Hi,
Do we need a new Certificate, a new Identifier and a new Profile for each app that we want to create?
Thanks,
Best,
Steeve
General
RSS for tagDemystify code signing and its importance in app development. Get help troubleshooting code signing issues and ensure your app is properly signed for distribution.
Post
Replies
Boosts
Views
Activity
I am unable to run any Xcode projects - new or old. I think I messed up my certificates or profiles as I kept deleting and adding new versions but I have no idea how to fix this.
Any help would be greatly appreciated.
Have been working on a Java Open Source project for 8 years with the last 2+ years on a cross-platform desktop GUI for it with a separate updater. The self-contained application runs on Linux and Windows - now I'm trying to figure-out Mac.
Have had a Macbook Pro 13" Late 2013 Retina running Big Sur 11.7.10 for 3 weeks. Very new to Apple, but a retired 48-year engineer trying to support MacOS for the first time.
Building with Ant and appbundler task, https://github.com/TheInfiniteKind/appbundler, then creating a DMG with DMG Canvas, https://www.araelium.com/dmgcanvas. Deliberately supporting older systems due to the nature of this data management and back-up application. It's been adapted to the MacOS look 'n feel.
Questions:
If I sign-up as an Apple Developer and pay the fee will this 2013 Macbook Pro still be able to sign DMG files - that will work on the latest MacOS - after the end-of-support in December 2023?
For a updater: Should both the main application and separate updater both be signed? The basic process is: Download updater into system temp folder, prepare and execute updater, stop desktop application, updater downloads new version, prepares and copies update to installed location, then restarts desktop application and ends the updater.
I'm old and have setup this Open Source project and web site so that it can be passed-off to others when I stop, one way or another. Can the developer account or certificate credentials be transferred to someone else at that time?
Guidance for a noob would be appreciated. Thank you for your time.
The project, not released yet: https://github.com/Corionis/ELS/tree/Version-4.0.0
Sehr geehrte Damen und Herren,
ich wende mich an Sie als Entwickler im Rahmen eines akademischen Projektes. Aktuell arbeite ich an meiner Bachelorarbeit, in der ich eine mobile Anwendung für iOS-Geräte entwickle. Für den Erfolg dieses Projektes ist es essentiell, präzise Informationen über die Hardware-Komponenten spezifischer iPhone-Modelle zu haben, insbesondere des iPhone SE mit der Modellnummer MMXN3ZD/A und der iOS-Version 17.1.1.
Mein Hauptinteresse liegt in den genauen technischen Spezifikationen der im iPhone SE verbauten LEDs und des CCD- oder CMOS-Bildsensors (je nachdem, ******* Typ verwendet wird). Für mein Projekt ist es entscheidend, die spektralen Eigenschaften dieser Komponenten zu verstehen:
LED-Spezifikationen: Ich benötige Informationen über die Spektren der LEDs, insbesondere welche Wellenlängen des Lichts sie emittieren. Dies ist relevant für die Funktionalität meiner App, die sich auf fotometrische Analysen stützt.
CCD-/CMOS-Sensorspezifikationen: Des Weiteren ist es wichtig für mich zu wissen, für welche Wellenlängen der im Gerät verbaute Sensor empfindlich ist. Diese Information ist kritisch, um die Interaktion zwischen dem Sensor und der beleuchteten Umgebung korrekt zu interpretieren.
Die Ergebnisse meiner Forschung und Entwicklung werden nicht nur für meine akademische Arbeit von Bedeutung sein, sondern könnten auch wertvolle Einblicke für die Weiterentwicklung von iOS-Anwendungen in meinem Studienbereich bieten.
Ich wäre Ihnen sehr dankbar, wenn Sie mir diese Informationen zur Verfügung stellen könnten oder mich an eine entsprechende Abteilung oder Ressource verweisen würden, wo ich diese spezifischen technischen Daten erhalten kann.
Vielen Dank im Voraus für Ihre Unterstützung und Kooperation.
Mit freundlichen Grüßen,
Mohammad Jbeh
I was reading through this post:
https://developer.apple.com/forums/thread/718583
I've been able to reproduce this behavior by double-clicking a DMG in the Finder while the Mac is Offline. I checked the Notarization status of the app via spctl and it shows "Notarized Developer ID". So sure enough, Quinn's comment about Gatekeeper "ingesting" the notarization ticket stapled to the DMG and automatically applying it to the app inside is 100% spot-on.
