I want to build a CLI tool (using SwiftPM - without XCode) to read the contacts on my mac. The end goal is to use the notes field or maybe custom fields to build a simple CRM (customer relationship tool) to keep track of some things. It especially means reading the NOTE field, and also writing it back. But... as mentioned on com.apple.developer.contacts.notes | Apple Developer Documentation reading the note field requires the com.apple.developer.contacts.notes. How do I do that? If it runs locally only on my machine I am happy. I wrote an entitlements.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.contacts.notes</key> <true/> </dict> </plist> And do # build swift build --configuration release --disable-sandbox --arch arm64 Building for production... [2/2] Linking contacts Build complete! (0.29s) #sign codesign --sign - --entitlements entitlements.plist --deep .build/release/contacts --force .build/release/contacts: replacing existing signature But upon running, I get: ./.build/release/contacts fish: Job 1, './.build/release/contacts' terminated by signal SIGKILL (Forced quit) Without signing I get: *** Terminating app due to uncaught exception 'CNPropertyNotFetchedException', reason: 'A property was not requested when contact was fetched.' *** First throw call stack: ( 0 CoreFoundation 0x000000018b1cc570 __exceptionPreprocess + 176 1 libobjc.A.dylib 0x000000018acbdeb4 objc_exception_throw + 60 2 CoreFoundation 0x000000018b1cc460 +[NSException exceptionWithName:reason:userInfo:] + 0 3 Contacts 0x000000019f8f9b74 -[CNContact note] + 152 4 contacts 0x0000000104879e04 $s8contacts3CliV3runyyKF + 436 5 contacts 0x000000010487a0c8 $s8contacts3CliV14ArgumentParser15ParsableCommandAadEP3runyyKFTW + 12 6 contacts 0x000000010487a160 contacts_main + 96 7 dyld 0x000000018acf90e0 start + 2360 ) libc++abi: terminating due to uncaught exception of type NSException fish: Job 1, './.build/release/contacts' terminated by signal SIGABRT (Abort) I am new to Swift and SwiftPM and the world of code signing. I currently am NOT a member of the Apple Developer program but if needed I am (reluctantly) willing to pay 99$ to be able to sign/notarize/.. but since the goal is to only run it for myself I hppe there is a way to self-sign. Do I need so sign my cli? Is it even possible to codesign command line tools (i've seen comments that it is not)? How would I do that? What am I missing? Cheers, Oliver

I'm working on a macOS app that uses a JSContext and I want to debug it with the Safari Web Inspector. According to Session 402 at WWDC 2016 the following entitlement is required: <key>com.apple.webinspector.allow</key> <true/> This is easy enough to add, but it causes the app to crash at launch with a code signing issue. The console shows that taskgated-helper is reporting just before the crash: Unsatisfied entitlements: com.apple.webinspector.allow For anyone who finds this, here's what you need to know: https://webkit.org/blog/13936/enabling-the-inspection-of-web-content-in-apps/ Basically, there's now a inspectable property on both the WKWebView and JSContext. Unfortunately, there's no mention of the old entitlement in the WebKit blog post, so it's impossible for folks using the old technique to find. Hopefully this post will bridge this gap. It also might be something for @eskimo to add to his (always helpful) code signing documentation. -ch

Hi, I have upgraded my Mac to Sonoma and for some reason I get lost now when backup up a certificate. As I wasn't able to import my old certificate (exported as p12, but this is another issue) I started from scratch. I have created from KeyChain a new CertificateSigningRequest. Then I've uploaded it to the Apple Developer Portal and created a new certificate, that I have successfully downloaded as cer file. Now, I would like to save the certificate, including the private key. From KeyChain, I don't get a Reveal option to be able to export the private key of my certificate. Was it available in old versions of KeyChain, and now not anymore? Or my certificate doesn't have the private key? (imo this doesn't make sense at all) So I right click on the certificate but I can't export as p12 file, with the private key: Can please anyone refer me to the official documentation about this? (I have searched for it, but unable to find anything)

