I'm having trouble configuring the "IOPCIPrimaryMatch" entitlement. I'm currently developing using "sign to run locally" and have been able to confirm the expected behavior. I was considering signing with "Developer ID Application" for future distribution to customers, but after finding the following forum, I'm now aiming to sign with "Apple Development." https://developer.apple.com/forums/thread/743021 I'm currently having trouble with the IOPCIPrimaryMatch value. The "signing certificate" status in Xcode changes depending on the value, as follows: Successful if the value is as follows: IOPCIPrimaryMatch 0xFFFFFFFF&0x00161916 An error occurs if the value is as follows: IOPCIPrimaryMatch 0xFFFFFFFF&0x00161916 So I tried building and installing using "0xFFFFFFFF&0x00161916", but this time the driver was not assigned to the PCI device. By the way, when I used "sign to run locally", both the installation and assignment were successful with the following: IOPCIPrimaryMatch 0xFFFFFFFF&0x00161916 Could you please tell me the correct way to write this?

I'm unable to sign the an example application using xcode and "automatically manage signing". The error I'm getting is: CodeSign [...] (in target 'foobar' from project 'foobar') Signing Identity: "Apple Development: [xxxx] " /usr/bin/codesign --force --sign 4ABB258102FF656E9F597546A49274C28D2B8B3E -o runtime --timestamp\=none --generate-entitlement-der [filename] 4ABB258102FF656E9F597546A49274C28D2B8B3E: no identity found Command CodeSign failed with a nonzero exit code However, I am able to see a certificate and a private identity on my keychain: % security find-certificate -aZ | grep -i 4ABB258102FF656E9F597546A49274C28D2B8B3E SHA-1 hash: 4ABB258102FF656E9F597546A49274C28D2B8B3E and % security find-key -s | grep -q 'Apple Development' && echo YES YES what is puzzling is that security does not find an identity: % security find-identity -p codesigning Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found but XCode claims that everything is working fine. Anybody knows what might I be missing? I tried logging out, requesting new certificates, rebooting, moving them to another keychain, and asking to developer friends.

Hello, We are experiencing an issue with the notarization queue and would appreciate your assistance. A few days ago, we helped another team submit their app for notarization. However, that submission has been stuck in the “In Progress” state for about three days now. Unfortunately, this also seems to have caused our own team’s notarization requests to get stuck as well. We ran the following command to review the submission history: xcrun notarytool history --apple-id "xxx" --team-id "xxx" --password "xxx" Successfully received submission history. Partial results: id: 0bafa66f-4f47-4327-811f-a05481be5d0b status: In Progress id: 2d00b75a-a17a-44fc-afa1-71e0e39ec2cd status: In Progress It appears that one of these belongs to another team’s app we helped submit, and the other is our own submission. Both have remained In Progress for several days, and we are now unable to proceed with any new notarization requests. Could you please help us clear or reset the stuck notarization queue so we can continue our submissions? Thank you very much for your help!

急需一个企业开发者证书，有意者可联系tg:@moonkf2025

Hi everyone, We're experiencing a critical and persistent code signing failure (HTTP 403) after accepting the latest Apple Developer Agreement, blocking our application release. Problem: Despite confirming the new Apple Developer Agreement is signed and active on the portal, code signing attempts return an HTTP 403 error, stating a "required agreement is missing or has expired." Steps Taken: Accepted new Apple Developer Agreement. Verified active developer membership and valid certificates (good for years). Cleared caches, restarted systems. Confirmed Team ID, Apple ID, and provisioning profile validity. Any help is greatly appreciated, its been stuck for more than 2 days now.

I am currently having issues uploading my app to appstoreconnect.apple.com/notary/ for notarization. It times out after hanging for a while. I get the following error. 13:42:04 "LocalDataTask <D84AED32-B05B-4439-8BDC-40C0F89B89F1>.<1>" 13:42:04 ), NSLocalizedDescription=The request timed out., NSErrorFailingURLStringKey=https://appstoreconnect.apple.com/notary/v2/asp?, NSErrorFailingURLKey=https://appstoreconnect.apple.com/notary/v2/asp?, _kCFStreamErrorDomainKey=4})

I am trying to package a Filemaker 18 Runtime app. A week ago, I managed to get 90% of the way towards doing as much, using MS Copilot as a guide. Unfortunately, due to my confusion over the landing stage files, I decided to start the process from scratch. This time, I fell at the first stage: Code Signing my .app Bundle. The Terminal command: codesign --deep --force --verify --verbose \ --sign "Developer ID Application: ME (V********)" \ "/Users/Me/Documents/Apps/MyApp/Runtime/MyApp/My App.app" Returned the error: /Users/Me/Documents/Apps/MyApp/Runtime/MyApp/My App.app: bundle format unrecognized, invalid, or unsuitable In subcomponent: /Users/Me/Documents/Apps/MyApp/Runtime/MyApp/My App.app/Contents/Frameworks/FMWrapper.framework No matter how many separate elements within the bundle I sign, I encounter the same error message. A few days ago, the identical command worked first time. I would be obliged for any help you can provide. Thanks.