However, I can't seem to get the same behavior to happen when mounting the DMG via hdiutil in Terminal. While Offline, I do a:
hdiutil attach /path/to/my/dmg.dmg
and then
spctl -a -t exec -vvv /Volumes/path/to/my/mounted/dmg/myapp.app
After the spctl I'm seeing
/Volumes/path/to/my/mounted/dmg/myapp.app: rejected
source=Unnotarized Developer ID
origin=Developer ID Application: My Developer Creds (XXXXXXXXXX)
Is there a way to get Gatekeeper to "ingest" the notarization ticket stapled to the DMG when using hdiutil while Offline?
Note 1: If I use hdiutil while online, everything works as expected.
Note 2: I'm testing all this via a VM of macOS 12.7.1, if that makes any difference.
Thanks!
I've built an app in Electron. I am in the process of preparing to release the app on my website as a free download. Since the app is free, I'm not really looking to spend a ton of money on security certificates. I can get the app to work on Windows by clicking through the Windows Defender, but I cannot run it at all on Mac even after disabling Gatekeeper.
So my question is... Is it possible for me to get a certificate for my Electron app through the apple developer program. Keep in mind I have never touched the apple developer ecosystem.
Avoiding subscriptions for this app's security certificates is what I am looking for. As that is all I have seen as options online so far. Any other suggestions are more than welcome!
Thanks in advance!
I'm encountering an intermittent issue while trying to run safaridriver on macOS Sonoma. Here are the details of the problem:
I ran sudo /usr/bin/safaridriver -p0 --enable in the beginning.
After that when I run this multiple times /usr/bin/safaridriver -p0, I sometimes receive an "Operation not permitted" error, but not consistently. This issue seems to occur intermittently.
I've checked the sudo logs, and I see the following error message:
kernel: (Sandbox) Sandbox: com.apple.WebDriver.HTTPService(2049) deny(1) user-preference-write com.apple.WebDriver.HTTPService
cfprefsd: (CoreFoundation) [com.apple.defaults:cfprefsd] rejecting write of key(s) MobileDeviceRemoteXPCEnabled in { com.apple.WebDriver.HTTPService, nimish, kCFPreferencesAnyHost,
/Users/nimish/Library/Preferences/com.apple.WebDriver.HTTPService.plist, managed: 0 } from process 2049 (com.apple.WebDriver.HTTPService) because setting these preferences requires user-preference-write or file-write-data sandbox access
cfprefsd: (CoreFoundation) [com.apple.defaults:cfprefsd] Couldn't open parent path due to [2: No such file or directory
kernel: (Sandbox) Sandbox: com.apple.WebDriver.HTTPService(2049) deny(1) network-bind local:*:7055
com.apple.WebDriver.HTTPService: (WebDriver) [com.apple.WebDriver:WebService] Error starting HTTP server listening on localhost:0: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" UserInfo={NSLocalizedDescription=Operation not permitted, NSLocalizedFailureReason=Error in bind() function}
com.apple.WebDriver.HTTPService: (WebDriver) [com.apple.WebDriver:XPCService] Client connection invalidated for some reason
I am getting this on Mac Os Sonoma Can anybody please help on this?
I have a toy application that uses CMake to generate a .dmg that contains a simple c++ binary that prints "codesignTest". The binary gets signed by CMake, and I manually sign the .dmg. I am using the "Unix Makefiles" generator, and am signing with a Developer ID Application certificate with a Private Key.
Despite this, I still get an "App is damaged and can't be opened" error when running the binary on a secondary test MacOS machine.
I've created a github repository with instructions on how to reproduce this problem, and I've copy/pasted the binary's signature below. Is there anything invalid with my signature? Thank you.
cisl-ridgeland:~ pearse$ codesign -dv --verbose=4 /Applications/codesignTest.app/Contents/MacOS/codesignTest
Executable=/Applications/codesignTest.app/Contents/MacOS/codesignTest
Identifier=codesignTest
Format=bundle with Mach-O thin (arm64)
CodeDirectory v=20400 size=496 flags=0x0(none) hashes=10+2 location=embedded
VersionPlatform=1
VersionMin=786432
VersionSDK=787200
Hash type=sha256 size=32
CandidateCDHash sha256=df158907d48f1eb3f5ef7b145d43d114bff0c6c3
CandidateCDHashFull sha256=df158907d48f1eb3f5ef7b145d43d114bff0c6c3e2564197c4a69594500f7f66
Hash choices=sha256
CMSDigest=df158907d48f1eb3f5ef7b145d43d114bff0c6c3e2564197c4a69594500f7f66
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=16384
Executable Segment flags=0x1
Page size=4096
Launch Constraints:
None
CDHash=df158907d48f1eb3f5ef7b145d43d114bff0c6c3
Signature size=9045
Authority=Developer ID Application: University Corporation for Atmospheric Research (DQ4ZFL4KLF)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Nov 1, 2023 at 9:43:36 AM
Info.plist=not bound
TeamIdentifier=DQ4ZFL4KLF
Sealed Resources=none
Internal requirements count=1 size=172
Hello,
I have made a basic c program and i have compiled it with gcc.
