Hi, Since about 2 weeks notarytool is not very reliable on our CI/CD server. The tool either exists without printing any reason (killed by a signal; not caused by timeout - we have 6h timeouts and the tool gets killed after about 30 mins) or the process takes a very long time e.g. 2h to complete. We use the same pipeline since at least 2 years and we did not have this problem before. Some problematic calls: createdDate: 2025-01-15T14:50:22.545Z id: ca0faad3-789a-4842-a8c9-14aa7c2297a9 name: xxxxxx status: In Progress -------------------------------------------------- createdDate: 2025-01-15T14:33:06.813Z id: 22df0da8-70de-4dd9-935d-a26055242014 name: xxxxxx status: In Progress -------------------------------------------------- createdDate: 2025-01-15T14:18:36.436Z id: 5729b836-69f0-4526-b1d2-7743bd4d57a6 name: xxxxxx status: In Progress -------------------------------------------------- createdDate: 2025-01-15T14:18:31.716Z id: 58f3c7a1-96bd-4f5d-8a3c-6860f925659e name: xxxxxx status: In Progress Can anyone check why the tool is taking now way more time than before to process a submission? The app that we are notarizing did not change that much.

I am working on a MacOS application in which I need System Extension along with some network extension capabilities. In order to distribute the app externally, I have to create a Developer ID application (provisioning profile) using the App ID that already has Network extension capability. I have followed this documentation to create the App ID and provisioning profiles: https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.developer.networking.networkextension?language=objc What I have: 2 App IDs (For app with network and system extension capability and for extension with only network extension capability) *2 Developer ID application (For both App and Extension) My App's entitlement file contains: <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>packet-tunnel-provider</string> </array> My system extension's entitlement file contains: <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>dns-proxy</string> </array> Both the targets now have the following error: Provisioning profile "StandaloneCSAExtension" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. Note: Instead of Developer ID application if I create a normal development provisioning profile with the same App ID, everything works perfectly fine, the only reason why we need to move to Developer ID application is because we need to distribute the app externally. Please help me if I have missed anything. Thanks in advance!

Im trying to compile a free app from GitHub for personal use but i cant sign it since everytime im getting the same error "0 identities found". I have added my Apple ID to Xcode accounts, but in manage certificates, it shows "status not in keychain". On keychain access > login, it doesn’t show any Apple dev certificate obviously, and when I run security find-identity in terminal, I get a 0 identities found, 0 valid identities found. I don’t know where to begin, every tutorial I find requires downloading a certificate from Apples Dev website but my account is a free developer, not paid. A few months ago I was able to compile this same app so I know I don’t need a paid dev account. Any help appreciated.

When connected to the company's internal network without accessing the Internet, can an IPA installation package be generated if the certificate files are imported in advance?

I keep having issues with my account. I have certificates that will not revoke. I create new certificates, then I create new profiles for development, distribution and for developer ID application distribution outside of the app store as well. With my app in Xcode, I can only get the Developer profile to work to allow builds. My distribution profile builds and then fails, with an error 5. The Developer ID Application profile will not even accept the profile in XCode, sighting that there is no code signing, yet I have checked things over and over again. Ontop of this, I had developers in the past in my team and they added a whole lot of certificates for Developer ID that I just cannot use now. I also cannot revoke them. I have no active apps on the app store now, so I was wondering if Apple or someone can assist me in removing ALL the certificates, all the profiles and get a clean slate, so that I can setup everything from scratch again, because I have lost countless of hours getting nowhere and I cannot get Apple support to assist? Anyone been through this before?

I keep having issues with my account. I have certificates that will not revoke. I create new certificates, then I create new profiles for development, distribution and for developer ID application distribution outside of the app store as well. With my app in Xcode, I can only get the Developer profile to work to allow builds. My distribution profile builds and then fails, with an error 5. The Developer ID Application profile will not even accept the profile in XCode, sighting that there is no code signing, yet I have checked things over and over again. Ontop of this, I had developers in the past in my team and they added a whole lot of certificates for Developer ID that I just cannot use now. I also cannot revoke them. I have no active apps on the app store now, so I was wondering if Apple or someone can assist me in removing ALL the certificates, all the profiles and get a clean slate, so that I can setup everything from scratch again, because I have lost countless of hours getting nowhere and I cannot get Apple support to assist? Anyone been through this before?

