Hello, I am setting up a build (Gitlab CICD) runner. I create a keychain and imported certificate and my signing key. $ security find-identity -v XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)" (CSSMERR_TP_NOT_TRUSTED) 1 valid identities found $ security find-identity -p codesigning -v XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)" 1 valid identities found Codesign fails with unable to build chain to self-signed root for signer "Developer ID Application: XXXXXX, INC. (XXXXXX)" errSecInternalComponent On the local machine everything is fine. I think the point is that the identity is both valid and CSSMERR_TP_NOT_TRUSTED. What can I do about it?

Hello, I'm have a new Macbook and setup my Enterprise account. Part of my job is to view the expiration dates on certificates for other users. This should be a simple process but when I click on the certificate, there's a button "view certificates" I should be able to click on and see the expiration date and basic details on that specific certificate. The problem I have is that when I click on "view certificates", I get the error: "An error has occurred. Unable to display information about the selected item." I've tried steps online but to no avail. How can I get this fixed? My two other coworkers are able to just click on that button and view the certificate details, except for me. I've attached the screenshot. Thank you for your help Regards JJ

Electron-Builder Version: 24.12.0 Electron-Builder-notarize Version: 1.5.1 Node Version: v15.14.0 Electron Version: 11.3.0 Electron-updater version: ^4.3.5 Target: Mac Apple Store (mas) Hello, I am trying to build and sign a new version of my electron app for the mac apple store (mas), but when I get to the final step of uploading the RenderTune.pkg file to the mac transporter app, I get a failed status with 22 errors all the same formatting like so: Asset validation failed (90284) Invalid Code Signing. The executable 'com.martinbarker.digifyunique.pkg/Payload/RenderTune.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/etc....dylib' must be signed with the certificate that is contained in the provisioning profile. (ID: abc-abc-abc-abc-abc) In order to build and sign this RenderTune.pkg file, first I run the command npm run build-mas locally while on branch v1.1.5 ( code here ) Which runs the following command: "build-mas": "electron-builder build --mac && sh signmasscript.sh", So first it runs electron-builder build --mac and gives this output: Martins-MacBook-Air:rendertune-v1.1.5-feb-24 martinbarker$ npm run build-mas > rendertune@1.1.5 build-mas > electron-builder build --mac && sh signmasscript.sh • electron-builder version=24.12.0 os=20.6.0 • loaded configuration file=package.json ("build" field) • writing effective config file=dist/builder-effective-config.yaml • packaging platform=darwin arch=x64 electron=11.3.0 appOutDir=dist/mac • signing file=dist/mac/RenderTune.app platform=darwin type=distribution identity=ACBACBACBACBACBACBACBACBACB provisioningProfile=none • skipped macOS notarization reason=`notarize` options were not provided • building target=DMG arch=x64 file=dist/RenderTune-mac.dmg • building target=macOS zip arch=x64 file=dist/RenderTune-mac.zip • building block map blockMapFile=dist/RenderTune-mac.dmg.blockmap • building block map blockMapFile=dist/RenderTune-mac.zip.blockmap Completes without issue. The next part is running the signmasscript.sh file, which does complete but gives these errors: Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 productbuild: Adding component at /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/dist/mas/RenderTune.app productbuild: Signing product with identity "3rd Party Mac Developer Installer: Martin Barker (LV6WXG529F)" from keychain /Users/martinbarker/Library/Keychains/login.keychain-db productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority" productbuild: Adding certificate "Apple Root CA" productbuild: Wrote product to /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/RenderTune.pkg productbuild: Supported OS versions: [10.10.0, ) The final output RenderTune.pkg file gives 22 error messages saying `` when I try to deliver it via the mac os transport app. Asset validation failed (90284) Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile Is my app even being signed correctly? Or is there just one file that I need to fix? Please help me out !

I am using TapToPay with stripe it is working fine on the development mode but when i try to create build for app store it shows 2 errors.

I am having trouble with my Team/Bundle Identifier and the iOS box right under it in Signing & Capabilities. I went and tried to add my device to the apple developer website but it was already logged in. If anyone can help me that would be most appreciated.

Hello everyone, I was added to an organization account, and I was given app owner access. I can see the created app on my dashboard, but I can access it on my XCode. I can only see my Personal team Here's the screenshot below: I can't see the team I was added to because that was where the app was created. Here's the app on my dashboard Can anyone help please? Thanks in advance

I've installed the same developer certificate onto three different Macs. When viewed in the keychain (or in Xcode) on one Mac it says its revoked, on another it says its not trusted, but on a third there's no issue reported. How could there be a difference between the three Macs? (Both Macs have the date/time set to be the same). Can 3rd party software, VPNs etc. interfere in this at all?

