I tried building the React App for Any iOS device (Arm64) but I get error. Although I can build successfully for any iOS Simulators In the codesigning step I get the following error, "Warning: unable to build chain to self-signed root for signer "Apple Development: my email address ( ... ) " I don't have paid membership of Apple Developer Program, does that cause this failure? Also, to archive also do I need Apple Developer Program paid membership?

How can I modify bundleID of an app after building ipa file? I try to modify the bundle id in my app by : unzip ipa modify bundle id in info.plist within app resign app with entitlements 4.zip ipa but ipa appeared to not be able to install on iphone is that any way to modify bundle id after building ipa file? Thanks for your Support

Hello I build an application in Xcode for MacOS. But the exported app I cannot open on different Mac systems. I get the message 'The application X can't be opened'. I can only run the application on the Mac where Xcode is installed. I used different signing certificates: Apple Distribution, Developer ID application (this should be the one), Mac App Distribution. I archive the application, then use Direct Distribution, then after complished the notary service, I export the app.

Hi, I'm currently developing a Flutter app that utilizes Push Notifications. The Android implementation is working flawlessly, but I'm encountering compilation issues in Xcode. Specifically, I'm receiving the following error: Cannot create a iOS App Development provisioning profile for "dk.ceniconsulting.alarm". Personal development teams, including "Henrik Thystrup", do not support the Push Notifications capability. No profiles for 'dk.ceniconsulting.alarm' were found Xcode couldn't find any iOS App Development provisioning profiles matching 'dk.ceniconsulting.alarm'. This error seems to be a common issue, but I haven't been able to find a definitive solution. I've already generated a certificate, identifier, and installed them, but the problem persists. Does anyone have any insights or suggestions on how to resolve this issue? Or perhaps a link to a resource that addresses this specific problem?

Hello, my team is trying to fix a code signing issue with our app. Our production build works, but our debug build broke after upgrading to macOS 15. This is because our app contains an app extension that can no longer access our app group container after the upgrade to macOS 15. It looks like this is due to ~/Library/Group Containers being protected by SIP now. We were not code signing our debug app, and now security is stricter. Because of historical reasons, we need to use a Makefile to build our app instead of just using Xcode. We are trying to determine the best way to sign our debug app. It looks like our app extension is able to access our app group container if we sign the app with a developer certificate. However, we are wondering if the developer certificate is required. We see that Xcode can sign debug builds with the “-” code signing identity. We tried doing this from our Makefile in the same way we sign with the developer certificate, but it doesn’t work. Is this expected behavior?