Hello, first of all thanks for reading my post. I am having a trouble about Signing & Capabilities part on Xcode during few days. Hope someone knows how to deal with this. I created a Apple Development certificate with CSR on my MacOS through KeyChain but the Team ID(VC78G4S77J) on this certificate is different with my real Team ID(FYF9AT8ZA8) logged in. I don't even know where this 'VC78G4S77J' came from. Also I created the identifier, bundle ID, device and profile but they were all created with 'FYF9AT8ZA8'. So here is the problem. On Xcode Signing & Capabilities section, I selected Team and put Bundle Identifier connected with 'FYF9AT8ZA8' but Signing Certificate is shown as 'Apple Development: My ID (VC78G4S77J). Therefore when I build iOS simulator on Xcode or VScode, there is error 'No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "FYF9AT8ZA8" with a private key was found.' If I try turn off 'Automatically manage signing' and select provisioning profile I created, Xcode said my profile does not include VC78G4S77J certificate, because my profile has FYF9AT8ZA8 certificate. Importing profile file is not helpful also. I think, first delete the all VC78G4S77J certificate in KeyChain and recreate FYF9AT8ZA8 certificate through KeyChain/CSR, however again VC78G4S77J certicate was created when I created on 'developer.apple.com'. I truly have no idea where did VC78G4S77J come from. Please let me solve this issue.. Warm regards.

Title: Apple's Outdated and Restrictive Certificate Signing Process: A Barrier to Innovation Introduction In the dynamic field of mobile app development, the agility and freedom offered to developers can significantly dictate the pace of innovation and user satisfaction. Apple's certificate signing process, a legacy from an earlier era of computing, starkly contrasts with more modern approaches, particularly Android's Keystore system. This article delves into the cumbersome nature of Apple's approach, arguing that its outdated and proprietary methods hinder the development process and stifle innovation. The Burdensome Nature of Apple's Certificate Signing Proprietary Restrictions: Apple's certificate signing is not just a process; it's a gatekeeper. By forcing developers to go through its own system to obtain certificates, Apple maintains a tight grip on what gets published and updated. This closed ecosystem approach reflects a dated philosophy in an age where flexibility and openness are key drivers of technological advancement. Complex and Time-Consuming: The process to acquire and maintain a valid certificate for app signing is notoriously intricate and bureaucratic. Developers must navigate a maze of procedures including certificate requests, renewals, and provisioning profiles. Each step is a potential roadblock, delaying urgent updates and bug fixes, which can be crucial for user retention and satisfaction. Lack of Autonomy: Apple's centralized control means every application must be signed under the stringent watch of its guidelines. This lack of autonomy not only slows down the release cycle but also curbs developers' creative processes, as they must often compromise on innovative features to meet Apple's strict approval standards. Comparing Android’s Keystore System Developer-Friendly: In stark contrast, Android’s Keystore system empowers developers by allowing them to manage their cryptographic keys independently. This system supports a more intuitive setup where keys can be generated and stored within the Android environment, bypassing the need for any external approval. Speed and Flexibility: Android developers can use the same key across multiple applications and decide their expiration terms, which can be set to never expire. This flexibility facilitates a quicker development process, enabling developers to push updates and new features with minimal delay. The Impact on the Developer Ecosystem Innovation Stifling: Apple's outdated certificate signing process does not just affect the technical side of app development but also impacts the broader ecosystem. It places unnecessary hurdles in front of developers, particularly small developers who may lack the resources to frequently manage certificate renewals and navigate Apple’s rigorous approval process. Market Response: The market has shown a preference for platforms that offer more freedom and less bureaucratic interference. Android's growing market share in many regions can be partially attributed to its more developer-friendly environment, which directly contrasts with Apple's tightly controlled ecosystem. Conclusion Apple’s certificate signing method, while ensuring a secure environment, is an archaic relic in today’s fast-paced tech world. It binds developers with outdated, proprietary chains that hinder rapid development and innovation. As the technological landscape evolves towards more open and flexible systems, Apple’s restrictive practices could potentially alienate developers and erode its competitive edge. For Apple to maintain its relevance and appeal among the developer community, a significant overhaul of its certificate signing process is not just beneficial—it's necessary.

