AppStore submission for Ruby/Glimmer app on MacOS without Xcode

Code Signing General
chipcastle
chipcastle OP
Created Feb ’25
Replies 46
Boosts 0
Views 835
Participants 3

Background

I've repeatedly run into codesigning (and missing provisioning profile) issues for my Ruby/Glimmer app and am looking for ways to troubleshoot this outside of Xcode. The app structure is as follows:

PATHmanager.app
└── Contents
    ├── Info.plist
    ├── MacOS
    │   └── PATHmanager
    ├── PkgInfo
    ├── Resources
    │   └── AppIcon.icns
    ├── _CodeSignature
    │   └── CodeResources
    └── embedded.provisionprofile

Architecture

I have a Mac mini Apple M2 Pro with macOS Ventura 13.4. Xcode is not used directly, but the underlying command line tools (e.g., codesign, productbuild, pkgutil, xcrun) are run from a custom Ruby script.

xcodebuild -version
Xcode 14.3.1
Build version 14E300c

Questions

  1. Is the .app directory and file structure/naming sufficient? If not, can you point me in the direction of a minimal example that does not use Xcode?

  2. Info.plist is an XML text document (not binary), which I believe is in an acceptable format, but how do I lint this file and determine if it contains all of the necessary key/value pairs?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>CFBundleDevelopmentRegion</key>
	<string>en</string>
	<key>CFBundleDisplayName</key>
	<string>PATH manager</string>
	<key>CFBundleExecutable</key>
	<string>PATHmanager</string>
	<key>CFBundleIconFile</key>
	<string>AppIcon.icns</string>
	<key>CFBundleIdentifier</key>
	<string>com.chipcastle.pathmanager</string>
	<key>CFBundleInfoDictionaryVersion</key>
	<string>6.0</string>
	<key>CFBundleName</key>
	<string>PATHmanager</string>
	<key>CFBundlePackageType</key>
	<string>APPL</string>
	<key>CFBundleShortVersionString</key>
	<string>1.15</string>
	<key>CFBundleSupportedPlatforms</key>
	<array>
		<string>MacOSX</string>
	</array>
	<key>CFBundleVersion</key>
	<string>1.15</string>
	<key>ITSAppUsesNonExemptEncryption</key>
	<false/>
	<key>LSApplicationCategoryType</key>
	<string>public.app-category.developer-tools</string>
	<key>LSMinimumSystemVersion</key>
	<string>12.0</string>
	<key>LSUIElement</key>
	<false/>
	<key>NSAppTransportSecurity</key>
	<dict>
		<key>NSAllowsArbitraryLoads</key>
		<true/>
	</dict>
	<key>NSHumanReadableCopyright</key>
	<string>© 2025 Chip Castle Dot Com, Inc.</string>
	<key>NSMainNibFile</key>
	<string>MainMenu</string>
	<key>NSPrincipalClass</key>
	<string>NSApplication</string>
</dict>
</plist>

  1. PATHmanager is a Mach-O 64-bit executable arm64 file created by using Tebako. Does this executable need to be codesigned, or is codesigning the .app folder sufficient?

  2. Does the .app directory need an entitlements file? Here's how I codesign it:

codesign --deep --force --verify --verbose=4 --options runtime --timestamp --sign 'Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' '/Users/chip/Desktop/distribution/PATHmanager.app'
  1. Does the PATHmanager binary need an entitlements file? Here's how I codesign it:
codesign --deep --force --verify --verbose=4 --options runtime --timestamp --entitlements '/Users/chip/Desktop/PATHmanager.entitlements' --sign 'Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' '/Users/chip/Desktop/distribution/PATHmanager.app/Contents/MacOS/PATHmanager'
  1. How can I verify what entitlements, if any, are required for codesigning the binary? The PATHmanager.entitlements file is an XML text file containing only the following:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
</dict>
</plist>

  1. Is the embedded.provisionprofile necessary, and if so, how do I know determine if it matches the certificate or entitlements that I'm using? Additionally, is it named and located properly?

  2. I submitted this to the AppStore several weeks ago and the reviewer reported that the executable would not load on their machine (even though it worked on mine.) Is it better for me to release via TestFlight for testing, and if so, do I need to following a separate process for codesigning (i.e., using different entitlements, profiles, certs, etc) when doing so?

