C++ Default Project - Why Can't I just Compile and Run "Hello World" without a Certificate

Just to clarify I'm looking for a link in Xcode doc or somewhere that shows the workflow for [1] starting with one of the coding examples [2] shows how to do the certificate/provisioning stuff to the point where [3] I can click the build/run button in Xcode and see a string print --> Hello World

Believe it or not, somehow I got this to work (Hello World printed in output shell of Xcode!!!!), by selecting a team and a role that I somehow created a while ago from the Apple Developer website.

I'm still looking for (perhaps someone from Apple) to comment on where the simple workflow block diagram is located that shows the ordered sequence of steps to get to this result starting from scratch.

Not sure why an error string in a c++ compiler used by platforms other than Apple will have specific Apple help strings but yes, anything that runs on macOS in binary form must be notarized through code signing. Before looking all of these things that you wish existed, learn to use the Xcode tools first.

Excluding the Mac, all code on all Apple platforms must be signed with an Apple-issue signing identity. The Mac-specific exceptions [1] are:

• macOS on Intel will run unsigned code.

• macOS on both Intel and Apple silicon will run ad hoc signed code (in Xcode parlance this is Sign to Run Locally.

If you work with Xcode then it defaults to ad hoc signing. If you build from the command-line tools you’ll see two defaults:

• Intel code will default to unsigned.

• Apple silicon code will default to ad hoc signed.

This second point is achieved via linker signing, that is, the linker will add an ad hoc code signature to the Mach-O image that it creates [2]. You can override this default (enable it for Intel code or disable for Apple silicon) via the -adhoc_codesign and -no_adhoc_codesign options. See the ld man page for details.

The upshot of this is that most folks who build code to run locally on their Mac don’t need to worry about code signing:

• If they’re using Xcode, it should default to Sign to Run Locally.

• If they’re using command-line tools, the linker should do the required ad hoc signing.

If you’re having problems with the former, check that you have Sign to Run Locally selected in the Signing & Capabilities editor.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] There are more exceptions if you disable SIP, but I’m not going there.

[2] Assume it can carry a code signature. Certainly linker products, most notably MH_OBJECT files, can’t.

is there a single Apple Developer link that covers roles and certificates for all the platforms from the top down in terms of an overview page with links to each of the workflows for developer, deployment, etc?

No. There is plenty of info out there but there’s no one single resource that covers all of that.

IMO it’s helpful to distinguish macOS and other Apple platforms here. On most of our platforms, you have to build and deploy your app using Xcode [1] and our standard documentation covers Xcode well [2]. In contrast, Xcode is not a hard requirement on macOS and building products outside of Xcode is not something that we cover well in the standard documentation. You can find my advice on that front in:

• Creating Distribution-Signed Code for Mac

• Packaging Mac Software for Distribution

Beyond that, the two resources outside of the standard documentation that I most commonly reference are:

• Developer > Support > Certificates

• Developer Account Help

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Even if you’re using a third-party tool, that must be layered on top of Xcode to support installation and debugging.

[2] We’re in the process of moving from Xcode Help to Documentation > Xcode so, for the moment, I recommend that you consult both.