I'm currently befuddled by the entire signing and certificate process. I don't understand what I need, what the team admin needs to do, or how to go about doing it so that I can build the project. We've managed to have this working in the past but I guess the system has changed somewhat. Here's what we have going: A Unity project which hasn't changed from a few years ago. I build the project in unity, open the Xcode project and this: There's an issue with the Signing and Capabilities. If I choose automatic setup it shows an error saying that it requires a development team. I had the account admin add my Apple ID to the team so I'm not sure why that's an issue still. Do I need to pay the 99$ to be able to building Xcode? If I try to do it manually I select the provisioning profile that the account admin sent me and it auto selects the team associated with the provisioning profile I guess but then there's no singing certificate. The error says: There is no signing certificate "iOS Development" found. No "iOS Development" signing certificate matching team ID "V7D5YBZRMV" with a private key was found. So, if someone could explain to me like I'm 5 the entire signing and certificate process is and let me know what we're doing wrong with the team/provisioning profile/certificate setup I would be very much appreciative.

I facing issue where the system extension i try to install have message: no related kext found for sysex 'com.apple.usbsoundriver' com.apple.usbsoundriver:extension failed to validate! uninstalling... uninstalling invalid extension com.apple.usbsoundriver Is internet access is required for system extension validation? I install the driver without internet access. This work in some others machine, only fresh reformated Mac machine without internet connection have this issue. Why is this so?

I got this error while compiling to macOS app on flutter, can anyone help this problem ? error : replacing existing signature, resource fork, Finder information, or similar detritus not allowed

I have tried to manually install binaries using Finder by clicking and dragging from the Desktop into "/usr/local/bin/". The binaries come with a collection of frameworks etc. All the binaries are adhoc signed. macOS asks for Admin credentials which is fine. But then, when I execute the binaries in Terminal, Gatekeeper shows the now expected "'[binary"] Not Opened Apple could not verify ........" etc. It shows that dialog for every component and requires user input 2-3 times to allow each component of which there are perhaps dozens. BUT, none of that happens if I install those binaries using AppleScript. So, it might have a call like this: do shell script "curl -L " & download_URL & " -o " & download_binary_zip with administrator privileges do shell script "unzip -o " & download_binary_zip & " -d " & usr_bin_folder with administrator privileges The resulting installs work perfectly. Is this intended ? Using both install methods requires Admin credentials. Why does using a script work but using Finder does not ?

I'm using PyBind11 to allow use of Python code within my C++ application. The application links successfully, but on the py::module::import below: LOGICAL WebServer:: CheckForPort() { EPython::Prepare(); auto socket = py::module::import("socket"); auto s = socket.attr("socket")(socket.attr("AF_INET"),socket.attr("SOCK_STREAM")); if (s == Py_None) return L_TRUE; auto rc = s.attr("connect_ex")("localhost",8810); // // Returns zero if port in in use // return (rc.cast<int>() == 0); } I get a run-time error libc++abi: terminating due to uncaught exception of type pybind11::error_already_set: ImportError: dlopen(/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so, 0x0002): tried: '/Users/Shared/Develop/IntelApps/WinTD 5/DerivedData/WinTDOSX/Build/Products/Debug/math.cpython-311-darwin.so' (no such file), '/usr/lib/system/introspection/math.cpython-311-darwin.so' (no such file, not in dyld cache), '/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so' (code signature in <855730B8-106D-389C-BF65-36A98463EDB5> '/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs), I have no idea how to fix the code signature error---this is intended for distribution, so that presumably would be a file on the user's computer. I tried to link in the .so file, but that's a rabbit hole as there are a near endless set of further dependencies.

Hi, I have an Electron app that I build, sign, notarize, and staple using electron-builder. It includes Sound Exchange (SoX), which I was invoking from the homebrew installed version. It builds a dmg and works fine. However, my users are non-technical, thus cannot be expected to install dev tools, homebrew, and sox from the command line and set paths. Therefore, I need to include a SoX binary in my app. I have a static SoX binary that works. However, when I try to run it from my electron app, I get Error: spawn / <path>/sox EACCES. Electron-builder is signing the SoX binary codesign --sign <sign number> --force --timestamp --options runtime --entitlements dist/entitlements/entitlements.mac.plist /<app path>Contents/Resources/bin/sox/sox The app sign/notarize works fine, the dmg mounts, and the app runs until I try to invoke SoX. Also, I verified the sox binary and entire app are signed and the app staple is valid. I am running the app from /Applications. Please help me!

