I'm seeing the same problem. I had been using Catalina to do all of my official builds, but for various reasons I wanted to try it with Big Sur this time. I had noticed problems when exporting Developer ID builds. Every other export would fail on my quick look plug in. I guess I have to re-write my quicklook plugins, eh?

Yes, I mean trusted by Apple. What I have seen with experimentation is that when I sign with some TSA other than that of Apple's then Authority=(unavailable) is shown in signature, that’s the reason I'm not sure it will work. Basically, I'm exploring the option of signing artifacts with other TSA in case Apple's TSA is down. I doubt that Apple, or any reasonable company or organization, would trust anyone other than themselves. I have seen people try to justify a custom timestamp based on the fear that Apple's server goes down. But Apple is one of the biggest companies in the world, would you be able to find some other service that is more reliable? And what is the risk of a failure on Apple's part? And what is the cost of failure on Apple's part? By this I mean, how likely is Apple's server to go down and how long would it stay down? Also, can there be any unforeseen issues after signing? This is exactly what I am worried about, the unforeseen issues. Basically if there is slight possibility of any of the above issues then it becomes no-go for me but then it makes me wonder why is there an option to specify TSA in codesign command.  There is always a possibility of failure. In fact, there is always an absolute guarantee of failure. It is only a question of when. Are you going to find some other service that has a lower possibility of failure than Apple? And what additional risks or costs are you willing to spend for that (false) guarantee? As I understand it, the reason for this option is to allow signed software in an environment that does not have internet access. Such facilities typically have other, often physical, security mechanisms in place. In theory, you might be able to use a local timeserver in such an environment. But in any environment that has internet access, I can't think of any rational reason not to use Apple's servers. Think of it this way. If you do something funky and it breaks, that's on you. You bear sole responsibility for any and all damages. No one will remember or notice if your software was functional during some Apple outage. If there were a widespread Apple outage, some other cascading failure would likely prevent your software from working anyway. But if you accept the Apple defaults and it breaks, that's on Apple. No one will blame your company or software. A few haters might say that you shouldn't have trusted Apple, but haters should be ignored. You will never be able to satisfy them no matter what you do.

You should probably open a DTS ticket for this. It looks like you have some low-level kernel operations that are not working. Those are very difficult to do correctly.

You have installed some 3rd party software called "sentinel" that is interfering with the operating system at a very low level. I don't know if this is malware or, even worse, anti-malware. But that is definitely the cause.

This is the developer forum. All answers will require you to use programming instructions of some kind. That's the whole point. You should probably post your question in Apple's Consumer support forums instead: https://discussions.apple.com/welcome Those consumer support forums are much, much larger. Instead of waiting days (or forever) for an answer, you can expect an answer in a few minutes. You just have to make sure to pick the appropriate forum and provide a good description of the problem. Sometimes, the big forums are so busy that questions don't get answered in a few minutes and they fall off onto page 2, where no one will ever look for them. After 24 hours, an Apple Community Specialist will offer you a couple of Apple Support articles that might or might not help.

Can I use any timestamp server with codesign command? Apparently If yes, can you please share list of trusted TSAs? You mean other than Apple? Trusted by whom? The codesign command does support a timestamp server parameter. If you trust the server, then you can supply a parameter. I have no idea if it works or not. Also, will notarization succeed if I use non-apple timestamp server? Utterly no clue. Given what I've seen regarding Notarization problems, this seems like a high-risk approach. Notarization is drop-dead, fall-of-a-log, Oh My God This is Easy! Yet some people insist on trying new and unusual ways to build code and attempt to notarize it. Each new failure is more comical and bizarre than the last. If you sincerely think it would be a good idea to use a custom timestamp server and to attempt to notarize software with it, why don't you just try it and see if it works? What's the worst that could happen? Your download displays a big "cannot check for malware" warning? Some minor operating system update causes your app to stop working? Your app stops working on its own on some random date in the future and no one know why? Your customer band together and file a class-action lawsuit? How do I specify a timestamp server in productsign command? I see no timestamp server option in the productsign command.