This program has not been signed (i didn't run codesign).
When i am trying to run this program from terminal, i don't get any Gatekeeper popup.
My first question is... why ?
I have create a SwiftUI project with Xcode (Xcode 15).
I have set signing settings to "Sign to run locally" (by the way, can you tell me how i can disable signing in Xcode ?)
I have opened terminal and i have changed current directory to ~/Library/Developer/Xcode/DerivatedData/..../Products/Debug/MyApp.app/Contents/MacOS folder.
Now i get a gatekeeper confirmation popup if run "./Myapp" from terminal.
My second question is... Why ?
Does that mean Gatekeeper only checks signed binaries ?
Thanks
The old one is "x-apple.systempreferences:com.apple.preference.security?Privacy_ScreenCapture"
On Sonoma I develop with gcloud and python2.7 and python3.9 from MacPorts. I always get MULTIPLE dialogue pop-ups when starting the python webserver in Terminal.app Choices are not remembered (neither block nor allow!!) I tried to solve that with socketfilterfw and codesign but it has NO effect at all. Questions like this creep around since 10 years on Stackexchange. I am searching since several hours for a solution of this problem.
Is there any solution?
20 : /opt/local/Library/Frameworks/Python.framework/Versions/3.9/Resources/Python.app
( Allow incoming connections )
21 : /opt/local/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app
( Allow incoming connections )
sudo codesign -s - -f /opt/local/Library/Frameworks/Python.framework/Versions/3.9/Resources/Python.app
Good morning,
I have a new version of an app which is on the App Store already, but I would like to send it to others using TestFlight first.
I have created a new version for the app on the Apple Connect website.
I have confirmed the new version number in Xcode for this app, but when I upload it through the archive process in Xcode I get this response:
"App record with bundle identifier "" not found on App Store Connect. Create an app record on App Store Connect, or distribute the app from Xcode, and then try again."
That was the default setting for App Store Connect. If I use the custom setting (and change the SKU because it is written as the bundle id identifier) I get this response:
The app identifier "com.DefaultCompany.MyAppName" cannot be registered to your development team because it is not available. Change your bundle identifier to a unique string to try again.
Can someone please help me resolve this. A task that was supposed to take thirty minutes has extended to over four hours, and I have not found a solution to this problem.
All documentation on the apple developer site assumes an app will ve updated to a new version without sharing first through TestFlight. All of this seems really counter intuitive to what should be a relatively straightforward process.
I have created a .Net MAUI application that I have written for Windows and MacCatalyst. In my entitlements.plist I have com.apple.security.app-sandbox = no.
<PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net7.0-maccatalyst|AnyCPU'">
<MtouchLink>SdkOnly</MtouchLink>
<EnableCodeSigning>True</EnableCodeSigning>
<EnablePackageSigning>true</EnablePackageSigning>
<CreatePackage>true</CreatePackage>
<CodesignKey>Developer ID Application: xxxxxxxxxx</CodesignKey>
<CodesignProvision>xxxxxxxx</CodesignProvision>
<CodesignEntitlements>Platforms\MacCatalyst\Entitlements.plist</CodesignEntitlements>
<PackageSigningKey>Developer ID Installer: xxxxxxxxx</PackageSigningKey>
<UseHardenedRuntime>true</UseHardenedRuntime>
<RuntimeIdentifier>maccatalyst-arm64</RuntimeIdentifier>
<MtouchInterpreter>-all</MtouchInterpreter>
</PropertyGroup>
I have a 3rd party executable that I manually codesigned:
codesign --force --verify --verbose --sign xxxxxx 3rdpartyApp --timestamp --deep --options runtime
Then I build the application in Visual Studio Mac. Everything is codesigned, etc. After building I am able to successfully notarize the pkg and then staple the the notarization to it.
When I take that pkg and install it in a test environment, everything installs fine, no warning. I am able to start my application and do what I need to do But when it tries to run that 3rd party executable, it just fails. At first I checked exec permissions. I chmod it to +x. within the .app container and also all the way at the beginning, and rebuilt the application, resigned, re-notarized, etc. I am working to get some logging out to see why it failed, but having an issue with that at the moment.
In the meantime I have taken the non-notarized pkg, forced the install in the test environment and the 3rd party executable runs successfully.
So it seems the notarization process is causing this child process to fail?