Is the Notary service unavailable again? The system-status page shows it as being green but I am back to receiving the same error as previously which fixed itself once the notary service went green again and I am unable to notarize and staple my Distribution PKG.

Hi, I am developing a iOS app with Packet Tunnel Provider Network Extension. I manage signing manually. I created a distribution provisioning profile. Then when I archive and click "validate" I get this error: Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, value 'url-filter-provider' for key 'com.apple.developer.networking.networkextension' So I run security cms -D -i profiles/vpn_distribution.mobileprovision and I see there <key>Entitlements</key> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string>dns-settings</string> <string>relay</string> <string>url-filter-provider</string> <string>hotspot-provider</string> </array> Where are those coming from. My entitlement file has <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.my-app-group</string> </array> </dict> </plist> What is happening here. How can I get a provisioning profile that only has the entitlements that I actually need?

During the release of our macOS App, we encountered the following issue: We need to support dynamic code loading of WebAssembly (wasm) inside our App, mainly by loading WebAssembly (wasm) binary modules. We discovered a problem: a wasm file is neither an executable nor a bundle, so it cannot be code-signed. Since our App needs to pass notarization, we have not set the com.apple.security.cs.allow-unsigned-executable-memory entitlement. Without setting com.apple.security.cs.allow-unsigned-executable-memory, loading a wasm module results in an “unsigned code” error that causes the process to crash. Could you please advise on what we should do to avoid this problem? Is it possible to apply for a special entitlement to allow com.apple.security.cs.allow-unsigned-executable-memory?

Hi all, I'm a solo iOS developer trying to update an app I released in 2010. My current Team ID is Q37598Q8GE, but the app's original App ID uses an old prefix, YHX995W43P. When I try to create a new App ID with the original Bundle ID (eu.andela.woordenes) to generate a new distribution provisioning profile, I get the error:An attribute in the provided entity has invalid value An App ID with Identifier 'eu.andela.woordenes' is not available. Please enter a different string. I understand this might be due to the old prefix from pre-2011, when Apple allowed multiple prefixes per account. I still have access to the app in App Store Connect and want to push an update, not create a new app. How can I resolve this?Can I reuse the existing App ID (eu.andela.woordenes with prefix YHX995W43P) for a new provisioning profile, or do I need to match my current Team ID (Q37598Q8GE)? If the Bundle ID is already taken by my current app, how do I update the app without changing the Bundle ID? Any steps to fix the prefix mismatch in Xcode or App Store Connect?

Coming from Windows, I'm finding Mac app packaging farcically complicated, to the level of a Python sketch. I mastered Windows packaging, via Inno, in an hour or so, but it has taken me, on and off, the best part of a week to get to the point I am at with the Mac OS, and I'm nowhere near finished (rather, it hasn't finished with me). Every time I surmount one hurdle, another pops up, seemingly just for the jollies. I'm currently stuck at: 'Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired.' My account lists no agreements in this category. I understand the need for security, but not the labyrinthine nature of the process. An inner-party member in the former Soviet Union overheard a drunken Stalin say, “I trust no one; not even myself". Apple trusts no one, but has true contempt for developers. Is there a simple way to work through the packaging process? Let me rephrase that: please God, let there be a simpler way of working through the process! Regards, in extremis, Richard

Hello, I am trying to publish a simple app to the App Store for the first time, and I am getting these 2 errors. Please note the knowledge base URLs shown in the screenshot are not clickable. I think this should be addressed. Any guidance on how to correct these issues will be greatly appreciated. Sincerely, Anis