I've been playing whack-a-mole with this for too long to mention and am hoping to nail down a better deployment flow, so any suggestions for improvement will be greatly appreciated. Thank you in advance.

Answered by DTS Engineer in 826040022
Written by chipcastle in 774923021
Is the .app directory and file structure/naming sufficient?

It looks reasonable enough. A good place to start with this stuff is Placing Content in a Bundle. If you need more info then create a test project in Xcode, build it, and see what it did.

Written by chipcastle in 774923021
how do I lint this file … ?

You can lint it with plutil. Indeed, I recommend you do that.

Actually, my general advice is that you use plutil to convert it to the XML format, which means it’s not just technically correct but in the canonical format.

Written by chipcastle in 774923021
and determine if it contains all of the necessary key/value pairs?

It’s hard to answer that, because it depends what you app does. However, a good place to start is with the above-mentioned Xcode project.

Written by chipcastle in 774923021
is codesigning the .app folder sufficient?

This is answered by Creating distribution-signed code for macOS. I recommend that you follow the advice there, and in Packaging Mac software for distribution.

Written by chipcastle in 774923021
Does the .app directory need an entitlements file?

The file itself? No. Entitlements are baked into the program when you sign it. So you might need an .entitlements file as an input to codesign, but you don’t need to include that specific file in your app.

As to whether you need entitlements at all, that very much depends. See below.

Written by chipcastle in 774923021
Here's how I codesign it:

Don’t use --deep. See --deep Considered Harmful.

Written by chipcastle in 774923021
How can I verify what entitlements, if any, are required for codesigning the binary?

There’s no single answer to that question. It depends on what your code does.

However, if you’re distributing on the App Store then, yes, you definitely need the entitlement that enables the App Sandbox.

Also, if you plan to use TestFlight, which you should, see TestFlight, Provisioning Profiles, and the Mac App Store.

Written by chipcastle in 774923021
Is the embedded.provisionprofile necessary

Only if your app uses restricted entitlements. The App Sandox entitlement is not restricted, but the TestFlight ones are.

Written by chipcastle in 774923021
how do I know determine if it matches the certificate or entitlements that I'm using?

TN3125 Inside Code Signing: Provisioning Profiles explains that in gory detail.

Written by chipcastle in 774923021
Additionally, is it named and located properly?

This is another thing covered by Placing Content in a Bundle.

Written by chipcastle in 774923021
Is it better for me to release via TestFlight for testing

Yes. And that does complicate things somewhat, as I mentioned above.

Written by Etresoft in 825899022
The easiest solution is to setup a demo Xcode app with the same name and bundleID and see how Xcode does it.

This is good advice IMO.

You can both look at the output and also look build transcript to work out how Xcode created that output.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  46
Boosts  0
Views  835
Participants  3
chipcastle
chipcastle OP
2w

I was able to get it submitted to TestFlight, but am now getting a slightly different error for the dylib than before:

“libui.dylib” Not Opened

Apple could not verify “libui.dylib” is free of malware that may harm your Mac or compromise your privacy.

The dylib is located under Contents/Frameworks, so I'm not sure what else there is to be done.

Bundle contents

λ xar -xf ~/code/ruby/PATHmanager.pkg
 
 
/tmp
λ lsbom "com.chipcastle.pathmanager.pkg/Bom"
.	0	0/0
./PATHmanager.app	40755	0/0
./PATHmanager.app/Contents	40755	0/0
./PATHmanager.app/Contents/Frameworks	40755	0/0
./PATHmanager.app/Contents/Frameworks/libui.dylib	100644	0/0	925632	2654273729
./PATHmanager.app/Contents/Info.plist	100644	0/0	1415	196399421
./PATHmanager.app/Contents/MacOS	40755	0/0
./PATHmanager.app/Contents/MacOS/PATHmanager	100755	0/0	28765680	1121196294
./PATHmanager.app/Contents/PkgInfo	100644	0/0	8	742937289
./PATHmanager.app/Contents/Resources	40755	0/0
./PATHmanager.app/Contents/Resources/AppIcon.icns	100644	0/0	56310	2265036908
./PATHmanager.app/Contents/_CodeSignature	40755	0/0
./PATHmanager.app/Contents/_CodeSignature/CodeResources	100644	0/0	2969	2120637324
./PATHmanager.app/Contents/embedded.provisionprofile	100644	0/0	12377	748912970
 
