I have an existing Xcode project that I am trying to add MusicKit to, but for some reason I am unable to. I have logged into my developer account, and ticked off the MusicKit checkbox under the Services tab of my app in the Certificates, Identifiers & Profiles section. In Xcode I have Automatically manage signing set to true. But MusicKit does not show up as a Capability, neither in the list of capabilities in my app, nor when trying to add it with the +Capability button. I have done this successfully before with Game Center, so I really do not understand why this does not work with MusicKit. Any ideas as to how this can be solved?

we are trying to build MacOS Desktop app using electron code sign-in and notarization has completed basically it is angular application but still unable to open the desktop app getting below error pop-up : screenshot of it. CrashReporter Key: XXXX-XXXX-XXXX-XXXX-XXXX Hardware Model: MacBook Pro (Obfuscated) Process: xnode [5798] Path: /Applications/[App Path]/Contents/MacOS/xnode Identifier: ai.xnode.xnode Version: 1.0.0 (1.0.0.43313) Code Type: X86-64 (Native) Role: Default Parent Process: launchd [1] Coalition: ai.xnode.xnode [5056] Date/Time: [Redacted for Privacy] OS Version: macOS 14.6.1 (23G93) Release Type: User Report Version: 104 Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid)) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: CODESIGNING 1 Taskgated Invalid Signature Triggered by Thread: 0 Thread 0 Crashed: 0 dyld_path_missing 0x10dbb4010 _dyld_start + 0 1 main_executable_path_missing 0x10b395000 ??? Thread 0 crashed with X86 Thread State (64-bit): rax: 0x0000000000000000 rbx: 0x0000000000000000 rcx: 0x0000000000000000 rdx: 0x0000000000000000 rdi: 0x0000000000000000 rsi: 0x0000000000000000 rbp: 0x0000000000000000 rsp: 0x00007ff7b4b6abf8 rip: 0x000000010dbb4010

I’m developing an app on .NET8 for macOS and encountered an issue during App Review with feedback: "An error showed upon launch. The app cannot be opened because the developer cannot be verified. This may be due to an issue with your app’s Gatekeeper conformance." Additionally, the provided screenshot showed this message: "Application is damaged and can't be opened. Delete and reinstall from App Store." Here’s the process I follow to create the package: Build the application. Sign it using the following command: codesign --force --verify --verbose --deep --options runtime --timestamp --entitlements ../Entitlements.plist -s '3rd Party Mac Developer Application: [ID]' Demo.app Create the package using this command: productbuild --component Demo.app /Applications --sign '3rd Party Mac Developer Installer: [ID]' Demo.pkg After installing the app from TestFligt it doesn’t show the errors. Could someone please advise on what might be causing this issue and how I can fix it? The Entitlements.plist file contains the following keys and values: <key>com.apple.application-identifier</key> <string>[ID].com.demo.appc</string> <key>com.apple.developer.team-identifier</key> <string>[ID]</string> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.files.bookmarks.app-scope</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> The project file snippet includes the following configuration for the release build: <OutputPath>bin\Release</OutputPath> <Optimize>true</Optimize> <NoStdLib>true</NoStdLib> <UseSGen>false</UseSGen> <UseRefCounting>false</UseRefCounting> <TlsProvider>Default</TlsProvider> <PublishTrimmed>true</PublishTrimmed> <TrimMode>partial</TrimMode> <RunAOTCompilation>false</RunAOTCompilation> <EnablePackageSigning>true</EnablePackageSigning> <CodeSigningKey>3rd Party Mac Developer Application:[ID] </CodeSigningKey> <EnableCodeSigning>True</EnableCodeSigning> <CreatePackage>false</CreatePackage> <PackageSigningKey>3rd Party Mac Developer Installer:[ID] </PackageSigningKey> <Profiling>false</Profiling> <CodeSignProvision>provfile</CodeSignProvision> <CodeSignEntitlements>Entitlements.plist</CodeSignEntitlements> <LangVersion>default</LangVersion>

Hello, I can see this option in my certificate on the developer.apple.com platform. The entitlements file is updated with: com.apple.developer.proximity-reader.payment.acceptance code-block I’ve created a new profile for development and App Store, but in Release mode, my profile is not recognized… What configuration might be missing?

Where is my redeem code

I want to run a nap. I'm developing on my actual iPhone previously. I have been able to do this but the phone is now missing from two computers. It appears in devices and simulators on both machines.

We have two memberships under the same account (Enterprise and Organization) and that both share the same Team Name, which is causing issues in iOS 18. as per latest email get from Apple regarding security update in iOS 18. How can i get unique Team Names to my Enterprise and Organization memberships. Where should i have to connect? Who can help ?

