I need an OV certificate to code sign an Electron application. I was used to build in Jenkins the application oth for Windows and macOS using Electron-Forge (https://www.electronforge.io/guides/code-signing/code-signing-macos). To be more specific use XCode and Keychain to store the certificate. Sadly, new certificate industry requirements will force me to use Azure Key Vaults (or other cloud HSM alternatives) to store the certificate. I need to find a way to code-sign it for macOS from Azure Key Vaults or equivalent solutions. Thank you

I got this error while compiling to macOS app on flutter, can anyone help this problem ? error : replacing existing signature, resource fork, Finder information, or similar detritus not allowed

I am signing my app using this command: codesign --verbose=4 --force --options=runtime --deep --timestamp --sign "${APP_IDENTITY}" "${APP_FILE}" --entitlements "./Protect.entitlements I have ensured that the necessary provisioning profiles are embedded in the IPA file. I am also verifying the signing using codesign -dvv ./JumpCloud\ Protect\ Staging.ipa and codesign --verify --deep --verbose ./JumpCloud\ Protect\ Staging.ipa Despite following the above steps, when I attempt to upload the IPA file to Transporter, I receive the following error message: Missing or invalid signature. The bundle 'com.jumpcloud.JumpCloud-Protect.staging' at bundle path 'Payload/JumpCloud Protect Staging.app' is not signed using an Apple submission certificate.

Among the newest crash reports downloaded by Xcode for my App Store app there is one that contains a single thread, crashed at libsecinit_appsandbox.c, without any trace of my app name. What could possibly cause such a crash? Is this something related with app signing? The app has been on the App Store for a long time and this never happened to me. Thread 0 Crashed: 0 libsystem_secinit.dylib 0x00000001941dcfcc _libsecinit_appsandbox.cold.12 + 60 (libsecinit_appsandbox.c:454) 1 libsystem_secinit.dylib 0x00000001941dbf94 _libsecinit_appsandbox + 1764 (libsecinit_appsandbox.c:454) 2 libsystem_trace.dylib 0x00000001872be598 _os_activity_initiate_impl + 64 (activity.c:131) 3 libsystem_secinit.dylib 0x00000001941db85c _libsecinit_initializer + 80 (libsecinit_initializer.c:17) 4 libSystem.B.dylib 0x00000001941f2664 libSystem_initializer + 280 (init.c:338) 5 dyld 0x00000001871fe608 invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const::$_0::operator()() const + 168 (Loader.cpp:2198) 6 dyld 0x000000018723cd6c invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 340 (MachOAnalyzer.cpp:2481) 7 dyld 0x0000000187230400 invocation function for block in dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 496 (MachOFile.cpp:1669) 8 dyld 0x00000001871df2fc dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 300 (MachOFile.cpp:1185) 9 dyld 0x000000018722f394 dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 192 (MachOFile.cpp:1628) 10 dyld 0x000000018723c880 dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 516 (MachOAnalyzer.cpp:2448) 11 dyld 0x00000001871fa53c dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 564 (Loader.cpp:2189) 12 dyld 0x00000001872042d4 dyld4::PrebuiltLoader::runInitializers(dyld4::RuntimeState&) const + 44 (PrebuiltLoader.cpp:818) 13 dyld 0x000000018721dcc0 dyld4::APIs::runAllInitializersForMain() + 84 (DyldAPIs.cpp:3889) 14 dyld 0x00000001871e4010 dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 3156 (dyldMain.cpp:891) 15 dyld 0x00000001871e2ef4 start + 1868 (dyldMain.cpp:1265) Crash report

We have developed an electron app which we want to extend with an action extension. The action extension is written in swift in Xcode. Our plan was to build the .appex file and insert it into the PlugIns folder in our electron app, but I don't think this is the right way to do it? If we insert the .appex file before notarization then we get an error that we are "replacing existing signature". If we manually insert it after the notarization then we get an error with the app is damaged and can’t be opened. Can anybody provide a procedure for this kind of merge I would imagine that it goes something like: Sign app Sign extension Add extension to App Notarize app For signing the app we use electron-builder.