/tmp
λ cpio -i < "com.chipcastle.pathmanager.pkg/Payload" 
58137 blocks
 
/tmp
λ find PATHmanager.app                            
PATHmanager.app
PATHmanager.app/Contents
PATHmanager.app/Contents/_CodeSignature
PATHmanager.app/Contents/_CodeSignature/CodeResources
PATHmanager.app/Contents/MacOS
PATHmanager.app/Contents/MacOS/PATHmanager
PATHmanager.app/Contents/Resources
PATHmanager.app/Contents/Resources/AppIcon.icns
PATHmanager.app/Contents/embedded.provisionprofile
PATHmanager.app/Contents/Frameworks
PATHmanager.app/Contents/Frameworks/libui.dylib
PATHmanager.app/Contents/Info.plist
PATHmanager.app/Contents/PkgInfo
 
/tmp
λ codesign --verify -vvv "PATHmanager.app"                
--prepared:/private/tmp/PATHmanager.app/Contents/Frameworks/libui.dylib
--validated:/private/tmp/PATHmanager.app/Contents/Frameworks/libui.dylib
PATHmanager.app: valid on disk
PATHmanager.app: satisfies its Designated Requirement

Codesigning output

λ ./appstore.rb
codesign --remove-signature '/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib'
remove_signature returns: true
codesign --remove-signature '/Users/chip/code/ruby/distribution/PATHmanager.app'
remove_signature returns: true
Signing the .app...
codesign --preserve-metadata=entitlements --force --verify --verbose=4 --options runtime --timestamp --sign 'Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' '/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib'
/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib: signed Mach-O universal (x86_64 arm64) [libui]
sign_app returns: true
codesign --preserve-metadata=entitlements --force --verify --verbose=4 --options runtime --timestamp --entitlements '/Users/chip/code/ruby/distribution/PATHmanager.entitlements' --sign 'Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' '/Users/chip/code/ruby/distribution/PATHmanager.app'
/Users/chip/code/ruby/distribution/PATHmanager.app: signed app bundle with Mach-O thin (arm64) [com.chipcastle.pathmanager]
sign_app returns: true
Verifying signature for /Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib
codesign --verify --verbose=4 '/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib'
/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib: valid on disk
/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib: satisfies its Designated Requirement
verify_app_signature for /Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib returns: true
Verifying signature for /Users/chip/code/ruby/distribution/PATHmanager.app
codesign --verify --verbose=4 '/Users/chip/code/ruby/distribution/PATHmanager.app'
--prepared:/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib
--validated:/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib
/Users/chip/code/ruby/distribution/PATHmanager.app: valid on disk
/Users/chip/code/ruby/distribution/PATHmanager.app: satisfies its Designated Requirement
verify_app_signature for /Users/chip/code/ruby/distribution/PATHmanager.app returns: true
Building the .pkg...
productbuild --sign '3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' --identifier 'com.chipcastle.pathmanager' --version '1.23' --component '/Users/chip/code/ruby/distribution/PATHmanager.app' /Applications '/Users/chip/code/ruby/PATHmanager.pkg'
productbuild: Adding component at /Users/chip/code/ruby/distribution/PATHmanager.app
productbuild: Signing product with identity "3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)" from keychain /Users/chip/Library/Keychains/login.keychain-db
productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to /Users/chip/code/ruby/PATHmanager.pkg
productbuild: Supported OS versions: [Min: 12.0, Before: None]
build_package returns: true
Verifying signature for /Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib
codesign --verify --verbose=4 '/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib'
/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib: valid on disk
/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib: satisfies its Designated Requirement
verify_app_signature for /Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib returns: true
Verifying signature for /Users/chip/code/ruby/distribution/PATHmanager.app
codesign --verify --verbose=4 '/Users/chip/code/ruby/distribution/PATHmanager.app'
--prepared:/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib
--validated:/Users/chip/code/ruby/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib
/Users/chip/code/ruby/distribution/PATHmanager.app: valid on disk
/Users/chip/code/ruby/distribution/PATHmanager.app: satisfies its Designated Requirement
verify_app_signature for /Users/chip/code/ruby/distribution/PATHmanager.app returns: true

Any ideas? Thanks in advance.

