I've successfully uploaded my macos app to tesflight (it's a game based on Unreal Engine5). It has passed all checks and is now in testflight, but when i launch it it says
"The application can't be opened. -10673"
And pops up another windown : "The beta app, , is no longer available. The provisioning profile is invalid"
The provisioning profile doesn't specify OS versions - it's signed with distribution and installation certificates for AppStore.
What would cause this? How can I fix this?
MacOS version 14.5
Demystify code signing and its importance in app development. Get help troubleshooting code signing issues and ensure your app is properly signed for distribution.
Post
Replies
Boosts
Views
Activity
I am building a command line app to interface to a Bosch Smart Home Controller (SHC) using URLSession and running into a problem with certificate authentication.
Sending a request to the SHC results in a -1202 error "The certificate for this server is invalid..." which was expected as it's counted as a self-signed cert.
In URLSessionDelegate SecTrustEvaluateWithError returned the CFError.localisedDescription Smart Home Controller Productive Root CA” certificate is not trusted
So I used SecItemAdd to add this certificate to my login keychain and then set it to "Always Trust", but the error still persists.
routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE:/AppleInternal/Library/BuildRoots/a8fc4767-fd9e-11ee-8f2e-b26cde007628/Library/Caches/com.apple.xbs/Sources/boringssl/ssl/tls_record.cc:592:SSL alert number 42
I've tried various workarounds and also added an intermediate certificate received from the SHC to my login keychain with "Always Trust" set but the error persists - am I missing something?
I use launch constraints in a project. If I archive the project and save a copy of the app locally, everything works as expected but if I choose "Direct Distribution" and submit the app to Apple for notarization, the notarized app does not contain any launch constraints. What are I am doing wrong? Thanks.
In my account, there is already a driver kit usb transport vendor id(4070) in the Identifiers capability . I posted a new request for new usb vendor id(14203) , and there are now 2 driver kit usb transport vendor id entitlement in the account's identifiers, one is for old id (4070), another is not for new id(14203).
so how can I add a new usb vendor id ? or change the old one?
Hi
I have an error message from running an iOS emulator, and it seems there's a problem because Xcode wants to sign something.
I have noticed that when running my code for testing, that it is being run in ios-release mode. I have thought that maybe Xcode would not want to sign if the code was being run in ios-debug mode - because Xcode didn't have this interest in signing problem before.
Confirmed: "Building com.example.appName for device (ios-release)..."
Error confirmation: "No valid code signing certificates were found. You can connect to your Apple Developer account by signing in with your Apple ID in Xcode and create an iOS Development Certificate ..."
My preference is to test/develop at this point without Apple Developer. This was possible for a long time before.
Advice: "Or run on an iOS simulator without code signing"
It seems that if Xcode were not interested in code signing that I wouldn't have this error preventing me.
How can I configure Xcode so that code signing is skipped and the code testing occurs without a reference to my Apple Developer account please?
If you can assist to resolve with these queries, that would be cool and greatly appreciated.
With thanks.
App.xcodeproj: error: Revoke certificate: Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain.
App.xcodeproj: error: No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "T....." with a private key was found.
From the above error during build, I do not know what I am supposed to do to fix this issue. The build was working few days back and today it is giving this error.
Hi,
python "import foundation" crushes without error message (but with a macos crush report) if the app is codesigned with Developer ID Application Certificate.(Without codesign, it works fine.)
1-test_simple_foundation.py(already attached):
import socket
import Foundation
print("hallo")
2-Install Nuitka:
pip install Nuitka
3-Generate App File via Nuitka:
echo *** | sudo -S python3.9 -m nuitka --run --standalone --macos-create-app-bundle --macos-app-mode=ui-element --macos-app-icon=icons/app_icon.png --include-data-dir=icons=icons test_simple_foundation.py
4-Copy app file under /applications
5-Execute test_simple_foundation.app file from terminal ./Applications/test_simple_foundation.app/Contents/MacOS/test_simple_foundation and observer that "hallo" is printed out
6-Codesign with following sh file(already attached):
7-Execute test_simple_foundation.app file from terminal ./Applications/test_simple_foundation.app/Contents/MacOS/test_simple_foundation and observer that code freezes with a macos crush report(already attached), after import Foundation nothing printed out.