I get the error message in Xcode signing certificate Provisioning profile "iOS Team Provisioning Profile: com.example.app" doesn't include the pushkit entitlement. I have push notifications ticked in my Identifier in the online developer account. There is no other dedicated pushkit capability available to select. Push notifications, time sensitive notifications and background mode-> voice over ip are added as capabilities in the Xcode project. The team provisioning profile for the app states under its enabled capabilities: both push notifications and time sensitive notifications. Is pushkit part of another capability that I need to select? I have read the guide below and it just says to add the push notification capability. https://developer.apple.com/documentation/pushkit/supporting-pushkit-notifications-in-your-app I have gone round and round in circles trying to get this profile to work for this, so any pointers would be much appreciated. Thanks

Hello, I get this message when building from a .net maui app. I think I followed all the steps. I've downloaded my provisioning profile from developer.apple.com and my instructions (you tube) said to double click it and XCode will open. It does that but I don't see where the provisioning profile goes in xCode. I followed another link which told me to delete everything in /Users/username/Library/MobileDevice/Provisioning Profiles and after doing that I don't see any files reappearing when I click the provisioning profile from finder. Did I mess myself up following internet articles again? I'm running XCode Version 16.2 (16C5032a) under accounts I can see my appleid linked but I don't see the provisioing profile I loaded. Sorry very new at Mac development (and kinda cheating using Maui) Save me apple gods, Steven

I am having the most difficult time trying to figure out the process for just getting my development .p12 figured out. Full disclosure, being a windows user does not make my life any easier. Seems fairly straightforward on a mac (which I do not have) So I thought I would come here and see if I could collect information on getting working certs and keys on windows pc. Here's what I have so far: -OpenSSL -openssl req -nodes -newkey rsa:2048 -keyout private_key.key -out cer_sign_request.csr Generates a key and a sign request. went to dev portal submit CSR --> recieved CER -back to OpenSSL -openssl x509 -in ios_development.cer -inform DER -out ios_development.pem -outform PEM CER-->PEM -openssl pkcs12 -export -inkey keyname.key -in ios_development.pem -out ios_development.p12 -"No cert in -in file 'ios_development.pem' matches private key" so here I am. Lost. Mind you I've tried the process in a few different ways and now I am on a mission to find my "private_key" somehow with no way to access keychain. I dunno feels convuluted. for good reason I am sure. If anyone has a streamlined version of how to get this done I will be forever indebted to you. Your time is greatly appreciated. for futher context I am just trying to get an eas build on my phone from expo. Thankyou!

我们开发了一款SDK，并用自签名证书对SDK进行了签名，我们的证书会在2025年1月30日到期，到期后对已发布至appstore的app会有影响吗？ 用户在2025年1月31日打开app时，会因为自签名证书到期而闪退吗？有不少app集成了我们的SDK，这个问题对我们来说非常紧急和重要，麻烦尽快回复，谢谢！ 以下是我们的签名步骤： 自签名步骤：self-signed certificate xcframework 1、钥匙串创建：证书助理-创建证书-自签名根证书+代码签名 2、自行签名根证书修改信任设置 3、对已经打包好的xcframework进行签名 （官方命令示例）codesign --timestamp -v --sign "证书名字" ~/Desktop/MySDK.xcframework

When connected to the company's internal network without accessing the Internet, can an IPA installation package be generated if the certificate files are imported in advance?

How do I replace an Apple Developer ID Certificate that indicates it is not trusted? When I look at my Certificate Expiring 02-20-2025, I see a valid status displayed. (See annotation #1.) However, when I look at my Apple Developer ID Certificate renewal, I see the words not trusted. (See annotation #2.) I downloaded the renewal certificate and double double-clicked the downloaded item to place it in my KeyChain. This certificate period is from 01-21-2025 to 01-22-2030. QUESTIONS Why does the renewal certificate say "certificate is not trusted"? (Its period is 01-21-2025 to 01-22-2030. Today is 01-27-2025.) How did the renewal certificate get damaged? What must I do to get the damaged certificate replaced with a valid one?

mac .cer证书不能导出.p12证书 不知道那个步骤出错

I have created a XPC server and client using C APIs. I want to ensure that I trust the client, so I want to have a codesigning requirement on the server side, something like - xpc_connection_set_peer_code_signing_requirement(listener, "anchor apple generic and certificate leaf[subject.OU] = \"1234567\"") This checks if the client code was signed by a code-signing-identity issued by Apple and that the teamID in the leaf certificate is 1234567. My questions are- Is using teamID as a signing requirement enough? What else can I add to this requirement to make it more secure? How does xpc_connection_set_peer_code_signing_requirement work internally? Does it do any cryptographic operations to verify the clients signature or does it simply do string matching on the teamID? Is there a way actually verify the clients signature(cryptographically) before establishing a connection with the server? (so we know the client is who he claims to be)

Hi Team, I have created multiple certificates for macOS application. Below are the certificates created- Apple Development Certificate DeveloperID Installer Certificate Apple Distribution Certificate others certificates Later, I have imported the all these above certificates in keychain-access. Now, I tried to compile the code through Xcode. I am getting error for code signing certificate. Warning: unable to build chain to self-signed root for signer "Apple Development: Amit (M2WMF2YERI)” .... Command CodeSign failed with a nonzero exit code When I checked the TeamID of User(Amit) I can see that his current TeamID is [P8ZW3W9R2Q]. There is mismatch of teamID in apple development certificate generation. Note- All certificates are generated with current TeamID[P8ZW3W9R2Q] of user (Amit) except Apple Development certificate which has been generated with TeamID [M2WMF2YERI] which is generated with old TeamID of user (Amit). I attempted to generate the apple development certificate multiple times but it is getting generated with old TeamID TeamID[M2WMF2YERI] of user(Amit)
 Summary- While creating a developer certificate using apple developer account and mapping it in keychain, the certificate is being generated with old apple account details (Inactive) instead of the current one. This is causing issues when using the certificate in keychain. If anyone has encountered this issue, how it was resolved?