Since around September (iOS 26 release), i'm unable to test my app normally. It says "internet connection is required to verify [my certificate id]", or just crashing. All terms and conditions accepted, everything is valid, certificates are OK. Reinstallation via xcode does not help. Removal of provisioning profile, generating new does not help. Revoking of certificate and generating new does for around week, then it happens again, but do i need to do it every week now? In logs i see the following: default amfid validation failed because of missing trust and/or authorization (0xe8008026) error amfid not valid: 0xe8008026: The provisioning profile requires online authorization. error amfid Unexpected MISError (0xe8008026): The provisioning profile requires online authorization. default +0300 amfid /private/var/containers/Bundle/Application/5B8E560E-75B2-46EF-8606-02072D99E9CF//Frameworks/oss.dylib not valid: Error Domain=AppleMobileFileIntegrityError Code=-400 "An unknown error was encountered" UserInfo={NSURL=file:///private/var/containers/Bundle/Application/5B8E560E-75B2-46EF-8606-02072D99E9CF//Frameworks/oss.dylib, NSLocalizedDescription=An unknown error was encountered} default kernel AMFI: code signature validation failed. It looks like apple validation servers are not working, or is it iOS bug? All provisioning profiles are showing like "valid" in apple developer center. My network is not behind a proxy, connection is direct. If use EXACTLY the same app, signed with the same provisioning, same signature, on another test device, it works! When i reset current device to default settings and installing the EXACTLY same app after it, it works as well. Looking for a help from apple developer support

Hello Colleagues, We have been seeing a delay in our Apple notarization submission that hangs for hours "in progress" without completing: This issue has been occurring since Friday, October 17th. We have also checked the Apple System Status page and there is no indication of any outage for Apple notarization.

I am using Automatically Manage Signing And I have registered my Mac UUID in developer account, but it is still giving me these errors - Device My Mac is not registered to your team Ai Glider Inc. Devices must be registered in order to run your code, but you do not have permission to register them. Please check with your team's admin. No profiles for 'com.aiexample.sebexample' were found Xcode couldn't find any Mac App Development provisioning profiles matching 'com.aiexample.sebexample'.

Hello, my iOS apps are exiting right after launch on a few of our iOS devices. I tried a couple of my apps that are deployed to our fleet and they do the same thing. If I run the app(s) in the Simulator it works fine and if I run the app(s) on the offending devices it works fine as well. Once I stop the run in Xcode the app on the device will not launch. I'm thinking something is missing like a certificate etc. Just not sure. Any ideas on how to troubleshoot this? I would really like to get this fixed.

I am a professor at the Mercer University School of Medicine (Macon, GA) and I teach a stress reduction course for first year medical students. I am developing an app to allow the students to trace their mediations as well as time them. Using ChatGPT with Xcode, I was able to get all the features in the app working except that the stopwatch timer would not continue when the iPhone goes to sleep. When ChatGPT made some changes, the build failed because automated signing failed and the com.apple developer.activity kit entitlement is missing I don’t see Live Activities in the capability section of signing & Capabilities and I don’t know how to fix the provisioning profile. How can I get help for this? Thank you!

Successfully received submission history. history ...... -------------------------------------------------- createdDate: 2025-10-19T18:34:47.472Z id: d3248896-7841-421e-9470-101df9d0da21 name: ... status: In Progress -------------------------------------------------- createdDate: 2025-10-19T18:12:45.325Z id: e5822fa0-5bcf-4610-81fc-9f541e8ad189 name: ... status: In Progress

Hello, We have a working application with several entitlements - com.apple.developer.endpoint-security.client and com.apple.developer.team-identifier. Recently, the Developer ID signing certificate expired and we created a new one according to the instructions on the website. Also the provisioning profile for those entitlements expired so we edited it to use the new certificate. We built using xcodebuild in a script and signed with codesign, We supply the certificate id and the entitlement in a plist file like this : codesign --timestamp --force --sign "${application_signature}" --options=runtime "${obj}" --entitlements "${SR_ENTITLEMENT_PATH}" (those env vars hold the correct values for the cert id and plist path as far as we checked). The signing works and looks ok with "codesign -dvvv": (XXXX replaces the real file name for privacy) Signature size=9050 Authority=Developer ID Application: XXXXXX. (XXXXX) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=16 Oct 2025 at 11:09:53 AM Info.plist=not bound TeamIdentifier=XXXXX Runtime Version=14.5.0 Sealed Resources=none Internal requirements count=1 size=184 [Dict] [Key] com.apple.application-identifier [Value] [String] XXXXX.com.XXXX.XXXX [Key] com.apple.developer.endpoint-security.client [Value] [Bool] true [Key] com.apple.developer.team-identifier [Value] [String] XXXXXX` But when the app need to run it is killed and the console shows the following: amfid: /private/tmp/XXXXX not valid: Error Domain=AppleMobileFileIntegrityError Code=-420 "The signature on the file is invalid" UserInfo={NSURL=file:///private/tmp/XXXXX, NSLocalizedDescription=The signature on the file is invalid} kernel: mac_vnode_check_signature: /private/tmp/CybereasonSensor: code signature validation failed fatally: When validating /private/tmp/XXXXX: Code has restricted entitlements, but the validation of its code signature failed. We didn't change any code or build differently (it's done by a CI jenkins job. So if the file is signed and the and has the entitlements why does it fail? what should be done? Thanks, Boaz