I am trying to make a driver release, but failing (I think) because the manually generated distribution profiles are for the MacOS platform only, rather than MacOS and iOS together. As far as I can tell, everything is correct in the manual profiles apart from the platform. The necessary entitlements appear to be correct. In contrast, Xcode generated profiles list both MacOS and iOS as the platform and work fine for development and to generate a release archive. But Archives 'Distribute Content' gives only 'Custom' as a distribution mechanism, and no option for notarization. So, the question is: is this a problem with my developer account (and if so, what is the appropriate channel to fix it!), or is this something subtle in the project configuration?

I'm having a problem with codesign for output from Pyinstaller The files are in ~/PycharmProjects/ALP_Document_Factory_II That folder contains the icon file, the entitlement file, and also contains a "dist" folder where Pyinstaller places the app file (ALP_Document_Factory_II.app) The generated app works and runs when I double click it. When I run codesign: codesign -s xxxxxxxx -f --entitlements entitlements.plist -o runtime dist/ALP_Document_Factory_II.app ("xxxxxxx" is where I place the hash of my credential) I get the following error message: No such file or directory Here is the Terminal copy... minus my Hash dickl45@Dicks-iMac3 ALP_Document_Factory_II % codesign -s xxxxxxxxxx -f --entitlements entitlements.plist -o runtime dist/ALP_Document_Factory_II.app dist/ALP_Document_Factory_II.app: No such file or directory Earlier I was able to use codesign and notarytool, but I must be doing something wrong that I can't see. Yours baffled MacOs 15.2

I'm new to notarizing applications. I'm building an Electron application using electron-packager. The signing looks solid: codesign -vvv --deep --strict path/to/app.app # satisfies its Designated Requirement But checking notarization, looks like it didn't work. spctl --assess -vv path/to/app.app # source=Unnotarized Developer ID # origin=Developer ID Application: Tyson XXXX (XXXXX) I'm wondering how to fix the "Unnotarized Developer ID". Thanks!

Hello! I'm suddenly having some difficulty debugging a Flutter-based app. When I run an app from VS Code, it launches Xcode and builds & installs the app on an iPhone running 18.1. However, once the app is installed on the phone, it disappears and in Xcode, a dialog appears with: Failed to install embedded profile for : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) However, when I look at the provisioning profile being used, it seems to have the correct entitlement: I've also tried enabling automatic signing (instead of the current manual signing using match), as well as generating an adhoc profile and re-adding the device UDID in developers.apple.com. None of these have worked. This issue appeared within the past day or so and was working fine yesterday with no code changes, so I've been stumped. All my certs are relatively new and were issued within the past few months. I've tried regenerating the provisioning profiles using match, but this gives the same thing. What's odd is that I can run the build and upload to testflight, then download and install the app just fine through there. But this obviously makes debugging an issue.

Hi, For the purposes of iteration speed in development builds, on an iPhone in development mode, I am attempting to use hot reloaded dylibs. The goal is that the app is rarely fully restarted and small code changes can be applied quickly, drastically reducing iteration speed. For this purpose I have a socket server on my Mac that sends changed dylibs to my app on my iPhone. This works great on Mac, however on iOS i am running into codesigning problems. I am using the following to codesign the dylib: codesign -f -s XXX --timestamp=none testlibrary-ios.dylib I am placing the downloaded dylib in this folder: const char* cachedirectoryPath = [NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES)[0] UTF8String]; dlopen gives me the following error: dlopen(/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib, 0x000A): tried: '/usr/lib/system/introspection/testlibrary-ios.dylib' (no such file, not in dyld cache), '/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib' (code signature invalid in <78A101AD-D756-3526-8754-8B7F4925DE90> '/private/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib' (errno=1) sliceOffset=0x00000000, codeBlobOffset=0x0000C2E0, codeBlobSize=0x00004990), .... Is loading a dylib like this on iPhones in development mode possible? Any idea what is going wrong with codesigning or installing the dylib? (Obviously this code is never deployed in an app that goes on the AppStore)