0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
2w
Written by chipcastle in 831709022
I was able to get it submitted to TestFlight, but am now getting a slightly different error for the dylib than before:

So, you’re seeing this when launching the app that you installed using TestFlight?

If so, reproduce the problem and then dump the signature of your app and its embedded dynamic library. So, this:

% codesign -d -vvv /Applications/PATHmanager.app

and this:

% codesign -d -vvv /Applications/PATHmanager.app/Contents/Frameworks/libui.dylib

They should be the same, that is, both signed by Apple Mac OS Application Signing. Is that what you see?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
chipcastle
chipcastle OP
2w

Yes, sorry that I wasn't clear - The error did occur when attempting to open the app with TestFlight (the dialog box opened twice with the same message, BTW.) Plus, PATHmanager.app is neither installed under /Applications, nor ~/Applications. If there's something else I can do to get it installed, I'm all ears. :-)

I'll post the output of your suggested commands from the extracted .pkg file that was uploaded using Transporter (hopefully that helps?):

Signature dump for app bundle

/tmp
λ codesign -d -vvv "PATHmanager.app/"                               
Executable=/private/tmp/PATHmanager.app/Contents/MacOS/PATHmanager
Identifier=com.chipcastle.pathmanager
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=223206 flags=0x10000(runtime) hashes=6964+7 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=a7e912f449ef085b27467d282bfeca980b8e4d9c
CandidateCDHashFull sha256=a7e912f449ef085b27467d282bfeca980b8e4d9c9063d3b31bb34aaa15383e7d
Hash choices=sha256
CMSDigest=a7e912f449ef085b27467d282bfeca980b8e4d9c9063d3b31bb34aaa15383e7d
CMSDigestType=2
CDHash=a7e912f449ef085b27467d282bfeca980b8e4d9c
Signature size=9116
Authority=Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Timestamp=Mar 27, 2025 at 1:01:31 PM
Info.plist entries=19
TeamIdentifier=BXN9N7MNU3
Runtime Version=15.0.0
Sealed Resources version=2 rules=13 files=3
Internal requirements count=1 size=204

Since that doesn't tell me much, I'll add this as well:

λ codesign -d -r- "PATHmanager.app"                 
Executable=/private/tmp/PATHmanager.app/Contents/MacOS/PATHmanager
designated => identifier "com.chipcastle.pathmanager" and anchor apple generic and certificate leaf[subject.CN] = "Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */

Signature app for dylib

λ codesign -d -vvv "PATHmanager.app/Contents/Frameworks/libui.dylib" 
Executable=/private/tmp/PATHmanager.app/Contents/Frameworks/libui.dylib
Identifier=libui
Format=Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=3281 flags=0x10000(runtime) hashes=97+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=6f0f3b4eefb0e542619665c4c6396f84b765a92f
CandidateCDHashFull sha1=6f0f3b4eefb0e542619665c4c6396f84b765a92f
CandidateCDHash sha256=51b0d7e81f542de2b8c8a8d091548bfd4b1091e5
CandidateCDHashFull sha256=51b0d7e81f542de2b8c8a8d091548bfd4b1091e5ce8be2b38188f806bed13dc6
Hash choices=sha1,sha256
CMSDigest=705e70b2c2bda6cefedab9ccb490452f2ea83ce07d9ed5e0285c74cd6eedb151
CMSDigestType=2
CDHash=51b0d7e81f542de2b8c8a8d091548bfd4b1091e5
Signature size=9197
Authority=Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Timestamp=Mar 27, 2025 at 1:01:31 PM
Info.plist=not bound
TeamIdentifier=BXN9N7MNU3
Runtime Version=12.1.0
Sealed Resources=none
Internal requirements count=1 size=184

And also:

λ codesign -d -r- "PATHmanager.app/Contents/Frameworks/libui.dylib"
Executable=/private/tmp/PATHmanager.app/Contents/Frameworks/libui.dylib
designated => identifier libui and anchor apple generic and certificate leaf[subject.CN] = "Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */

Thanks again.

