I am new to macOS programming. I am trying to run an example from Apple that installs a "NullDriver" and then accesses it from a client CPP app (example available on line, driver kit, "com.example.apple-samplecode.dext-to-user-client) I seem to be able to install the the DEXT correctly; I can see the system extension and the IOUserService. When I run the CPP client access program auto signed by Xcode, the app crashes with "CODESIGNING 1 Taskgated Invalid Signature". If I sign the app with "Sign to Run Locally", the app runs but is unable to connect to the IOUserService. This is being run on Sonoma Beta 5 with a newly paid membership. I am willing to attach whatever files are required but I wonder whether others have had the same code signing problem. My apology if I did not read a post with the answer I hope to find. Gene

Hello, I'm currently working on prototyping an App and I'd need to use the location push entitlement. Is it necessary that I request the entitlement to continue or would I be able to run the app on my own device without having the request it. Best Evan

Hey everyone, I've ported an app based on Python from Windows to macOS. I can run the app from command line and I was also able to make an .app file an start it on my mac using auto-py-to-exe. Now I want to codesign (and later notarize) it. To do so I set the codesign_identity option of auto-py-to-exe to my Developer ID Application and rerun it. After 2 days it was still running (and I guess collecting information on submodules of the used Python modules). Without the codesigning it takes about 5-10 minutes to build. Any ideas how I could accelerate this or what i happening here? Unfortunately, I am not able to copy the output of auto-py-to-exe while it is still running. thanks :).

I made a simple Python based app for macOS using this code (empty lines removed): import tkinter as tk window = tk.Tk() label = tk.Label(text="\n I am a macOS app \n") label.pack() window.mainloop() Next I made it an .app using PyInstaller with this command (identity and paths shortened): pyinstaller --noconfirm --onedir --windowed --osx-bundle-identifier "org.tk_test.tk_test" --codesign-identity "<my_identity>" path/to/tk-test.py It worked like a charm and I was also able to notarize and staple the app for distribution. ... 4748 INFO: Signing the BUNDLE... 24899 INFO: Building BUNDLE BUNDLE-00.toc completed successfully. I wanted to repeat the process to do some more testing and now without any reason I cannot sign the .app anymore (identity and paths shortened). Of course, I cleared the folder before trying: ... 5263 INFO: Signing the BUNDLE... 23050 WARNING: Error while signing the bundle: codesign command (['codesign', '-s', '<my_identity>', '--force', '--all-architectures', '--timestamp', '--options=runtime', '--deep', '/abs/path/to/dist/tk-test.app']) failed with error code 1! output: /abs/path/to/dist/tk-test.app: replacing existing signature /abs/path/to/dist/tk-test.app: A timestamp was expected but was not found. In subcomponent: /abs/path/to/dist/tk-test.app/Contents/MacOS/lib-dynload/math.cpython-311-darwin.so 23050 WARNING: You will need to sign the bundle manually! 23050 INFO: Building BUNDLE BUNDLE-00.toc completed successfully. I tried to create it in a fresh and differently named directory and I also made a complete fresh conda env. I don't see any reason, why this should not work anymore. Does anybody have an idea?

We have a Jenkins job that runs a script on a Mac to create our installers. This was working last week. Today, it's failing with: `"Apple Development: John Lussmyer (xxxxxxxxx)" (CSSMERR_TP_CERT_EXPIRED) The other identities used for the build work. So far, I've been unable to find anything in my Account that indicates something has expired. Can anyone tell me how to get this fixed?

This is the command I use, but must migrate, to notarize a macOS app: xcrun altool --notarize-app -f "$outputDmg" --primary-bundle-id "$notarizeBundleId" -u "$notarizeUser" -p "@keychain:AC_PASSWORD" The migration docs I read implied that the following should work: xcrun notarytool submit --apple-id "$notarizeUser" "--team-id" $notarizeTeam --password "@keychain:AC_PASSWORD" "$outputDmg" But it doesn't. I can get it to work only if I put the password from the keychain on the command line. I cannot accept this. What can I do to make this work?

I recently got approved for the Family Controls (Distribution) entitlement, and since then it seems that I cannot use the DeviceActivityMonitor extension on the dev environment anymore. I've tried attaching a debugger to the DeviceActivityMonitor process but it's never called so does not attach, and I can't see why it is not attaching. I've tried reverted back to old versions which I know definitely worked, and it's still not working... However, the DeviceActivityReport extension seems to be working fine. Any help or advice on how I can actually debug this would be greatly appreciated!

Hi, I was about to delete the expired provisioning profiles, meaning the ones where it said "Expired" in the last column. Now I see there are some more where the expiration date is clearly in the past, but they don't show as expired. Any idea why that is? Kind regards Thomas

I've heard family controls request forms can take up to weeks and even months... I'm currently developing an app that requires the main target and also the app extension to both use Family Controls. Does this mean I need to request forms for both app bundles separately or just the main app? If I have to wait weeks or even months for both then that's a bit painful tbh. Is there a way to distribute to testflight without getting approved for the family controls entitlement? Thanks

I publish a universal application built with Qt. When I run notarytool the application runs on Apple Silicon, but not on Intel Macs. It complains about a Qt framework not found. When I run "xcrun altool" on my older Mac the application runs on both platforms without problems.

Hi everyone. Well this is a new one. I went to make a minor update in my MacOS app and when I go to submit the new version in AppStore Connect it complains that Your build contains the Game Center entitlement. I do not (nor have I ever) used Game Center. I read this thread: https://developer.apple.com/forums/thread/657552 and have confirmed the SpoticaMenu.app.xcent contains: "com.apple.developer.game-center" = 1; even though the SpoticaMenu.entitlements file doesn't mention gamecenter. I even explicitly added <key>com.apple.developer.game-center</key> <false/> as a test, but it's still doing it. I'm using Xcode Version 14.3.1 (14E300c). Any ideas?