Short description of the issue/suggestion: After upgrading to MacOS Sequoia and being required to code sign and notarize my app, cannot launch app even though code sign and notarization pass Please tell us about your environment: MacBookPro Chip Apple M2 Max 32 GB JavaPackager version: 1.7.6 OS version: macOS Sequoia 15.0.1 JDK version: jdk-1.8 Build tool: Maven Steps to reproduce the issue: -DMG Maven Build of Spring Boot /Java (version 8) application with "fvarrui" JavaPackager plugin using default universalJavaApplicationStub. Code signing and Notarization / Stapling PASS and App installs in Application folder, however cannot launch App. Although code sign and notarization pass, it is interesting that in the build output, prior to it submitting to Apple, there is an error stating that the App code sign could not be replaced. What is the expected behavior? -App launches when double clicking the application icon What have you tried to resolve / workaround the issue? -Install via package rather than DMG - same result -Can launch App by opening up the app Content/MacOS folder and clicking directly on the universalJavaApplicationStub. Note requires that you allow it to run within the Security and Privacy settings. codesign --verify --deep --verbose force1.app force1.app: valid on disk force1.app: satisfies its Designated Requirement spctl -a -vvv force1.app Info.plist.txt pom.xml.txt f Build Output abridged.txt o SysConsoleOutput.txt r ce1.app: accepted source=Notarized Developer ID origin=Developer ID Application: Neal Hartmann (JPFYU53MK9)

Hello, I've been trying to notarize a Unity 2023.2 app since yesterday, but our submissions stay stuck in In Progress. The first one has been running for 18 hours now with no signs of stopping, and two more attempts have been made since with no results. Here are the submission IDs in case someone on the team wants to take a look: 00ef6def-601b-46f3-a94f-699d8956a28f d03f5748-2261-430c-934e-14fa9679afd9 a42d3b5c-3cdb-4bf2-9c86-c92320358ff3 Thank you!

I am trying to code sign an application which relies on many python libraries to run. For background knowledge, the .app was created with a —onefile command on Visual Studio. I code signed my application itself using codesign --deep --force --verify --timestamp --sign "Developer ID Application: Issey Yohannes (GL5BCCW69X)" /Users/isseyyohannes/Desktop/Automated\ ALGORA.app However, when I try to run the application the error shows in terminal as follows [PYI-16345:ERROR] Failed to load Python shared library '/var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python': dlopen: dlopen(/var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python, 10): no suitable image found. Did find: /var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python: code signature in (/var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python) not valid for use in process using Library Validation: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?) /var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python: stat() failed with errno=1 Through some external tools, I was able to narrow the issue as follows Hardened Runtime Restriction: Your application is attempting to load a shared library (Python) at runtime, but the library is either: Not properly signed with the same Team ID as your app. Not marked as a valid platform binary. macOS requires all loaded libraries to comply with its code-signing and runtime security policies. Any insight is much appreciated.

I have built a flutter desktop app and I notarized it. I have to distribute it directly as I cannot turn on App Sandboxing due to the functions included in the application. I created a build of the app from Xcode and then uploaded it for notarization and it was successfully notarized. If I compress that app into a .zip and share it over the internet, it successfully opens on any computer. But when I create a dmg using appdmg from npm and I try to distribute it, it does not open and shows me the option to either move to bin or cancel. When I notarize the dmg using the command: xcrun notarytool submit "YourApp.dmg" --apple-id "email" --password "app-specific-password" --team-id "YOUR_TEAM_ID" --wait It notarizes successfully. I have also done: xcrun stapler staple "YourApp.dmg" And validated it but it does not seem to work when I distribute it over the internet by uploading on my website. It is a bit strange that when I distribute the notarized app, it does not show any error when distributed over the internet by uploading on my website and then downloading but for a notarized dmg, which is properly signed, it gives that error that wether move to bin or do nothing. Would love someone's help on this!