My mac os is 15.0.1. Using .p12 file (included ios developer and ios distribution), to keychain login tried to register iPhone Developer and iPhone Distribution. But iPhone Distribution is not displayed.

Hi Apple community, many thanks in advance for your help. My macOS app embeds a Python interpreter, compiled from source, including the Python executable and its associated libraries. We have tried compiling the project with Xcode 16.0 and 16.1 beta 2 over MacOS Sequoia 15.0 and 15.1 This is how the project looks like: SampleApp.app SampleApp.app/Contents SampleApp.app/Contents/MacOS SampleApp.app/Contents/MacOS/SampleApp SampleApp.app/Contents/MacOS/bin SampleApp.app/Contents/MacOS/bin/python3.11 SampleApp.app/Contents/Resources SampleApp.app/Contents/Resources/lib SampleApp.app/Contents/Resources/lib/python3.11 SampleApp.app/Contents/Resources/Info.plist Since we want to 'initially' distribute the app directly, Python binary is signed as follows: codesign --deep --force --options runtime --timestamp --sign "$DEVELOPER_ID_APPLICATION" "$BINARY_PATH" App entitlements contain the next entries: &amp;lt;key&amp;gt;com.apple.security.app-sandbox&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.files.downloads.read-write&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.files.user-selected.read-only&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.files.user-selected.read-write&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.network.client&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; &amp;lt;key&amp;gt;com.apple.security.network.server&amp;lt;/key&amp;gt; &amp;lt;true/&amp;gt; The resulting app is signed with entitlements, notarised and stapled. Once the app is running, we can see the next error on Console: Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={TCCDProcess: identifier=[IDENTIFIER]], pid=58826, auid=502, euid=502, binary_path=[PATH]}, requesting={TCCDProcess: identifier=com.apple.appleeventsd, pid=824, auid=55, euid=55, binary_path=/System/Library/CoreServices/appleeventsd}, Python process is not running, we can't see any AMFI message. Next we added to Signing and Capabilities 'Apple Events' from Hardened Runtime section. The resulting app gets signed, notarised and stapled, but when running we get only the next errors: error 09:42:32.787744+0200 SampleApp Can't find or decode reasons error 09:42:32.787832+0200 SampleApp Failed to get or decode unavailable reasons Just in case it is relevant, this is how the app interacts with Python: process.executableURL = URL(fileURLWithPath: [PATH_TO_PYTHON_BIN]) process.environment = environment process.arguments = arguments process.standardOutput = pipe try process.run() process.waitUntilExit() We truly appreciate any guidance, help or advice. Thanks!!

I would like to share my new project on an open source repository like GitHub. it need capabilities like iCloud. The problem is that I would prefer not have my appleid email being send to the open source repository. I saw that I can exclude files but I would be easier if the open source version had no Apple account associated with it. how should I manage the open source version vs the App Store one. Thank you

CodeSign /Users/abc007/Library/Developer/Xcode/DerivedData/App-fjztkcxqsstohgfvqdfnedgpwltj/Build/Intermediates.noindex/ArchiveIntermediates/App/InstallationBuildProductsLocation/Applications/App.app (in target 'App' from project 'App') cd /Users/abc007/Documents/WorkSpace/RegulusIT/Release_Oct_2024/UI\ Backup/ios/App Signing Identity: "Apple Development: Yatin Ghat (JS84GYN3O4)" Provisioning Profile: "iOS Team Provisioning Profile: www.rightschool.net" (bdc0759d-b9d0-4470-8e3f-b5b67d3c2586) /usr/bin/codesign --force --sign 82C0E5904219E333688CE627A21522F732446038 --entitlements /Users/abc007/Library/Developer/Xcode/DerivedData/App-fjztkcxqsstohgfvqdfnedgpwltj/Build/Intermediates.noindex/ArchiveIntermediates/App/IntermediateBuildFilesPath/App.build/Release-iphoneos/App.build/App.app.xcent --generate-entitlement-der /Users/abc007/Library/Developer/Xcode/DerivedData/App-fjztkcxqsstohgfvqdfnedgpwltj/Build/Intermediates.noindex/ArchiveIntermediates/App/InstallationBuildProductsLocation/Applications/App.app /Users/abc007/Library/Developer/Xcode/DerivedData/App-fjztkcxqsstohgfvqdfnedgpwltj/Build/Intermediates.noindex/ArchiveIntermediates/App/InstallationBuildProductsLocation/Applications/App.app: errSecInternalComponent Command CodeSign failed with a nonzero exit code

