before uploading the app archive:
I made sure to purge my Mac from all the old provisioning profile
having all my provisioning profile from my apple developer account valid
retrieve provisioning profile Xcode settings > Accounts to export an archive.
I choose TestFlight & App Store to send the Archive.
I am still no understanding which part of my provisioning profiles are not valid, I would love to have insight about it or a way to fix the issue.
I have been an inactive app developer for years, and also have a new MacBook in which I restored from my Apple Time Machine where my source code was stored. I have renewed my apple developer membership. When I tried to build my app, I received the following error:Unable to login with account "sampleaccount" sign in and try again.
I cannot reset that password, because that email address does not exist anymore. How can I change this account to my current email address? If I cannot change it then what are my options? I would like to use the email address that I use to log into developer.apple.com with.
We have one enterprise app and for which Provisioning profile got expired and all our user's app stop working. We haven't received any reminder mail from Apple to update the Provisioning profile. We used to get the reminder mail before expiry of any Apple certificate. What is the solution for this? Do we need to manually keep track for Provisioning profile expiry?
I am stuck. I have an iPadOS app that installs and calls a DEXT. I have a provisioning file for the DEXT and another for the app. Xcode shows me that the respective provisioning files match the bundle ids and that the entitlements and provisions match up. I have a developer certificate (two, actually) on the iPad. Xcode shows me, via "Devices" that the provisioning files are installed. When I try to run the app, I get:
0x16d3db000 +[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]: 78: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.vyncZ7/extracted/USBApp.app/SystemExtensions/w1ebr.MUUI.ipadOS.driver.dext : 0xe8008015 (A valid provisioning profile for this executable was not found.)
I don't know what to check next.
Hi,
I created a new enterprise distribution certificate. Can I update an existing provisioning profile with the new certificate for a deployed app? Or, do I need to create a new provisioning profile with the new certificate.
I want to make sure that updating the existing provisioning profile with the new certificate won't break an app that is already installed on devices. There is a delay between when I would update the provisioning profile and when the updated app could be deployed. So I want to make sure I'm not breaking the existing installs during that timeframe.
Thanks
Hello,
I have an iOS mobile application. I want to wrap this application using an app wrapping tool and distribute it in Microsoft Intune MDM. (I want to perform the process in the link below.)
https://learn.microsoft.com/en-us/mem/intune/developer/app-wrapper-prepare-ios#steps-to-create-an-apple-signing-certificate
In the "Steps to create an Apple signing certificate" section of this link, the application is signed as In-House. However, I cannot see the In-House option in my Apple Developer account. I only see the options in the image below.
My developer account type is "organization." Why can't I see the In-House option in Distribution? What should I do for this?
I am trying to register my iPad as a device on the developer portal but it keeps declaring it as an iMac. Do you know if this is a typical problem?