I'm unable to run a widget containing a live activity with the error message at the bottom of this post. I've verified I have NSSupportsLiveActivities set to yes in the correct Info.plist, and have downloaded sample projects from github containing the same values. This error occurs while running on a device or simulator, on Xcode 15 and 16, iOS simulator 17 and 18. Create sample project Create new widget extension target Set NSSupportsLiveActivities to true in the appropriateinfo.plist Run the widget This seems to be a longstanding issue https://forums.developer.apple.com/forums/thread/651611 Any ideas for debugigng? I'm completely blocked from running live activities. SendProcessControlEvent:toPid: encountered an error: Error Domain=com.apple.dt.deviceprocesscontrolservice Code=8 "Failed to show Widget 'ca.holligan.live-activity-example.widget' error: Error Domain=FBSOpenApplicationServiceErrorDomain Code=1 "The request to open "com.apple.springboard" failed." UserInfo={NSLocalizedFailureReason=The request was denied by service delegate (SBMainWorkspace)., BSErrorCodeDescription=RequestDenied, NSUnderlyingError=0x600000c6a8b0 {Error Domain=SBAvocadoDebuggingControllerErrorDomain Code=1 "Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)" UserInfo={NSLocalizedDescription=Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)}}, FBSOpenApplicationRequestID=0x2ca0, NSLocalizedDescription=The request to open "com.apple.springboard" failed.}." UserInfo={NSLocalizedDescription=Failed to show Widget 'ca.holligan.live-activity-example.widget' error: Error Domain=FBSOpenApplicationServiceErrorDomain Code=1 "The request to open "com.apple.springboard" failed." UserInfo={NSLocalizedFailureReason=The request was denied by service delegate (SBMainWorkspace)., BSErrorCodeDescription=RequestDenied, NSUnderlyingError=0x600000c6a8b0 {Error Domain=SBAvocadoDebuggingControllerErrorDomain Code=1 "Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)" UserInfo={NSLocalizedDescription=Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)}}, FBSOpenApplicationRequestID=0x2ca0, NSLocalizedDescription=The request to open "com.apple.springboard" failed.}., NSUnderlyingError=0x600000c6a940 {Error Domain=FBSOpenApplicationServiceErrorDomain Code=1 "The request to open "com.apple.springboard" failed." UserInfo={NSLocalizedFailureReason=The request was denied by service delegate (SBMainWorkspace)., BSErrorCodeDescription=RequestDenied, NSUnderlyingError=0x600000c6a8b0 {Error Domain=SBAvocadoDebuggingControllerErrorDomain Code=1 "Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)" UserInfo={NSLocalizedDescription=Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)}}, FBSOpenApplicationRequestID=0x2ca0, NSLocalizedDescription=The request to open "com.apple.springboard" failed.}}} Domain: DTXMessage Code: 1 User Info: { DVTErrorCreationDateKey = "2024-11-15 17:06:33 +0000"; } SendProcessControlEvent:toPid: encountered an error: Error Domain=com.apple.dt.deviceprocesscontrolservice Code=8 "Failed to show Widget 'ca.holligan.live-activity-example.widget' error: Error Domain=FBSOpenApplicationServiceErrorDomain Code=1 "The request to open "com.apple.springboard" failed." UserInfo={NSLocalizedFailureReason=The request was denied by service delegate (SBMainWorkspace)., BSErrorCodeDescription=RequestDenied, NSUnderlyingError=0x600000c6a8b0 {Error Domain=SBAvocadoDebuggingControllerErrorDomain Code=1 "Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)" UserInfo={NSLocalizedDescription=Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)}}, FBSOpenApplicationRequestID=0x2ca0, NSLocalizedDescription=The request to open "com.apple.springboard" failed.}." UserInfo={NSLocalizedDescription=Failed to show Widget 'ca.holligan.live-activity-example.widget' error: Error Domain=FBSOpenApplicationServiceErrorDomain Code=1 "The request to open "com.apple.springboard" failed." UserInfo={NSLocalizedFailureReason=The request was denied by service delegate (SBMainWorkspace)., BSErrorCodeDescription=RequestDenied, NSUnderlyingError=0x600000c6a8b0 {Error Domain=SBAvocadoDebuggingControllerErrorDomain Code=1 "Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)" UserInfo={NSLocalizedDescription=Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)}}, FBSOpenApplicationRequestID=0x2ca0, NSLocalizedDescription=The request to open "com.apple.springboard" failed.}., NSUnderlyingError=0x600000c6a940 {Error Domain=FBSOpenApplicationServiceErrorDomain Code=1 "The request to open "com.apple.springboard" failed." UserInfo={NSLocalizedFailureReason=The request was denied by service delegate (SBMainWorkspace)., BSErrorCodeDescription=RequestDenied, NSUnderlyingError=0x600000c6a8b0 {Error Domain=SBAvocadoDebuggingControllerErrorDomain Code=1 "Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)" UserInfo={NSLocalizedDescription=Failed to get descriptors for extensionBundleID (ca.holligan.live-activity-example.widget)}}, FBSOpenApplicationRequestID=0x2ca0, NSLocalizedDescription=The request to open "com.apple.springboard" failed.}}} Domain: DTXMessage Code: 1 System Information macOS Version 14.5 (Build 23F79) Xcode 16.1 (23503) (Build 16B40) Timestamp: 2024-11-15T12:06:33-05:00

/Users/varunashokbhaisidpara/Desktop/Screenshot 2024-11-15 at 5.43.44 PM.png This error occurs When I try to upload an app on the test flight or App Store. I checked "Automatically manage signing" in the main target. and i have added extensions DeviceActivityMonitorExtension, ShieldConfigurationExtension, ShieldActionExtension, DeviceActivityReport. and all have selected "Automatically manage signing" in the target > signing and capability. pls provide me with an exact solution set by step. Thank you

I'm trying to distribute my macOS application (a .dmg file) to customers, and I've followed all the steps to sign and notarize the application. However, when I try to install the .dmg containing the app, Gatekeeper rejects it with the error "AppName cannot be opened because developer is not verified". Even though I’ve signed the app with my Developer ID, notarized it, and verified the signature using codesign, I am still encountering issues when attempting to install or open the app on a clean macOS environment. Here’s the error I see when using spctl to check the .dmg: spctl --assess --type open --verbose=4 output/App.dmg output/App.dmg: rejected source=Insufficient Context When trying: spctl -a -t open -vvv --context context:primary-signature output/App.dmg output/Unbounded.dmg: accepted source=Notarized Developer ID origin=Developer ID Application: My .app is signed and notarised by electron builder and I explicitly signed and notarised dmg too but still not working

p12证书导出是灰色的，一直导出不了 ![]（“https://developer.apple.com/forums/content/attachment/36357e8a-bbb0-4661-a57c-720d41c3d9aa” “title=微信截图_20241119125858.png;宽度=962;高度=273”）

I'm trying to renew our Distribution Certificate, but when I request a certificate from a certificate authority as described and create the certificate via developer.apple.com and install it, it is installed without a private key, so I can't export it to .p12. What am I doing wrong? Last year this went without any problems. Please help me out, because I have to renew the certificate before 12-12-2024.