Hello everyone, Due to a change in our development team we had to revoke some certificates and regenerate new one. I have generated a Development Mobile profile including needed certificates etc. Also, in Xcode 15 i have disabled "automatically manage signing" and everything look okay as I can see the generated provisioning profile, my team, my certificate etc. Build is working correctly. We are using App Center as a CI to build/archive.. our iOS app. During the last step of the archive export I have the following error which I cannot resolve : [command]/usr/libexec/PlistBuddy -c Print CFBundleIdentifier /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive/Products/Applications/OurStagingApp.app/Info.plist com.OurStagingDomain.OurStagingApp [command]/usr/libexec/PlistBuddy -c Add provisioningProfiles:com.OurStagingApp.OurStagingApp string toktokdoc provisioning profile development _XcodeTaskExportOptions.plist [command]/usr/bin/xcodebuild -exportArchive -archivePath /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive -exportPath /Users/runner/work/1/output/build/export/_XcodeTaskExport_OurStagingApp -exportOptionsPlist _XcodeTaskExportOptions.plist 2024-02-08 14:21:05.218 xcodebuild[18640:56463] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/r0/ztvld9wd66bfpv_g6h3ksl000000gn/T/OurStagingApp_2024-02-08_14-21-05.213.xcdistributionlogs". 2024-02-08 14:21:05.370 xcodebuild[18640:56463] [MT] IDEDistribution: -[IDEDistributionMethodManager orderedDistributionMethodsForTask:archive:logAspect:]: Error = Error Domain=IDEDistributionMethodManagerErrorDomain Code=2 "Unknown Distribution Error" UserInfo={NSLocalizedDescription=Unknown Distribution Error} error: exportArchive: exportOptionsPlist error for key "method": expected one of {}, but found development Error Domain=IDEFoundationErrorDomain Code=1 "exportOptionsPlist error for key "method": expected one of {}, but found development" UserInfo={NSLocalizedDescription=exportOptionsPlist error for key "method": expected one of {}, but found development} ** EXPORT FAILED ** ##[error]Error: /usr/bin/xcodebuild failed with return code: 70 I tried to regen certificates, regen provisioning profile, use automatically signed.. Also this is the logs of the last working build : DEV PROV PROFILE TokTokDocRCX [command]/bin/rm -f _xcodetasktmp.plist [command]/usr/libexec/PlistBuddy -c Print CFBundleIdentifier /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive/Products/Applications/OurStagingApp.app/Info.plist com.OurDomain.OurStagingApp [command]/usr/libexec/PlistBuddy -c Add provisioningProfiles:com.OurDomain.OurStagingApp string DEV PROV PROFILE TokTokDocRCX _XcodeTaskExportOptions.plist [command]/usr/bin/xcodebuild -exportArchive -archivePath /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive -exportPath /Users/runner/work/1/output/build/export/_XcodeTaskExport_OurStagingApp -exportOptionsPlist _XcodeTaskExportOptions.plist 2023-08-02 11:20:01.234 xcodebuild[19044:64264] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/cn/nkrr6l5n0jz01kq9jbtb9tg00000gn/T/OurStagingApp_2023-08-02_11-20-01.233.xcdistributionlogs". Exported OurStagingApp to: /Users/runner/work/1/output/build/export/_XcodeTaskExport_OurStagingApp ** EXPORT SUCCEEDED ** I have replaced some logs with "OurStagingApp". Also when trying to build the archive via xcode 15 the button validate is disabled. In my podfile: target.build_configurations.each do |config| config.build_settings['ENABLE_BITCODE'] = 'NO' config.build_settings['CODE_SIGNING_ALLOWED'] = 'NO' config.build_settings['IPHONEOS_DEPLOYMENT_TARGET'] = '14.0' config.build_settings['BUILD_LIBRARY_FOR_DISTRIBUTION'] = 'YES' config.build_settings['SKIP_INSTALL'] = 'NO' end Thanks for your help

I've tried to implement the steps suggested for configuring code signing https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development on runners However, I could not sign my app build when I was using Virtual Runner. Is it a limitation coming from the Apple virtualization framework restriction (for signing in with Apple ID), or did I miss some configuration for Xcode? I was trying both manual and automatic signing but never succeeded (

Learn how code signing uses certificates to identify code authors. View Technote TN3161 >

It requires a provisioning profile, and while I have one, I cannot select it within Signing & Capabilities since it is empty. On blank projects it works as intended, but whenever the Unity stuff gets imported, it just disappears entirely, making it impossible to export Unity Titles to visionOS.

I'm experiencing an issue while attempting to create a provisioning profile for push notifications. But I can clearly see that the push notification service is enabled for the new provisioning profile. However it still shows error.

Hi, I successfully developed a key storage provider (KSP) under Windows that allows me to digitally sign from 3rd party application (typically Acrobat Reader but not only). Now I'm trying to port the key storage provider to macOS, but I cannot find an equivalent technology under this OS. I've tried different solutions: API hooking/method swizzling/dll interposing: It doesn't look officially supported plus easily blockable (with hardened runtime); Endpoint security framework: It looks basically for watch-only purposes plus minimal blocking capabilities; Is there any supported way to implement a KSP macOS equivalent? Any suggestion? Something else to explore? Thanks a lot, max

I'm not able to run my app on my device as Xcode is unable to create a provisioning profile for my app without the paid developer membership. I followed the troubleshooting steps on stack overflow here but to no avail. Any help?