Hi, is it possible for a user to remove the implicit permission he or she gave to an app after opening a folder using a standard dialog? I'm asking this because a discussion took place with actual users reasonably arguing that the action may have been a mistake, not intentional at all, so at least we should give them a way to revert what was wrongly interpreted as intent. I believe that they are right and there should be a simple user-level way of doing that. So I looked for a way to remove the bookmark from the command line but to no avail. Thanks, Carlos.
Since iOS 17 and Xcode 15, the following warning appears in Xcode when debugging on device:
"nw_parameters_set_source_application_by_bundle_id_internal Failed to convert from bundle ID ([Apps Bundle ID]) to UUID. This could lead to wrong data usage accounting."
What does that mean?
Hey everyone,
while trying to codesign a x86_64 Python app using an arm64 system, I often stumble across an rosetta error like the one depicted down here:
rosetta error: unable to mmap __TEXT: 1
/var/db/oah/.../.../libomp.dylib.aotzsh: abort PYTORCH_ENABLE_MPS_FALLBACK=1 ./diarize_x86_64 mps
This happens after I codesign the app and then try to run it in a Rosetta2 zsh. This thread is not about the error itself (since I am trying to solve it somewhere else). It is about making this rosetta error more verbose so we can actually work with it. If I run this app/executable on a native x86_64 system, the error is much more informative (and it can actually be debugged):
error dlopen(/var/folders/ws/***/T/yyy/sklearn/__check_build/_check_build.cpython-39-darwin.so, 2): Library not loaded: @rpath/libomp.dylib
Referenced from: /var/folders/ws/***/T/yyy/sklearn/__check_build/_check_build.cpython-39-darwin.so
Reason: no suitable image found. Did find:
/private/var/folders/ws/***/T/yyy/sklearn/__check_build/../../libomp.dylib: code signing blocked mmap() of '/private/var/folders/ws/***/T/yyy/sklearn/__check_build/../../libomp.dylib'
___________________________________________________________________________
Contents of /var/folders/ws/***/T/yyy/sklearn/__check_build:
__init__.py __pycache__ _check_build.cpython-39-darwin.so
___________________________________________________________________________
It seems that scikit-learn has not been built correctly.
If you have installed scikit-learn from source, please do not forget
to build the package before using it: run `python setup.py install` or
`make` in the source directory.
If you have used an installer, please check that it is suited for your
Python version, your operating system and your platform.
It would be great, if we could get this output using a Rosetta2 zsh with an arm64 system, because the simple rosetta error is hard (or impossible) to debug. Is there a way to do this?
Hi
I'm using library in my project which create, modify and read file in iConf. How to get access for the app to read from that file.
Tnx,
Filip
I'm running into a code signing issue with an (existing) app that I recently started working on. I haven't run into this problem with other apps built on the same computer using the same framework (Capacitor).
When I try to build the app from Xcode, either to run on a linked iPhone or to archive/publish, I get the error message: "Command PhaseScriptExecution failed with a nonzero exit code"
That script fails when running /usr/bin/codesign and shows the message errSecInternalComponent. I tried running the same command directly in the terminal and got the same error message.
I started going through this forum post and the initial sanity check failed. I ran this from a local terminal, not over ssh or inside tmux. I didn't get any dialog prompts when running it, though that may make sense since I was already logged in:
$ cp /usr/bin/true MyTrue
$ codesign -s "Apple Development: ..." -f MyTrue
MyTrue: replacing existing signature
MyTrue: errSecInternalComponent
$ echo $?
1
The identity I attempted to use is listed by security find-identity -p codesigning in both the "Matching identities" and "Valid identities only" sections. Keychain Access shows that the certificate is valid.
I've tried restarting the computer. I've tried cleaning the build folder from Xcode. Any other suggestions for diagnosing and/or fixing the problem?
Hello, I want to modify app bundle for my macbook air, but having some troubles.
If I try to sign with my dev certificate (created with xcode) - invalid signature error appeared:
/Applications/Foo.app/Contents/MacOS/Foo not valid: Error Domain=AppleMobileFileIntegrityError Code=-423 "The file is adhoc signed or signed by an unknown certificate chain" UserInfo={NSURL=file:///Applications/Foo.app/Contents/MacOS/Foo, NSLocalizedDescription=The file is adhoc signed or signed by an unknown certificate chain}
If I modify mach-o binary in folder - app can not be started
So what I should to do? Thanks!
I have build and install a flutter application on iPhone 7 iOS 15. The issue is that when I try to verify the app in device management settings it's not verifying the app and not showing any error I have reinstalled the app check my signing certificates apple developer account each and everything is fine but still not verifying help me out