Hi, the documentation says that an application bundle for Mac OS X can have a Frameworks folder within Contents. Using a framework for console applications (no bundle) and GUI applications (bundle), I cannot load the console applications anymore on Ventura. Prior to Ventora I have tested and ran both on Mojave or earlier - I am not sure. To fix the issue, I have moved the frameworks within the application bundle to match the rpath for /Users/lothar/Library/Frameworks when I place the console into /Users/lothar/bin, the same rpath for application bundles works for those within the bin folder. Can I publish an application bundle with that modified layout or do I have to expect getting problems and do rather a Symlink pointing from /Users/lothar/Frameworks to /Users/lothar/Library/Frameworks? Thanks, Lothar

We are facing following message "A timestamp was expected but was not found" during codesign for following .dylib and .pkg and it cause notarization process failed. We are facing this issue for last 3 days. we have access for timestamp.apple.com and 17.0.0.0/8 and we didn't change firewall settings. We are facing this issue randomly and not for all time(scenario is 3:1). We tried the below command to sign the package, codesign --verbose --deep --force --timestamp --options=runtime --sign "" Kindly let us know how to fix this probelm. traceroute timestamp.apple.com traceroute to timestamp.v.aaplimg.com (17.157.80.35), 64 hops max, 52 byte packets .... 10 17.0.9.19 (17.0.9.19) 185.693 ms 17.0.9.17 (17.0.9.17) 180.932 ms 189.060 ms 11 * * * 12 17.0.17.141 (17.0.17.141) 191.513 ms * 17.0.17.137 (17.0.17.137) 183.086 ms 13 * * * 14 * * *

Hi our team is looking into feasibilities of appending customized data to personalized installer, so that we can make new users onboarding experience better. I did some investigations. Append token data to xattr to a dmg, I went though this smoothly. I can successfully retrieve the data back, and the app can still be launched successfully. Want to make sure this doesn't require the dmg to be re-signed and re-notarized, and I didn't miss any steps in between I created a fake simulation app try to sign and notarize. Signing the dmg seems to be successful, but when I notarize, it gave me back Invalid status. Is there anything wrong? This is the signature: Executable=/Users/myname/myname/poc/MySimulation.dmg Identifier=MySimulation Format=disk image CodeDirectory v=20200 size=304 flags=0x0(none) hashes=1+6 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=e2a149614f6e0e3939db3a 4c762adda0e8c24 CandidateCDHashFull sha256=e2a149614f6e0e3939db3a3054adda0e8c24f597ddf4c4503cd27fb83821 Hash choices=sha256 CMSDigest=e2a149614f6e0e3939dba3054c62adda0e8c24f597ddf4c4503cd27fb83821 CMSDigestType=2 CDHash=e2a149614f6e0e39393a3054c762adda0e8c24 Signature size=4789 Authority=Apple Development: myId (someId) Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA Signed Time=Oct 14, 2024 at 3:46:08 PM Info.plist=not bound TeamIdentifier=W3TC3HXUZC Sealed Resources=none Internal requirements count=1 size=188 Do you have any other recommendations for us to append some data that doesn't break signing / notarization?

App is signed, notarized and stapled, I send that dmg file with file transfer tool, it can open correctly on other mac without any warning or error. However, if I send that dmg file through IM to the same mac, it will produces the "cannot check it for malicious software" error. I check the transfered dmg with spctl -a -t open -vvv --context context:primary-signature MyApp.dmg, it show source=Notarized Developer ID; origin=*** How can I resolve this issue?

We have a native ARM64 application. The application is a development environment and native compiler for the language Common Lisp. CL has a foreign function interface, which allows loading of .dylib files into CL and calling functions in them from CL. For this reason, we add certain entitlements. See below. It is notarized and installed on macOS 14.7. When I run spctl on it I get this: $ spctl --assess -v /Applications/AllegroCL64.app /Applications/AllegroCL64.app: rejected (the code is valid but does not seem to be an app) That’s before I run it. Which is odd because the app is notarized. When I run the app, it asks for a license file and installs it into /Applications/AllegroCL64.app/Contents/Resources/ and after that, the spctl shows this: $ spctl --assess -v /Applications/AllegroCL64.app /Applications/AllegroCL64.app: a sealed resource is missing or invalid I assume the mere act of copying the license (a file called devel.lic which is a small text file) is causing this. Why does it say it “does not seem to be an app”? This self-modification of the files in the Contents/Resources directory is a huge feature. We allow downloading of patches, which add features and fix bugs in the product. Is this going to be a problem, going forward? I don’t remember seeing this result from spctl before and I have a feeling it’s a new , due to tightening of security policies, etc. All of this is quite worrying to us. More details of the app: $ codesign -vvvv mlisp mlisp: valid on disk mlisp: satisfies its Designated Requirement $ codesign -d --entitlements - /Applications/AllegroCL64.app Executable=/Applications/AllegroCL64.app/Contents/MacOS/AllegroCL64 [Dict] [Key] com.apple.security.cs.allow-dyld-environment-variables [Value] [Bool] true [Key] com.apple.security.cs.allow-jit [Value] [Bool] true [Key] com.apple.security.cs.disable-library-validation [Value] [Bool] true [Key] com.apple.security.get-task-allow [Value] [Bool] true $ Other details: The app was built with the Command Line tools version 2395 on macOS 12.x.