My team requested com.apple.developer.endpoint-security.client entitlement 4 months ago and receive no response from Apple. What will we do to claim our entitlement in Developer ID Certificate.

I have a question regarding the "webcredentials" field in the "apple-app-site-association" file. If there are multiple apps listed in webcredentials, do the credentials for one app need to work for the other apps? I created an app without a web version and I am using the associated domain "webcredentials:website.com" to enable password autofill. I am wondering if I will be able to use the same associated domain for other apps in the future even if the credentials aren't shared between apps. (I tried using a subpath "webcredentials:website.com/app1", but the subpath isn't used when looking at Settings -&gt; Passwords) Thank you,

Hi,  I am writing to inquire about the status of our app’s Apple CarPlay Entitlement file request. I submitted the request for the entitlement file on June 19, 2023, and as of now, I have not received any update regarding its processing. Request Submission Date:  June 19, 2023 Case-ID: 3402369 I would greatly appreciate if you could kindly check the status of my entitlement file request and provide an update on this. If there are any additional informations needed from my end to quicken the process, please let me know, and I will promptly provide them. Thanks

The certificate used in the app published earlier is showing as invalid or not considering in the provisioning profile now.So please help us how to resolve this issue with same certificate to publish an update for the app.

I have enabled the eSIM (In-House) under Enterprise Account but notice under com.apple.CommCenter.fine-grained has a sub-text of this “public-subscriber-info”. Can Apple Support please change “public-subscriber-info” to “public-cellular-plan” for my Enterprise account?

Xcode Cloud always exports archive using ad-hoc, development and app-store profiles. This uses up 5-6 more minutes always for my app. How to disable and allow export only in single distribution profile

I'm developing a sandboxed application with Xcode which allows the user to open and work with Audio Unit plugins. Working with a beta-tester having a lot of AUs on its laptop running on macOS 12.5.1, we encountered some weird crashes while opening some plugins (Krotos, Flux Audio, Sound Toys, etc.). The message we got was in French, I try to translate it but the original English version could be a little bit different: Impossible to open “NSCreateObjectFileImageFromMemory-p47UEwps” because the developper can not be verified. After this first warning, a Fatal Error 100001 message opens and the plugin seems crashed (but not the host). I easily found some music application users encountering similar issues on the web. From what I read, this error is related to new security rules introduced in macOS 12. And, effectively, some of these plugins tested on an older system work normally. I also read that some (insecure) entitlements of the Hardened Runtime should be able to fix this issue, especially Allow Unsigned Executable Memory Entitlement, whose the doc says: In rare cases, an app might need to override or patch C code, use the long-deprecated NSCreateObjectFileImageFromMemory (which is fundamentally insecure), or use the DVDPlayback framework. Add the Allow Unsigned Executable Memory Entitlement to enable these use cases. Otherwise, the app might crash or behave in unexpected ways. Unfortunately, checking this option didn't fix the issue. So, what I tried next was to add Disable Executable Memory Protection (no more success), and finally Allow DYLD Environment Variables and Allow Execution of JIT-compiled Code: none of them solved my problem. I really don't see what else to do, while I'm sure that a solution exists because the same plugins work perfectly on other application (Logic, Live Ableton). Any help would be greatly appreciated. Thanks !

i'm using quill 0.2.0 to sign and notarize an arm64 binary and I've been getting HTTP 400 error from the notarization server. Signing and notarization has worked without hiccups throughout this year, but last night after getting the error it ended up working without any changes to the certs or call to quill. This morning started getting the error again and only 1 of the 2 binaries were able to be signed with retries. Still getting this error on 1: <HTML><HEAD>\n<TITLE>Bad Request</TITLE>\n</HEAD><BODY>\n<H1>Bad Request</H1>\nYour browser sent a request that this server could not understand.<P>\nReference&#32;&#35;7&#46;4c822c17&#46;1692969095&#46;ec8f4c4b\n</BODY>\n</HTML>\n Is there a change being rolled out for the apple notarization service that requires a change on the client end? Or should this really be an http 500 error?

Dear Sirs, I’d like to write a virtual audio driver that also exchanges data with a application and thus probably also offers a driver extension using IOUserClient. My first implementation was based on the sample https://developer.apple.com/documentation/audiodriverkit/creating_an_audio_device_driver and everything works fine and as expected on my development machine and I can install/uninstall the dext from within my application. But I had to learn that I will not be given the required entitlement com.apple.developer.driverkit.family.audio as AudioDriverKit seems to be not intended to be used for virtual drivers. So I found out that this sample should be used as starting point for virtual audio drivers: https://developer.apple.com/documentation/coreaudio/creating_an_audio_server_driver_plug-in. But this sample does not include a dext offering the IOUserClient interface which I think I need. The next sample I found was https://developer.apple.com/documentation/coreaudio/building_an_audio_server_plug-in_and_driver_extension . This doesn’t use AudioDriverKit and it includes IOUserClient so it seems to be a good start. Nevertheless it also requires some entitlements which are com.apple.developer.driverkit and com.apple.developer.driverkit.transport.usb. The client also probably needs the entitlement com.apple.developer.driverkit.userclient-access. Would I be given these entitlements for a pure virtual audio driver and why would I need com.apple.developer.driverkit.transport.usb? And is there a chance that AudioDriverKit will also be opened for virtual drivers as it seems to be a much more modern approach and doesn’t require a reboot for installing? Thanks and best regards, Johannes