MacOS_crush_report.txt
build-app_no_sand-sh.txt
test_simple_foundation-py.txt
pip list freeze.txt
app.entitlements.txt
Requirement:
python3.9 -m nuitka --version
1.9rc5
Commercial: None
Python: 3.9.12 (v3.9.12:b28265d7e6, Mar 23 2022, 18:22:40)
Flavor: CPython Official
Executable: /Library/Frameworks/Python.framework/Versions/3.9/bin/python3.9
OS: Darwin
Arch: x86_64
Version C compiler: /usr/bin/clang (clang).
MacOS: Sonoma 14.2.1
1,6 GHz Dual-Core Intel Core i5
8 GB 2133 MHz LPDDR3
I'm new to iOS development so forgive me if this question sounds naive. I have an iPhone 15 Pro currently registered to a coworker but I would like to test my apps on that iPhone when he is not working on it. In order for me to test on that phone, do I need to wipe that iPhone and re-register under my name? Is there anyway to switch between accounts on the iPhone?
Im using a git actions CI/CD pipeline for my automated deployment and I'd like to include notarisation in this process. Right now when I'm submitting for notarisation manually/locally it's taking around 24 hours and then is eventually successfully accepted. \
Using a git actions server to do this has a cost per minute (and an even higher cost at 10x per minute for a Mac-OS machine), so notarising with a 24hr turn around time is not feasible.
Ive submitted my application many times and it's been the same experience each time taking around 24 hours and then being accepted. How can I shorten the time frame on this or even find out what I might be doing wrong to cause such a long time for a response?
here my log:
{
"logFormatVersion": 1,
"jobId": "3ccf4652-60dc-4fd1-b281-23d49b2b7bb1",
"status": "Accepted",
"statusSummary": "Ready for distribution",
"statusCode": 0,
"archiveFilename": "AudioMap.dmg",
"uploadDate": "2024-07-14T16:51:02.848Z",
"sha256": "614c5992133d61094b39b6a5d00a225d2fc7efe78ab0e59cd47c78275602cb59",
"ticketContents": [
{
"path": "AudioMap.dmg",
"digestAlgorithm": "SHA-256",
"cdhash": "9d4f500a2fd49769b99f921d3fbe8ef753604abe"
},
{
"path": "AudioMap.dmg/AudioMap.app",
"digestAlgorithm": "SHA-256",
"cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77",
"arch": "arm64"
},
{
"path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib",
"digestAlgorithm": "SHA-256",
"cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938",
"arch": "arm64"
},
{
"path": "AudioMap.dmg/AudioMap.app/Contents/MacOS/AudioMap",
"digestAlgorithm": "SHA-256",
"cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77",
"arch": "arm64"
},
{
"path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib",
"digestAlgorithm": "SHA-256",
"cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938",
"arch": "arm64"
}
],
"issues": null
}
Due to changes in macOS 15 Sequoia with respect to container privacy/privileges, I have observed warnings with one of my apps (non-sandboxed) when its subsidiary crash reporter process tries to access the host app's data folder.
I THINK I've worked around this issue by granting the crash reporter and the host app access to the same application group. I'm not 100% sure how all this works except that the problem went away :)
The problem is, once the problem goes away on a given system, it goes away for good! Even with subsequent attempts to open a version of the app before the fix was in place, the system warning is not presented. I've tried to reset SystemPolicyAppBundles on the app via tccutil, but it makes no difference.