What do you mean by "library"? You could have a static archive library that would directly link into your executable like any other object code. You could have a framework, which is a fancy wrapper around a dynamic library, that you would specify under General > Frameworks and Libraries. This framework would automatically be bundled with your app. If you have an Xcode workspace with both app and framework targets, then this is how it is all supposed to work. You could also have a dynamic library. I think you could also specify this under General > Frameworks and Libraries. I've never used this option as it is problematic for many reasons. Another option is to install your dynamic library and/or framework separately into ~/Library/Frameworks or /Library/Frameworks (or some other location) and specify all the correct settings so that your app can find it. Again, this is problematic for many reasons.

Build settings reference - https://help.apple.com/xcode/mac/11.4/#/itcaec37c2a6

Obviously clang does support the architecture. It just doesn't support that flag on arm.

It sounds like you are in the wrong forum, possibly the wrong web site. When I read your post, this is what I see: blah, blah, 3rd party, blah, buzzword, blah errSecInternalComponent Command CodeSign failed with a nonzero exit code We're using: something something else something I've never heard of and sounds really bad but same account to build with blah, blah, blah People here would be happy to dig into those two items that make sense. Do you have a crash log or something that someone could look at? Maybe a command invocation and full stdout/stderr? Otherwise, nobody has any idea about those 3rd party tools and how they interact with Xcode and each other. In truth, it sounds like some kind of docker-fuelled, deep-stack, tensor-flow AI typescript pipeline. This is not our world.

Thanks a lot for the replies and thoughts. Do people have favorite resources for learning the ropes as a small business? I've been reading "Small Time Operator." I know of no such resource for app developers. Moreover, most of the information that you will find about starting an indie app development business is wrong, sometimes maliciously wrong. Developing software is not like other businesses. When you go to talk to an accountant, lawyer, or insurance broker, you have to explain it to them from the ground up. In many cases, they will have never encountered anything like this in their careers. When you fill out forms, you will struggle to even find the right category to identify your business type. When you look to find out what tax and consumer protection laws apply to your business, you will have to go deep into the minutiae of intangible personal property and/or software services. Most of what exists for "software" is designed for companies like IBM. Either it will not apply to your small company, or it will, with all the paperwork, fees, and forms that IBM has to submit. It was easier years ago when it was more of a "Wild West". Now, all of the authorities know something is going on, they know they are being cheated, and they are looking to get control. However, there is one bright spot - Apple. We will soon see the end of the Golden Age of the app developer, but it isn't over yet. As bad as it is, Apple is as good as it gets. Apple takes care of most of the details and gives you access to the best customers. You should be able to find professional services like accountants, lawyers, or insurance brokers who know about Apple's developer program and maybe already work with some Apple app developers. Keep looking until you find them. You might have to choose some bigger, more expensive names than you would like. But the bigger companies have more resources to tap into than the local folks who just deal with plumbers and duct cleaners. If they don't know how to do something, they have people they can call and ask. I can't make any guarantees about the future. There are a lot of powerful and/or influential people who are working hard to put an end to this. They've made their money and now they want to burn it all down. Don't follow their advice.

You should probably file a bug report. It looks like they installed the wrong certificate for that service.

The App Sandbox has no boxes checks or files selected, on the signing&capabilites for the target. Those checkboxes and options under App Sandbox are exceptions to the sandbox's restrictions. Since none of those are checked, that means you are running under the highest level of restriction. Your app will not be able to access ~/Documents at all as long as "User Selected File" is still set to "none". If you want to turn off the sandbox, look in the upper, left corner of the App Sandbox area. You will see an "x" button that you can click to turn off the sandbox entirely. PS: If you want to post code in the future, make sure to use the "Code block" button in the forum toolbar. Otherwise, the forum software will scramble your code. Even so, you should carefully review that code. It looks fragile.

You should probably post this in a Swift forum. It doesn't have anything to do with Foundation.

The app I'm building is an electron app. You don't say. I'm signing the app content using the command line tools. And then I'm packaging it as .pkg. Fair enough Transporter is apple's recommended app to upload app packages to MacOS App Store. It is supposed to find issues with package early on before submitting it to macOS App Store. All checks were passed. Apple recommends using Xcode. They provide Transporter for people who want to make life more difficult for themselves, but I wouldn't call that a recommendation. I don't see how Xcode can be used(the app is written in javascript using electron, not in swift or objective C) Maybe do some additional research on your Electron platform. I have tried different permutation combination of signing with Apple ID, using provision profile, changing .plist file, etc. You mean, random trial and error? That is not a recipe for success. What has Electron support told you about this issue?