Hello Apple Developer Community, I’m encountering an issue where my macOS app (signed with a valid ‘Developer ID Application’ certificate and accepted by Apple’s notary service) fails when I attempt to staple the notarization ticket. The Apple notary service reports ‘Accepted’ each time, but xcrun stapler staple always returns Error 65, with the local check (spctl -a -vvv) showing ‘Unnotarized Developer ID.’ Here are some key points: Certificate: I have a valid ‘Developer ID Application’ certificate (unexpired) in my login and system keychains, with Apple’s intermediate certificates also installed and set to System Defaults or Always Trust. Notarization: Regardless of whether I submit a .zip of the .app or the final .dmg for notarization, notarytool reports ‘Accepted.’ Stapling: xcrun stapler staple (or notarytool staple) on the exact file I uploaded fails with Error 65, claiming it can’t validate the downloaded ticket. Environment Checks: Checked for duplicate or outdated certificates—only one Developer ID remains. Repeated on multiple code-signed builds (both .app and .dmg) with the same result. Manually tested code-signing the .app with entitlements (for the hardened runtime) and then signing the .dmg without entitlements. Logs: The relevant excerpt from stapler indicates “Could not validate ticket for [app]. The staple and validate action failed! Error 65,” even though Apple’s notary service claims success. Could you please advise any additional troubleshooting steps or possible causes for local validation failure after a successful notarization? I’ve already ensured the environment is up to date with valid intermediates, only one Developer ID certificate. Any insight on diagnosing ticket mismatch or known tool bugs with Error 65 would be appreciated. Thank you!

I've tried to sign/notarize/staple my Electron app via electron-builder, using electron-notarize. I tried it as well in cmd line - both times, same result. Code signing runs without a problem. Notarize (I did wait two days first time, now it's couple of minutes) Stapling - failure `Downloaded ticket has been stored at file:///var/folders/.... Could not validate ticket for.... The staple and validate action failed! Error 65. ` I've checked, and the tickets are downloaded to said folder. My process: `codesign --deep --force --options runtime \ --entitlements build/entitlements.mac.plist \ --sign "Developer ID Application: Pete..." \ dist/mac-arm64/Modelist.app` ditto -c -k --sequesterRsrc --keepParent dist/mac-arm64/Modelist.app dist/mac-arm64/Modelist.zip xcrun notarytool submit dist/mac-arm64/Modelist.zip \ --apple-id "email" \ --password "app_specific_pass" \ --team-id "team_id" \ --wait Conducting pre-submission checks for Modelist.zip and initiating connection to the Apple notary service... Submission ID received id: 8fa0b3d3-291... Upload progress: 100,00% (98,1 MB of 98,1 MB) Successfully uploaded file id: 8fa0b3d3-291... path: /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.zip Waiting for processing to complete. Current status: Accepted............. Processing complete id: 8fa0b3d3-291... status: Accepted xcrun stapler staple dist/mac-arm64/Modelist.app Processing: /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app Could not validate ticket for /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app The staple and validate action failed! Error 65. The certs were installed via XCode. Variables are all exported in env. I followed the instructions for electron-builder from here: https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/ I'm sure I made a stupid little mistake, but after hours of arguing with ChatGPT we are going in circles and after clicking on almost every link in Google, I'm kindda lost.

I'm building an app that uses the Screen Time API and DeviceActivityMonitoring Framework. It works when I run the simulator build on iPhone 16 but when I try to launch it on my own iPhone, I get these errors. Provisioning profile "iOS Team Provisioning Profile: Kanso- Digital-Wellness.Kanso-v2" doesn't include the com.apple.developer.device-activity.monitoring entitlement. KansoMonitorExtension 1 issue x Provisioning profile "iOS Team Provisioning Profile: Kanso-Digital-Wellness.Kanso-v2.KansoMonitorExtension" doesn't include the com.apple.developer.device-activity.monitoring en... Read something online that said a reboot would fix this, but I tried and no luck. Any ideas? I'm not very technical, so would pay someone to fix this for me :)