Using the wisdom from one of Quinn's posts (https://developer.apple.com/forums/thread/706442) I set up a log stream invocation to try to gather clues, and I notice that when I launch my app now, I see messages like:
Found provenance data on process: TA(82542d1beaf132a6, 2), 51084
Process was already in provenance sandbox, skipping: 51084, TA(82542d1beaf132a6, 2)
I suspect this "provenance" may reflect the change in how the system treats my application.
First: I wonder if it's a bug that any change in "provenance" should retroactively apply to versions of the app before the change was made. Second, I wonder if there's some way to RESET this provenance so that I can reproduce the bug again? I might be able to reproduce it by changing the bundle ID for the app but for purposes of testing against existing, shipped versions of the app, I'd love to be able to reset things for sanity-checking.
I need signingkey, signingkeyId, TeamIdentifier and BundleIdentifier for a project (aws sns) but i want to have these in free apple developer account how can i do this, any help will be appreciated
when I trying to run my App in mac or iPhone, Xcode alert "Revoke certificate", and when I click "Revoke Certificate", it begin loading ,then become"Certificate installation failed". and if I click try again, it become "Revoke certificate" again, how to I resolve this problem.
"My .dmg notarization has taken more than 12 hours. Who should I contact for assistance?"
Successfully received submission info
createdDate: 2024-07-09T13:01:15.078Z
id: 62b98f94-e554-4194-a84c-3ec621311d47
name: SecuCompRSA.dmg
status: In Progress
Xcode:15.3.
macOS:14.3(23D56)
Hi,
I am getting following error from following command, although I am 100% sure that I am entering the right credentials:
Command:
xcrun notarytool store-credentials "MY_PROFILE" --apple-id “***” --team-id "yyy" --password "zzz"
Error:
Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct.
***->https://appleid.apple.com/account/manage/email and phone number -> apple id email (email address used for developer account)
yyy->https://developer.apple.com/account#MembershipDetailsCard/Team ID -> 10 digit nummer
zzz->https://appleid.apple.com/account/manage/App-Specific Passwords created and used
I just copy pasted every single item from the defined locations above.
I would appreciate for an answer.
Best Regards
My company is developing internal security software to deploy exclusively on corporate Mac endpoints. We are using the Endpoint Security framework, which requires the restricted com.apple.developer.endpoint-security.client entitlement. We were granted development access to this entitlement, but we have been denied distribution access. It's not practical to use ad-hoc provisioning for distributing the app internally to our users. Unfortunately the brief denial message did not provide any advice for a path forward.
If my company signed up for the Apple Developer Enterprise Program (https://developer.apple.com/programs/enterprise/), is it possible to grant the Endpoint Security entitlement for internal enterprise distribution? Otherwise, we appear to be stuck and unable to use Endpoint Security for our internal applications.
I received an app from 3rd party and need to sign it with my cert, but after following the work flow I get errors in iResign.
Create a Distribution Certificate
Create an Apple Developer Application Identifier
Create and Install a Push SSL Certificate
Create App Distribution Certificate (1 for all Ramco Apps)
Create an Apple Developer Provisioning Profile
Sign the App with iResign
Upload to Workspace One environment
I get this error when I run iResign;
/var/folders/qd/z7m3dzs52rddmlvcpm_ghyl00000gn/T/com.appulize.iresign/Payload/RamcoEFBiOS.app: replacing existing signature
Warning: unable to build chain to self-signed root for signer "iPhone Distribution: PHI, INC."
/var/folders/qd/z7m3dzs52rddmlvcpm_ghyl00000gn/T/com.appulize.iresign/Payload/RamcoEFBiOS.app: errSecInternalComponent
/var/folders/qd/z7m3dzs52rddmlvcpm_ghyl00000gn/T/com.appulize.iresign/Payload/RamcoEFBiOS.app: invalid Info.plist (plist or signature have been modified)
In architecture: arm64
I've tried to find answers on these forms but could not find anything to help me. If anyone has some insight on this please let me know.