0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
2w

So, lemme see if I understand you correctly here. You’re getting this “libui.dylib” Not Opened error when you try to install the app using the TestFlight? So it’s not from the app itself? And the error prevents TestFlight from actually installing the app in /Applications?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
chipcastle
chipcastle OP
1w

Yes, that's correct. That error only only occurs when installing via TestFlight and pops up twice. The app is never installed under /Applications.

To be clear, before codesigning, the app runs fine on my system (always has).

As a further test, if I extract the pkg file that I uploaded via Transporter, which is subsequently available via TestFlight, I get this:

 
/tmp
λ xar -xf ~/code/ruby/PATHmanager.pkg                               
 
/tmp
λ ll
total 8
drwxrwxrwt  7 root  wheel   224 Mar 31 09:23 .
drwxr-xr-x  6 root  wheel   192 Mar 20 09:49 ..
-rw-r--r--  1 chip  staff  1217 Mar 31 09:23 Distribution
drwx------  3 chip  wheel    96 Mar 20 09:50 com.apple.launchd.AUOVCHr68r
drwx------  5 chip  staff   160 Dec 31  1969 com.chipcastle.pathmanager.pkg
srwxr-xr-x  1 chip  wheel     0 Mar 20 09:50 mykitty-1525
drwxr-xr-x  2 root  wheel    64 Mar 30 15:31 powerlog
 
/tmp
λ cpio -i < "com.chipcastle.pathmanager.pkg/Payload"
58137 blocks
 
/tmp
λ ll
total 8
drwxrwxrwt  8 root  wheel   256 Mar 31 09:23 .
drwxr-xr-x  6 root  wheel   192 Mar 20 09:49 ..
-rw-r--r--  1 chip  staff  1217 Mar 31 09:23 Distribution
drwxr-xr-x  3 chip  wheel    96 Mar 31 09:23 PATHmanager.app
drwx------  3 chip  wheel    96 Mar 20 09:50 com.apple.launchd.AUOVCHr68r
drwx------  5 chip  staff   160 Dec 31  1969 com.chipcastle.pathmanager.pkg
srwxr-xr-x  1 chip  wheel     0 Mar 20 09:50 mykitty-1525
drwxr-xr-x  2 root  wheel    64 Mar 30 15:31 powerlog
 
/tmp
λ open PATHmanager.app
The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600003c9c0f0 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}
0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
1w
Written by chipcastle in 832139022
if I extract the pkg file that I uploaded via Transporter … I get this:

Just FYI, you shouldn’t expect to be able to run the code from the package you submit to the App Store. See Don’t Run App Store Distribution-Signed Code for an explanation as to why.

Written by chipcastle in 832139022
Yes, that's correct. That error only only occurs when installing via TestFlight and pops up twice.

Weird. You should definitely file a bug about that. Something should be giving you a more actionable error here, probably on the App Store ingestion side.

Make sure to include a sysdiagnose log taken shortly after reproducing the problem.

Once your done, post your bug number here. I then take another look at this.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
chipcastle
chipcastle OP
1w

Thanks for the tips! I tried sysdiagnose in various incantations, but received no output. Here's a sample:

sudo sysdiagnose -H -v 30371

The 30371 is the pid for TestFlight on my system at the time. I'm new to sysdiagnose, so I could've easily used it improperly.

I also inspected the contents of /private/var/tmp, which had on 2 directories, one of them being empty. The other only contained a binary file at /private/var/tmp/SoftwareUpdateCore/EventReporterPersistedState/SUCoreEventReporterState.state, but I'm assuming this is not related.

At any rate, I clicked on the Send Feedback button from within TestFlight and provided a screenshot along with a description in case that helps. I'll also attach the screenshot here so you can see what I mean. Thanks again.

0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
1w
Written by chipcastle in 832397022
I tried sysdiagnose in various incantations, but received no output.