Hi all, I'm using xcode 13.2.1. I go to Product>Archive. The app builds and creates an archive, but there's no data for "version, identifier, type, team, architecture, etc." It's just creating a "generic xcode archive." When I go to "distribute content" it doesn't give the typical distribution methods like "App store Connect, Adhoc, Enterprise, or Development." What am I doing wrong? Thank you, Thomas

I work with a team that is responsible for our company's centralized infrastructure for code signing various products within our portfolio, including iOS apps. For security purposes, we want to sign apps before their posting on the App Store, and also to log this activity for eventual security audits. Not surprisingly, we need automated processes; we can't use an IDE like Xcode to do the work. We must queue, process, and log all signing jobs, and have Macs dedicated to this purpose. I can't go into many details about our infrastructure due to confidentiality concerns, so I'll apologize now if my questions seem a little vague. We currently require our iOS developers to submit one or more new provisioning profiles as well as their IPA archive for signing. We support supplying multiple provisioning profiles because some of our developers include embedded third-party extensions within their IPAs, and these extensions can also have their own provisioning profiles. Within our back end, we open the archive, sign the relevant portions using the entitlements in one of the profiles (that we believe to be the appropriate one for the particular archive element), overwrite each supplied provisioning profile with (what we believe to be) the appropriate one from user input, and re-compress the archive. Here come the questions: When we receive multiple provisioning profiles, how do we know which profile should be used to help with signing which archive elements? What data (e.g. entitlements application-identifier, team-identifier) can we use? We also need to know which provisioning profiles from their input correspond to those that already exist within the archive. What data can we use to map profiles from one set to the other? Should we be requiring our users to submit new provisioning profiles in the first place? Or should we edit/recycle the existing ones in some way? We'd like to remove any unnecessary burdens for our users, if possible.

Adobe says that Animate works with the latest Mac OS. When I publish apps with Animate, they work on my computer. With a self-signed certificate, they work on some older Mac OS versions, but not on the 2 most recent. How can I test my apps on others' Mac computers? Robert

I'm trying to store credentials on my keychange by doing this: xcrun notarytool store-credentials --apple-id APPLE-ID --team-id TEAM-ID I then I'm asked for a profile name, and the the App-specific password for my apple-id. This is when I'm getting an error: "Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct.". Now, I've generated the app specific pw by logging in here: https://account.apple.com/ but when I login to my Developers account, I do it here: https://developer.apple.com/account/ I've signed up for the "$99 a year"-program. Is there a problem that I've created the pw on what looks like my "private" page and not my "developer" page?

Hi, we have received an Application via App Transfer recently. I am now trying to generate a provisioning profile for App Store distribution. When we set the checkmark in Capabilities to use "iCloud Key-value storage" we cannot get "automatically manage signing" to work with an error: Provisioning profile "iOS Team Provisioning Profile: com.some.bundle.identifier" doesn't match the entitlements file's value for the com.apple.developer.ubiquity-kvstore-identifier entitlement. When a Provisioning Profile is manually generated via Developer Portal the com.apple.developer.ubiquity-kvstore-identifier entry shows the value of the previous app owner: "OLDTEAM.com.some.bundle.identifier". How can we change the com.apple.developer.ubiquity-kvstore-identifier value in our provisioning profile to get rid of the old team identifier? Help is much appreciated, thank you. FB15898983

Hi, I have been notarizing my code for several years with the same procedure, but today I have the following message : Conducting pre-submission checks for FencingFox.zip and initiating connection to the Apple notary service... Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct. CloudKit query for FencingFox.pkg (1/00a276f170785e1dcbfbd6873a00b9309672338b) failed due to "Record not found". Could not find base64 encoded ticket in response for 1/00a276f170785e1dcbfbd6873a00b9309672338b The staple and validate action failed! Error 65. I have changed my apple password and migrated to Sequoia. How should I investigate the issue ?