I have a strange problem and I don't know what's causing it A year ago, I purchased this account and created a certificate and it was working successfully, but its time expired on 1/8/2024, and I want to create a new one in order to update my applications. So I went to create a new certificate of type (iOS Distribution) and it was downloaded successfully, and when I called it in the (Keychain access) program in order to convert it to (.P12) instead of (.cer). But the program refuses to recall it, and I choose the (Local Item) section. thus : But when the file is dragged or double-clicked while I am standing in the (Login) section, the certificate is summoned successfully, and here the real problem begins. It is assumed that in order for me to convert the certificate from (cer) to (p12), there must be an arrow next to the certificate so that the key appears so that it can be pressed. Right-click, then we choose Export, and then we choose (p12). This happens because there is no arrow next to the certificate, and also when I By clicking on the certificate to export it, I am not allowed to choose (p12). How can I convert the file successfully because I want to update my applications, which is very important.

Hi, I created a new enterprise distribution certificate. Can I update an existing provisioning profile with the new certificate for a deployed app? Or, do I need to create a new provisioning profile with the new certificate. I want to make sure that updating the existing provisioning profile with the new certificate won't break an app that is already installed on devices. There is a delay between when I would update the provisioning profile and when the updated app could be deployed. So I want to make sure I'm not breaking the existing installs during that timeframe. Thanks

I’m developing this tvOS app, and it builds and runs fine locally in Simulator. However, when I do Product > Archive (so I can upload it to app store later), it fails with error in the screenshot. Looks like Xcode is trying to sign the app with a certificate, but could not find a valid profile to do so. Since I don't have a physical Apple TV device, I'm unable to add an Apple TV to the Devices list on developer.apple.com, thus unable to create a profile. Is the any way around this issue to archive my tvOS app?

Hello, What is the key for In-App Purchases entitlement I can add to my app.entitlements file in my project, so that I can autonomously enable the In-App Purchase capability? I have searched far a wide for this, however, it's unclear where it can be located. I know I can enable this capability manually by opening Xcode -> Selecting the "Signing & Capabilities" tab -> selecting "+ Capability" -> selecting "In-App Purchase" capability. However, this is not really an ideal solution for adding the capability to my app, especially when automated processes for building, testing, distributing via CI/CD are integrated. It would beneficial to be able to reference some documentation or resources for enabling capabilities (or any other build settings) autonomously in a project as opposed to having to manually click my way through enabling them. Looking forward to hearing back. Thanks!

I recently built an update to one of our apps, which installs a driver extension. The new version won't launch on my Mac, Finder says it "can't be opened". I captured the logs, which say "no matching profile found": error 2024-01-10 14:36:03.306061 -0800 taskgated-helper <app-bundle-id>: Unsatisfied entitlements: com.apple.developer.system-extension.install, com.apple.developer.team-identifier info 2024-01-10 14:36:03.306279 -0800 amfid Requirements for restricted entitlements failed to validate, error -67671, requirements: '<private>' error 2024-01-10 14:36:03.306287 -0800 amfid Restricted entitlements not validated, bailing out. Error: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=<private>, unsatisfiedEntitlements=<private>, NSLocalizedDescription=No matching profile found} default 2024-01-10 14:36:03.306432 -0800 amfid /Applications/<app-bundle-id>/Contents/MacOS/<app-name> not valid: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=file:///Applications/C<escaped-app-name>/, unsatisfiedEntitlements=<CFArray 0x14f3041d0 [0x1dd7d39a0]>{type = immutable, count = 2, values = ( 0 : <CFString 0x14f3055a0 [0x1dd7d39a0]>{contents = "com.apple.developer.system-extension.install"} 1 : <CFString 0x14f304130 [0x1dd7d39a0]>{contents = "com.apple.developer.team-identifier"} )}, NSLocalizedDescription=No matching profile found} default 2024-01-10 14:36:03.306514 -0800 kernel AMFI: bailing out because of restricted entitlements. default 2024-01-10 14:36:03.306523 -0800 kernel mac_vnode_check_signature: /Applications/<app-bundle-id>/Contents/MacOS/<app-name>: code signature validation failed fatally: When validating /Applications/<app-bundle-id>/Contents/MacOS/<app-name>: Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: com.apple.developer.system-extension.installcom.apple.developer.team-identifier The thing is, when I run this command codesign -v -vvv <path-to-app> the app is valid on disk and satisfies its Designated Requirement and these two commands: codesign --display --entitlements - security cms -D -i <path-to-app>/Contents/embedded.provisionprofile when run against the old app (which works) and the new app (which doesn't) have absolutely identical outputs. The certificates haven't expired yet. Where else should we be looking to figure out where we've messed up? We know we changed the signing and notarization flow; the working build was made by a person using Xcode, the new app was built, signed and notarized using the command line tools (xcodebuild and notarytool).