Hi Team, I have created multiple certificates for macOS application. Below are the certificates created- Apple Development Certificate DeveloperID Installer Certificate Apple Distribution Certificate others certificates Later, I have imported the all these above certificates in keychain-access. Now, I tried to compile the code through Xcode. I am getting error for code signing certificate. Warning: unable to build chain to self-signed root for signer "Apple Development: Amit (M2WMF2YERI)” .... Command CodeSign failed with a nonzero exit code When I checked the TeamID of User(Amit) I can see that his current TeamID is [P8ZW3W9R2Q]. There is mismatch of teamID in apple development certificate generation. Note- All certificates are generated with current TeamID[P8ZW3W9R2Q] of user (Amit) except Apple Development certificate which has been generated with TeamID [M2WMF2YERI] which is generated with old TeamID of user (Amit). I attempted to generate the apple development certificate multiple times but it is getting generated with old TeamID TeamID[M2WMF2YERI] of user(Amit)
 Summary- While creating a developer certificate using apple developer account and mapping it in keychain, the certificate is being generated with old apple account details (Inactive) instead of the current one. This is causing issues when using the certificate in keychain. If anyone has encountered this issue, how it was resolved?
 Thanks

In an expo managed project which utilizes custom expo plugins, we're having trouble getting the keychain-access-groups entitlement inserted to our provisioningprofile for signing. The provisioning profile we download from apple dev portal contains: <key>keychain-access-groups</key> <array> <string>56APMZ7FZY.*</string> <string>com.apple.token</string> </array> and this is not recognized by xcode for signing; an error is thrown: Provisioning profile "ccpp" doesn't include the com.apple.developer.keychain-access-groups entitlement. A matching error is thrown during EAS build. So we need to find a way to modify the ccpp.mobileprovision locally and then sign the build using the modified ccpp.mobileprovision. Or, we need guidance on the proper way to resolve this situation. Questions: why does the downloaded mobileprovision file have the keychain-access-groups key, and not com.apple.developer.keychain-access-groups? Both Xcode and EAS appear to demand the latter keyname. when I use expo prebuild, I am able to see the following in the .entitlements file: <key>com.apple.developer.keychain-access-groups</key> <array> <string>$(AppIdentifierPrefix)com.myapp</string> </array> I am adding this entitlement using a custom expo plugin. However, the mobileprovision file downloaded from apple developer portal has no knowledge of this setting which is only applied through expo prebuild. So what I am left with at the end is an entitlements file generated by my expo prebuild which has the correct setting, and a provisioningprofile downloaded from dev portal with an incorrect setting, and I don't know how to mend the downloaded provisioningprofile (incorrect setting) with my local entitlements file (correct setting).

We have a MacOS application that we plan on distributing standalone (it'll be installed through MDM or directly, not through the app store). We utilize endpoint security and full disk access for this (enterprise) app. I have a makefile that uses codesign to sign the app inside-out. All that appears to work (i.e., when I try to run the app directly it functions as I expect it to). What's the recommended way to allow the developers in my team to also sign the app for local development so it functions as close as possible to production? My first thought is to distribute the developer identity to their machines using MDM. However, ideally i'd like to rule out the ability for a developer who has the MDM profile assigned to export the keys. That really only leaves a centralized solution in place or disabling SIP on their system (which I don't want to do). Alternatively, would creating a separate identity for production make more sense, so that in the case the developer certificate is revoked, the production releases continue to function as normal (however, I assume this would also require creating two different profiles for the endpoint security entitlement--one for each certificate). Thanks! Derek

Howdy, I thought this would be an easy question, but it turns out it's really not! In fact, it flies in the face of how the Apple ecosystem is set up. That said, I still need an answer to be able to inform our customers of what their app update options are. The question: Does app store provisioning ever expire? Based on the very limited information I can find, it either expires in one year, two years, or never. Anecdotal evidence seems to indicate that the answer could be never, but I need to confirm this. The use case: Some of our customers are very old school. They tend to find a technical solution and stick with it. As such, they do not update apps regularly on their field iPads. They generally only update when they are forced to. They use MDM to deploy the app, and would set the MDM not to pull updated apps from the app store when available, essentially keeping the same version of the app in use for as much as 3 years or more. If this were to happen, I need to know if the provisioning for the old version of the app will ever expire if they get it from the app store. I know with an enterprise deployment of .ipa files via MDM, the app provisioning/certificate will expire after 1 or 2 years (can't remember which atm), but I can't find an answer about app store provisioning. Hopefully someone can provide me with an answer on this forum. Thanks in advance, Mapguy