Been using Xcode for a while with C++ set to sign locally (and objC before that). All worked ok. Looking to learn swift. Created a new, blank MacOS project, which starts compiling the template project (no code added yet by me) and fails with error "Command CodeSign failed with a nonzero exit code". It's set to automatically manage signing. I have valid development certificates. I've read lots of forum articles etc but unable to resolve.
Error description "resource fork, Finder information, or similar detritus not allowed" but it's exclusively apple code at this stage so would not expect any non-compliant files to be involved.
Any suggestions as currently I've fallen at the first hurdle on my Swift journey?
Full codesign command line below:
Signing Identity: "Apple Development: Steve Proctor (XXXXXXX)"
/usr/bin/codesign --force --sign xxxxxx -o runtime --entitlements /Users/steve/Documents/dev/t1/Build/Intermediates.noindex/Previews/macos/t1/Intermediates.noindex/t1.build/Debug/t1.build/t1.app.xcent --timestamp\=none --generate-entitlement-der /Users/steve/Documents/dev/t1/Build/Intermediates.noindex/Previews/macos/t1/Products/Debug/t1.app
/***/t1.app resource fork, Finder information, or similar detritus not allowed
Command CodeSign failed with a nonzero exit code
I am using the below fastfile script for my auto signed app.
lane :build_and_deploy do
api_key = app_store_connect_api_key(
key_id: "XXXX",
issuer_id: "***",
key_filepath: "/Users/runner/AuthKey_XXXX.p8"
)
begin
gym(
#scheme: scheme,
skip_package_ipa: true,
export_method: 'development',
xcargs: '-allowProvisioningUpdates -onlyUsePackageVersionsFromResolvedFile -parallelizeTargets CURRENT_PROJECT_VERSION=9840 MARKETING_VERSION=2.0.7 -authenticationKeyID XXXX -authenticationKeyIssuerID *** -authenticationKeyPath /Users/runner/AuthKey_XXXX.p8'
)
archive_path = lane_context[SharedValues::XCODEBUILD_ARCHIVE]
gym(
archive_path: archive_path,
skip_build_archive: true,
project: "helloSports.xcodeproj",
scheme: "helloSports",
clean: true,
xcargs: '-allowProvisioningUpdates -disableAutomaticPackageResolution -authenticationKeyID XXXX -authenticationKeyIssuerID *** -authenticationKeyPath /Users/runner/AuthKey_XXXX.p8',
skip_package_dependencies_resolution: true,
#export_method: "app-store",
export_method: "development",
)
I can understand for "app-store" export method the release bundle ID can be used, but for "development" bundle ID shouldn't the debug bundle ID be used? or in other words when will the debug bundle ID be used for exporting anyway??
Hello,
I am currently developing a macOS application using macOS 10.15.7 and Xcode 11.1. My application is distributed directly to users via a server, not through the App Store. I recently came across the following announcement:
"Starting November 1, 2023, the Apple notary service no longer accepts uploads from altool or Xcode 13 or earlier. If you notarize your Mac software with the Apple notary service using the altool command-line utility or Xcode 13 or earlier, you need to transition to the notarytool command-line utility or upgrade to Xcode 14 or later."
Given this change, I understand that I need to use notarytool or upgrade to Xcode 14 or later for notarization. However, upgrading my current development environment is not feasible at the moment.
I would like to know if it is possible to build my application on my current environment (macOS 10.15.7 and Xcode 11.1) and then transfer the built application to a separate machine running macOS 11.0 or later with Xcode 14 or later installed, to perform the notarization using notarytool.
Could you please confirm if this approach is acceptable and if there are any specific steps or considerations I should be aware of when using notarytool on a separate machine for notarizing my application?
Thank you for your assistance.
Best regards,
WJohn
Hi,
If anyone can please advise -- If signing a framework inside a XCFramework is recommended/mandatory?