The -H option tells sysdiagnose to print its output path and then exit )-:

You don’t need to do anything fancy here. Just run sysdiagnose with no options and it’ll lead you through the process:

% sudo sysdiagnose

If you run it from Terminal, it ends by bringing Finder to the front with the output file selected.

For more detailed instructions, see Sysdiagnose for macOS on our Bug Reporting > Profiles and Logs page. For lots of general advice on filing bugs, see Bug Reporting: How and Why?.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
chipcastle
chipcastle OP
1w

Thank you for the documentation.

Let's see if I got the steps straight...

I launched TestFlight, then from the Terminal I typed sudo sysdiagnose, clicking Enter for it to start processing. I then clicked Open from TestFlight and clicked Done on both error dialogs. Per the sysdiagnose instructions, I clicked Ctrl-\ within the Terminal to allow it to finish processing. Per the documentation you provided, I waited more than 10 minutes. At that point, neither did sysdiagnose bring the Finder to the front, nor did it create any files under it's directory.

Here's verification:

λ sudo sysdiagnose -H
Password:
Sysdiagnoses can be found at '/private/var/tmp'
 
~
λ ls -alR /private/var/tmp
total 0
drwxrwxrwt   2 root  wheel    64 Apr  2 21:17 .
drwxr-xr-x  36 root  wheel  1152 Mar 20 09:49 ..

I have yet to hear back from support regarding my bug report, so I'll wait. Thanks again.

0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
1w

Nope, sorry, you’re in the weeds here. Note this line in the sysdiagnose output:

% sudo sysdiagnose
Press 'Enter' to continue. Ctrl+\ to cancel.

When it says cancel is really means it. Pressing ^\ will cancel the sysdiagnose log generation process completely. You need to press the Return key [1] to start the operation and then wait for it to run. I’ll show progress like this:

Progress:
[||||___________________________________05%____________________________________]

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Enter actually works too, but many Macs don’t have an Enter key (instead you press fn-Return to get Enter).

0
chipcastle
chipcastle OP
1w

(Smacks head) Ha! Ok, I moved too fast on that one. Thanks for clarification.

I extracted the resulting tar.gz file and inspected quite a few files, but I'm kinda flying blind here

TestFlight feedback allows for attaching screenshots, but not other files. The archive is too large to attach here, so what would be of interest?

Thanks.

0
chipcastle
chipcastle OP
1w

Here's the file listing in case you see where I should focus. Thanks.

sysdiagnose.tree.txt
0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
1w

I recommend that you file a bug using Feedback Assistant. For more on that process, see Bug Reporting: How and Why?. If you file a bug in that way, you’ll be able to attach the sysdiagnose log you just recorded.

Once you’re done, post your bug number and I’ll take a look.

Written by chipcastle in 832949022
Here's the file listing in case you see where I should focus.

Generally, you want to look in the system log snapshot, that is, system_logs.logarchive. However, that’s huge and quite hard to navigate if you don’t know what you’re looking for. I have some general hints and tips in the Explore the System Log section at the end of Resolving Trusted Execution Problems.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
chipcastle
chipcastle OP
1w

Bug number: FB17118773

I tried exporting from Console any Process matching TestFlight to no avail. I didn't see anything of interest there, though. Thanks.

0
chipcastle
chipcastle OP
1w

Actually, I just found this within the Console output:

Library Validation failed: Rejecting '/Users/chip/Library/Containers/com.chipcastle.pathmanager/Data/tmp/tebako-runtime-20250404-48697-v1sra5/libui.dylib' (Team ID: none, platform: no) for process 'PATHmanager(48697)' (Team ID: BXN9N7MNU3, platform: no), reason: mapping process and mapped file (non-platform) have different Team IDs

This is strange, because I'm using the same Team ID in the cert when codesigning the libui.dylib and the app bundle.

Additionally, I'm unclear on why the dylib would be located under /Users/chip/Library/Containers/com.chipcastle.pathmanager/Data/tmp/tebako-runtime-20250404-48697-v1sra5/libui.dylib, because not only is that not where I initially built the binary, it's not where I copied it for codesigning.

0
AppStore submission for Ruby/Glimmer app on MacOS without Xcode
First post date Last post date
 
 
Q