Hi, I have built a MacOS application that I intend to distribute directly. I have created a disk image and code-signed successfully with the following response. xcrun notarytool info --apple-id "" --password "" --team-id "" I have also submitted the app for notarisation which says it's accepted. equipp@equipps-MacBook-Pro dist % xcrun notarytool submit SendFiles.dmg --keychain-profile "Sendfiles-Notarisation" --wait Conducting pre-submission checks for SendFiles.dmg and initiating connection to the Apple notary service... Submission ID received id: a2941225-b036-47b3-a010-547b0dce6a1a Upload progress: 100.00% (79.0 MB of 79.0 MB) Successfully uploaded file id: a2941225-b036-47b3-a010-547b0dce6a1a path: /Users/equipp/Documents/GitHub/sendfiles/dist/SendFiles.dmg Waiting for processing to complete. Current status: Accepted................ Processing complete id: a2941225-b036-47b3-a010-547b0dce6a1a status: Accepted When I run the application on a clean mac, I am still getting the error that this application is from an unidentified developer and might contain malware.(There's internet connection) However, when I try to staple the application, I am getting an error 65. Unsure what's going wrong with the notarisation. equipp@equipps-MacBook-Pro dist % xcrun stapler staple SendFiles.dmg Processing: /Users/equipp/Documents/GitHub/sendfiles/dist/SendFiles.dmg Could not validate ticket for /Users/equipp/Documents/GitHub/sendfiles/dist/SendFiles.dmg The staple and validate action failed! Error 65. equipp@equipps-MacBook-Pro dist % Can you please help?

I have already posted asking about this: [quote='768005021, CynthiaSun, /thread/768005, /profile/CynthiaSun'] Codesigned and notarized app cannot directly write files inside the app bundle... [/quote] But there are still some doubts that have not been answered. We use Qt to develop an application on the macOS platform, and we are attempting to perform code signing and notarization to ensure our the application is trusted by Apple. However, there are a few things that seem weird regarding this statement: "App bundles are read-only by design." Let me provide more details. Currently, when our application starts, it needs to create folder (e.g. Temp) in the root directory of the executable For example: Myapp.app/Contents/MacOS/Myapp ---> Myapp.app/Contents/MacOS/Temp The folder is designed for storing runtime logs or config files for our application. In the past, users may also modify the settings inside target folder if needed. However, the strange thing is that after the application is codesigned and notarized. When we double-click the application Myapp (a.k.a Myapp.app) in Finder, it could successfully launch and create the Temp folder inside the Myapp.app/Contents/MacOS folder. However, when we navigate and attempt to run the main application executable in command line mode (as our application supports this command line execution) $ cd Myapp.app/Contents/MacOS $ ./Myapp -h As our application will check if the root folder has write permission before starting (i.e., check if Myapp.app/Contents/MacOS is writable because we require to create Temp folder in the following steps) It pop up the error that folder does not have write permission. The aforementioned scenarios seems to conflict with this statement: "App bundles are read-only by design" (because when the application is launched directly by clicking in Finder, the Temp folder can be created successfully, but via the console command line, it cannot). I would like to confirm again if writing files in the notarized application MacOS directory is not allowed? If not, have any recommended approaches? (e.g., changing the folder to another directory). What causes the different results in these running scenarios? We are not concerned about breaking the signature after application launched, as it seems that macOS will add it to system trust list after first time successfully launch. (Download the app from internet --> System: it is an app downloaded from the internet. Are you sure want to open it...? OK --> Although our application creates the Temp folder after first launch, when we click the application second time, it could directly open the app)

As of Nov 25, 2024, Xcode 16.1 won't recognize an App Store provisional profile as Eligible so you cannot select the provisional profile for signing. Which means you cannot archive it for upload to Apple. Setting it to manual or automatic signing does not help. Even going to the dev site and making new, fresh provisional profiles did not work. rebooting xcode did not work. rebooting the computer did not work.

I have an internal customer who is trying to submit an IPA to TestFlight via a Jenkins pipeline, and they are submitting their IPA to our central code signing service first. But they're seeing failures in their logs such as: { "id" : "bb07c32d-b4d6-48c4-abfe-390a46dec3ca", "status" : "409", "code" : "STATE_ERROR.VALIDATION_ERROR.90179", "title" : "Asset validation failed", "detail" : "Invalid Code Signing. The executable 'Payload/their.app/Frameworks/Pods_their.framework/Pods_their' must be signed with the certificate that is contained in the provisioning profile." } I obtained the signed IPA file, and examined one of the items flagged as incorrectly signed with "codesign -d -vvvv". I see the correct team identifier in the output, along with the correct ("Distribution") authority. I unbundled the IPA with "ditto -xk", extracted the plist from the embedded provisioning file with "security cms -D -i", and examined the lone developer certificate with "plutil -extract DevelopCertificates.0" and "certtool d". The subject name fields correspond to the correct cert: "Other name" and "OrgUnit" contain "our" team name, "Org" has our company name, "Common Name" has the name of the authority mentioned above. In short, it looks like we're signing it properly, but Apple notarization is refusing it. (For the record, something on Apple's side complained about using "altool" instead of "notarytool". I don't know if that's our problem or not.) What else should I be doing to confirm the status of the signatures? I'm missing something, but I have no idea what.