Hello everyone I tried to upload my playground app via Xcode to AppStore Connect. Unfortunately it didn’t worked. I tried everything what the error suggested me to do. But its still not working. Has anyone ever encountered this error?

Hello all professions, I'm now facing an problem with distribution certification expiration for the enterprise account. We're using enterprise account for publishing some internal apps for our organization without uploading to AppStore but by other platforms, but both cert and profile have 1 year expiration and now it's about to expire. So we're going to extend the app expiration date now. Read some articles that the best practice is renewing cert before it expired, for some reasons that we CANNOT add new certifications if we're not revoking any of existing certs, so what we are going to do is: We will revoke the cert first let's say certA, and then create a new cert with all configurations as same as certA let's say certB and then distribute new app version by certB. If we're going to do so, then the question comes: Will the existing installed apps distributed by certA still available? (if it has couple months to be expired for certA) Continue with question1, if no, all existing apps will not be available anymore, then what's the best practice for us to manage certs and app for the users without cert renewing downtime? Will there be any issue if we user another cert let's say certC just create now to distribute new app version without revoking current certA? such as it will be recognized a brand new app, etc thanks all

Hello, I build my app on Unity 2021 using the service Unity Cloud Build. I enabled iCloud key-value storage and it correctly show up in the entitlement file. Whenever I try to make a cloud save, Unity Logs says that the process was successful but it didn't save anything on the cloud. I had a look to the logs on my device and I found this strange error: cloudd(CloudKitDaemon)[804] <Error>: Identity set <private> was expected to have a current key set <private>. Error Domain=securityd Code=-25300 UserInfo={NSLocalizedDescription=<private>} cloudd(CloudKitDaemon)[804] <Error>: Identity set <private> does not have a current key set. Not using it. cloudd(CloudKitDaemon)[804] <Error>: Didn't get a service identity from the PCS framework I searched online but I couldn't find anything informative. Any suggestions?

We are using an iPhone app distributed as an AdHoc app, but an error message saying "App cannot be verified" was displayed. The error screen says, "Internet connection is required to verify the credibility of developer "Apple Distribution:●●●● CO.,LTD.(QQQ29B8GG2)"." When using this app, We are connected to the LAN, but not connected to the Internet. If you temporarily connect to the Internet and start the app when the error screen appears, the error screen will disappear. After that, when I switched from connecting to the Internet to connecting to LAN, it worked normally for a while, but after about 2 months, the same error screen appears again. Please tell me how to resolve this error.

I've developed a Java application for ad hoc distribution, not intended for the Apple Store. Using the jpackage utility and the parameters... --mac-sign --mac-signing-keychain --mac-signing-key-user-name ...I'm able to point the software to a signing certificate. My problem is that jpackage requires a certificate with a "Developer ID Application" type/prefix, and I'm not authorized to create a certificate of this type, as "This operation can only be performed by the account holder." I thought it might be sufficient to create a "Distribution" certificate, since this allows a developer to "Sign your iOS, iPadOS, macOS, tvOS, watchOS, and visionOS apps for release testing using Ad Hoc distribution or for submission to the App Store." However, there doesn't appear to be any way to get jpackage to accept anything other than a "Developer ID Application" -prefixed certificate. I gather from this, and the fact that the Developer ID Application certificate is described as "This certificate is used to code sign your app for distribution outside of the Mac App Store," that this is the only type of "legitimate" security certificate Apple will accept when launching out-of-store apps. I'm not certain of this, however, and I'd like to be certain before pestering my client about it. My questions are: Is a "Developer ID Application" certificate specifically required, or can I sign the app using, e.g., a "Distribution" certificate without issues? If a "Developer ID Application" certificate is required, is it possible for my client (the "Account Holder") to grant me access to download it and use it? If a "Developer ID Application" certificate is required, what exactly is a "Distribution" certificate good for? Why isn't it sufficient to distribute software? If I can sign the app using a Distribution certificate, is there a way to force jpackage to do this, or do I have to it manually using, e.g., codesign ex post facto? Note that this issue has cropped up before on this thread, but the developer there ultimately found his developer ID certificate and the discussion was abandoned before any answers were forthcoming.

I'm working on a macOS app that uses a JSContext and I want to debug it with the Safari Web Inspector. According to Session 402 at WWDC 2016 the following entitlement is required: <key>com.apple.webinspector.allow</key> <true/> This is easy enough to add, but it causes the app to crash at launch with a code signing issue. The console shows that taskgated-helper is reporting just before the crash: Unsatisfied entitlements: com.apple.webinspector.allow For anyone who finds this, here's what you need to know: https://webkit.org/blog/13936/enabling-the-inspection-of-web-content-in-apps/ Basically, there's now a inspectable property on both the WKWebView and JSContext. Unfortunately, there's no mention of the old entitlement in the WebKit blog post, so it's impossible for folks using the old technique to find. Hopefully this post will bridge this gap. It also might be something for @eskimo to add to his (always helpful) code signing documentation. -ch