codesign failure in xcodebuild

App & System Services Drivers
RobHDt OP
Created Mar ’20
Replies 5
Boosts 0
Views 3.2k
Participants 2

I have a project that includes an Endpoint security system extension as a launch daemon and a network extension in another linked app.


Previously I have built the project in release mode via xcodebuild. This worked fine during testing where my provisioning profile was a testing one not provisioned for all devices.


Now I have switched the provisioning profile for a distribution ID profile that is provisioned on all devices. Building through xcode itself successfully builds in debug and release. However building through `xcodebuild` fails at the `codesign` task.


what could be going on ? note my dev machine is offline.


Best Regards

Answered by adverse camber in 408696022

Does the


Other Code Sgning Flags


section of the Signing section of your Build settings include


--timestamp


?


If that flag is present then an attempt will be made to obtain a signed timestamp from an Apple server.


If your machine is off-line then the code signing step will fail.

Replies  5
Boosts  0
Views  3.2k
Participants  2
adverse camber OP
Mar ’20
Accepted Answer

Does the


Other Code Sgning Flags


section of the Signing section of your Build settings include


--timestamp


?


If that flag is present then an attempt will be made to obtain a signed timestamp from an Apple server.


If your machine is off-line then the code signing step will fail.

0
RobHDt OP
Mar ’20

One more thing to note is that when I build through xcode gui (not `xcodebuild`) and transfer products to a SIP enabled machine I observe some odd behaviour.


The endpoint security extension works fine if its started through `launchd`, as does the app thats used to launch the system extension. But launching the system extension itself fails with a codesigning error `The operation couldn’t be completed. (OSSystemExtensionErrorDomain error 8.)`

0
adverse camber OP
Mar ’20

Have you tried looking for messages from sysextd etc in the console ?


The error messages from sysextd can be very helpful sometimes.


If you filter on your bundle-id or a prefix of your bundle id then try doing whatever it is that's failing you might see some more information about the actual problem.

0
RobHDt OP
Mar ’20

thank you for this! I indeed got alot more useful information. Below is a redated list of events:

- staging extension with identifier [APP_ID]

- Making activation decision for extension with teamID teamID("[TEAM_ID]"), identifier [APP_ID]

- Extension with teamID teamID([TEAM_ID]), identifier [APP_ID] is not in the list of allowed extensions.

- Activation decision for extension with teamID teamID("[TEAM_ID]"), identifier [APP_ID] is UserOption

- validating extension with identifier [APP_ID]

- MacOS error: 3

- Error checking with notarization daemon: 3

- bundle code signature is not valid - does not satisfy requirement: -67050 code failed to satisfy specified code requirement(s)

- extension failed to validate! uninstalling...


I dont see the extension appearing in Security & Privacy settings for me to allow it. Is there some other way of explicitly allowing this ?

0
RobHDt OP
Mar ’20

Adding --timestamp=none to the "other code signing flags" options in the build settings causes it to successfully build through xcodebuild thank you.


Still experiencing the unallowed extension error as described in my other comment.


BR

0
codesign failure in xcodebuild
First post date Last post date
 
 
Q