We have one enterprise app and for which Provisioning profile got expired and all our user's app stop working. We haven't received any reminder mail from Apple to update the Provisioning profile. We used to get the reminder mail before expiry of any Apple certificate. What is the solution for this? Do we need to manually keep track for Provisioning profile expiry?

Hi, Xcode Cloud just started failing with with this error. I can archive builds just fine locally in Xcode. Using Xcode 14.3.1. All my certs on my developer portal are current. 2024-01-02T16:26:44.707563433Z Error Domain=DeveloperAPIServiceErrorDomain Code=5 "There is a problem with the request entity" UserInfo={IDEDistributionIssueSeverity=3, NSLocalizedDescription=There is a problem with the request entity, NSLocalizedRecoverySuggestion=You already have a current Development Managed certificate or a pending certificate request.} 2024-01-02T16:26:44.707568258Z 2024-01-02T16:26:44.707575827Z error: exportArchive: No signing certificate "iOS Development" found The post at https://developer.apple.com/forums/thread/734179 is similar but without a resolution. Any help would be appreciated. Thank you.

I'm working on this project for the first time in a while, so I'm not sure if this issue started with Xcode 15 or what, but now when I run my UI tests I get the warning "“MyAppUITests-Runner” is from an unidentified developer and differs from previously opened versions. Are you sure you want to open it?" Code signing identity for the UITest target is set to "sign to run locally". Changing it to "Apple Development" doesn't help, and neither did a clean build. How do I need to configure it to eliminate the warning?

I'm trying to setup a new build machine and I can't seem to get the signing certificates detected by the security tool with "0 valid identities found" My id is linked to a team but my role is "app manager". In my console I can see the certificates but cant download the developerID installer cert. In Xcode no ceritifcates show up for that team ID in the list. The certs were generated by the developer console. I had to get the client to insecurely send me the certs because of this restriction. I imported them into the keychain but the tool still won't show anything. Is this another problem not having the correct root certificate installed ? I had all this setup in a VMWAre which was working before I lost all data due to a crash so setting it up fresh on a mac mini. I should be able to have just synced the certs through xcode and start signing installers. I researched hundreds of pages and no answer for my problem.

I currently possess administrative rights within ASC and have accepted an invitation to join a group with administrative privileges. Subsequently, there were no issues accessing ASC. However, when attempting to modify Certificates, Identifiers &amp; Profiles and accessing (developer.apple.com), the associated account is not displayed. I'm curious whether the permission granting access to Certificates, Identifiers &amp; Profiles is exclusive to the account owner.

I only recently installed Xcode 10 (yes, I know), and since then, new Swift code I write will compile but not run. It appears to be a "trust" issue. Exception Type: EXC_CRASH (Code Signature Invalid) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace CODESIGNING, Code 0x1 Bobs-MBP:$ codesign -v -vvv /Users/bobsmith/programming/cocoa/test20/build/Debug/test20.app /Users/bobsmith/programming/cocoa/test20/build/Debug/test20.app: CSSMERR_TP_NOT_TRUSTED In architecture: x86_64 I looked at my certificate, and saw that it wasn't trusted. Changing it to "Always Trust" failed to correct the problem. What should I do? Thanks for taking the time to read this.

Hello fellow developers, I've come across a bit of a challenge and would appreciate some insights. I successfully backed up my Developer ID Application certificate as a .p12 file and smoothly imported it into my login keychain. However, when attempting to import it into my iCloud keychain for an added layer of backup security, I encountered two error messages: "One object could not be imported." "The selected keychain could not be found." Any thoughts or suggestions on resolving this hiccup would be greatly appreciated! Thanks in advance for your expertise!