Incremental builds using xcodebuild are very slow, around 3x slower when compared to the same build using Xcode. Recently, I discovered that CODE_SIGNING_ALLOWED=NO" fixed the issue, but of course, I can't then run iOS app. It seems like automatic signing using xcodebuild is somehow broken. Therefore, I think I could set CODE_SIGNING_ALLOWED=NO" and sign it manually later. However, I'm not sure how to do that. I checked what Xcode does and it's: /usr/bin/codesign --force --sign - --entitlements /Users/wkulik/Library/Developer/Xcode/DerivedData/XYZ-hblnhsksxjrctzekqmlevcflnsji/Build/Intermediates.noindex/XYZ.build/Debug-iphonesimulator/XYZ.build/XYZ.app.xcent --timestamp\=none --generate-entitlement-der /Users/wkulik/Library/Developer/Xcode/DerivedData/XYZ-hblnhsksxjrctzekqmlevcflnsji/Build/Products/Debug-iphonesimulator/XYZ.app However, if I run xcodebuild with disabled signing I don't have XYZ.app.xcent required by this command. I also tried: codesign --force --deep --sign "Apple Development: John Snow (XYZ)" /Users/wkulik/Library/Developer/Xcode/DerivedData/XYZ-hblnhsksxjrctzekqmlevcflnsji/Build/Products/Debug-iphonesimulator/XYZ.app but the app immediately terminates (the same way like when unsigned). Could anyone help with that?

Hi Team, mac installer is crashing in macos15 after successfully installing. but it is working in below mac os versions. .app file in successfully code signed and notarized. crash logs is attahced, please check. sh-2024-10-17-124323 2 1.ips below is our entitlement.plist file for reference. we are clueless what is causing issues in macos 15 as we are unable to luanch it post succesful installation. please kind take a look into the logs attached and help us resolve the issues. Thanks, NareshG

Hi all, I have two apple accounts. Stupidly my project is written in Account A and my paid developer account is Account B. When I tried to archive and publish under Account A, it says "Team "*** (Personal Team)" is not enrolled in the Apple Developer Program". But when I add a team to Account B, "Command CodeSign failed with a nonzero exit code". I know it is not the code itself because it runs fine when I use Account A. Just couldn't publish. Any advice? Many many thanks

Codesigned and notarized app cannot directly write files inside the app bundle (neither in my.app/Contents/Resources/ nor my.app/Contents/MacOS/). Are there any restrictions regarding this? Is there a way to bypass these restrictions? Here is the situation I encountered: The main app contains several sub-apps and sub-executables. When the main app calls the sub-apps or sub-executables, it can write files within the app bundle, but when executed directly, it cannot write files. The app is usually opened using the GUI, and when using the command line, neither the main app nor the sub-apps/sub-executables can write files within the app bundle. My codesigning environment is: Sonoma 14.0 on mac mini M1. I manually sign the app directly using the codesign command in CI instead of using Xcode. The process will traverse all of the files and sub-apps in the app folder and sign them from the deepest paths to the shallowest paths. I also tried applying this process to other applications, but all of them encountered the same issue of failing to write files. The app should not be sandboxed (I did not add sandbox entitlements). I have tried adding the entitlement com.apple.security.files.user-selected.read-write, but this has not resolved the issue.

In the past, I used to export a developer-signed test version of my macOS app in Xcode, create a zip archive from the Finder, upload it to my website and share the link to the testers. The last time I did this with macOS 14 the tester was still able to download the test app and run it. But it seems that with macOS 15 the trick to open the context menu on the downloaded app and click Open to bypass the macOS warning that the app couldn't be checked when simply double-clicking it, doesn't work anymore. Now I'm always shown an alert that macOS couldn't check the app for malware, and pushes me to move it to the bin. In this StackOverflow topic from 10 years ago they suggested to use ditto and tar to compress and uncompress the app, but neither worked for me. How can I share macOS apps that I signed myself with testers without physically handing them a drive containing the uncompressed app?