I am new to macOS development and presently tearing my hair out trying to get a driverkit extension to build. I have tried following the instructions here: https://developer.apple.com/documentation/driverkit/communicating_between_a_driverkit_extension_and_a_client_app namely, disabling SIP, but I am still unable to get my extension to build. The instructions say to set the code signing identity to "Sign to Run Locally" for all three targets, but this is not listed as an option for the driver extension.

App is working in simulator. But when i am doing archive for production IPA file. That time i am getting 'Command CodeSign failed with a nonzero exit code'. App signing and keychain access are valid in xcode. I have tried code signing identity remove/add , certificate keychain access validation. Below error message are getting - CodeSign /Users/username/Library/Developer/Xcode/DerivedData/CvCare-gzbmawocpnufzmbznuhwulouslxo/Build/Intermediates.noindex/ArchiveIntermediates/CvCare/InstallationBuildProductsLocation/Applications/CvCare.app (in target 'CvCare' from project 'CvCare') cd /Users/username/Cordova_workspace/TestingCvCare/CvCare/platforms/ios Signing Identity: "Apple Distribution" Provisioning Profile: "iOS_distribution_profile" /usr/bin/codesign --force --sign --entitlements /Users/username/Library/Developer/Xcode/DerivedData/CvCare-gzbmawocpnufzmbznuhwulouslxo/Build/Intermediates.noindex/ArchiveIntermediates/CvCare/IntermediateBuildFilesPath/CvCare.build/Release-iphoneos/CvCare.build/CvCare.app.xcent --generate-entitlement-der /Users/username/Library/Developer/Xcode/DerivedData/CvCare-gzbmawocpnufzmbznuhwulouslxo/Build/Intermediates.noindex/ArchiveIntermediates/CvCare/InstallationBuildProductsLocation/Applications/CvCare.app /Users/username/Library/Developer/Xcode/DerivedData/CvCare-gzbmawocpnufzmbznuhwulouslxo/Build/Intermediates.noindex/ArchiveIntermediates/CvCare/InstallationBuildProductsLocation/Applications/CvCare.app: No such file or directory Command CodeSign failed with a nonzero exit code. Kindly help me out. Thanks, Bal Mukund Kumar

Hello, I am rather new at publishing apps for Iphone and I am facing some difficulties. Maybe someone could point me what I am not understanding. I am having some issues handling the usage of the Development Certificate . I have created a CSR, supplied it at apple.developer system to get a development certificate. I downloaded such a certificate and installed it. When I try to use it I get this status saying it is not trusted : The result is this when trying to use it: " /Users/eao/build/dev/aquila_companion.xcodeproj: error: Missing private key for signing certificate. Failed to locate the private key matching certificate "Apple Development: Tiago DAagostini (GDH9UYDL8A)" in the keychain. To sign with this signing certificate, install its private key in your keychain. If you don't have the private key, select a different signing certificate for CODE_SIGN_IDENTITY in the build settings editor. (in target 'appaquila_companion' from project 'aquila_companion') " What am I missing? Where this p12 key should be? And is that related to that image where the Certificate is deemed not trusted?

I am trying to sign a Java application, packaged in a disk image, via jpackage, invoked via Ant (so no XCode anywhere). The packaging itself works fine, but I am having trouble figuring out the signing parameters. In particular, it seems I will have to provide a parameter --mac-signing-key-user-name What value should I give to this parameter? I have an Apple Developer Account (well, obviously...), I have generated a certificate and quite a few other things, but I am confused as to what the "signing-key-user-name" should be. The error message I currently get from jpackage is: No certificate found matching [...] using keychain [] I am on MAC OS 12.6 and JDK 17. Any help would be greatly appreciated.

Hi there :) We are trying to install our application from Xcode to an iPhone 14 Pro. After building the app, we must go to General -> VPN & Device Management to trust the certificate. Unfortunately, the certificate is not showing on the iPhone, and we can not install the app. Does anyone know how we can solve this problem? Thank you very much in advance for your help!