I'm working on an app that contains a USB Driver Kit extension for iPad (NOT MAC). The app contains two targets, the core app and the DriverKit extension target. I can run the app just fine using a dev cert and provisioning profile. ** What is the step-by-step process for signing the release build?** There seems to be no way to create a release profile for the Driver Kit target. I've tried multiple avenues, but come to a dead end on each. I have requested and received the correct entitlements. Also, on a separate note, has anyone achieved this process using Fastlane? It seems particularly resistant to building the app with the driverkit extension, even for dev builds. It complains about the driverkit dev profile not being an iOS profile. Thanks!

Hi, I've developed an application which reside under /Applications. Inside the main application bundle (/Applications/mainApp.app) there are sub-app that contain security extension. Here's the relevant path /Applications/mainApp.app/Contents/Helpers/subApp.app/Contents/Library/SystemExtensions/com.myComp.type.systemextension/ So far I could load the extension by running the subApp and make sure it calls the extension activation API. but seems like starting from Sonoma (i'm using version 14.6.1 )it stopped working, and I get crash dump on signature failure which trying to open the subApp.app. in the crash log I get reason of invalid code sign. I also get the following hints Binary Images: 0x1050a0000 - 0x10512bfff dyld_path_missing (*) <f635824e-318b-3f0c-842c-c369737f2b68> /dyld_path_missing 0x104d9c000 - 0x104d9ffff main_executable_path_missing (*) <1df5f408-cb16-304f-8b38-226e29361161> /main_executable_path_missing Is it possible that new OS version have new validation rule that enforce something about the location of the app that can start extensions ?

PLATFORM AND VERSION macOS Development environment: Other: Python Run-time configuration: macOS 14.6.1 DESCRIPTION OF PROBLEM We have created application using python and created .app using pyInstaller. We want to get the location access using python based application which we are trying to run on MacOS 14.6.1. Without including NSLocationUsageDescription in our info.plist, it is working fine but not getting location permission pop up. After including NSLocationUsageDescription in info.plist application got corrupted. STEPS TO REPRODUCE We are using below commands to sign the application codesign --force -s "Developer ID Application: Pitney Bowes (72NX38Y9GF)" -v DeviceHub.app --deep --strict --options=runtime --entitlements ../info.plist DeviceHub.app ditto -c -k --keepParent --rsrc --sequesterRsrc --arch 'x86_64' DeviceHub.app DeviceHub.zip xcrun notarytool submit DeviceHub.zip --keychain-profile "DHAgentProfile" --wait xcrun stapler staple DeviceHub.app

I first built WordPuzzleAids over 2 years ago. I built it on my MacBook Pro, using Xcode and Swift. The destination for the build was my iPhone. Two weeks ago, the app stopped working on the iPhone: I thought I might need to rebuild it on the on the MacBook and "re-deliver" it to the iPhone. The build failed with: CodeSign /Users/paddy/Library/Developer/Xcode/DerivedData/WordPuzzleAids-dnwilitxxdvpzablseyseujsllag/Build/Products/Debug-iphoneos/WordPuzzleAids.app (in target 'WordPuzzleAids' from project 'WordPuzzleAids') cd /Users/paddy/Projects/ThirdParty/WordPuzzleAids Signing Identity: "Apple Development: John Patterson (G9M8AH9CTD)" Provisioning Profile: "iOS Team Provisioning Profile: *" (650d11d4-ecd2-4458-a146-3cb55438e9dc) /usr/bin/codesign --force --sign 1FC4588FA2EAD7DCF9AAC9CDC823B567D76BCBE8 --entitlements /Users/paddy/Library/Developer/Xcode/DerivedData/WordPuzzleAids-dnwilitxxdvpzablseyseujsllag/Build/Intermediates.noindex/WordPuzzleAids.build/Debug-iphoneos/WordPuzzleAids.build/WordPuzzleAids.app.xcent --timestamp\=none --generate-entitlement-der /Users/paddy/Library/Developer/Xcode/DerivedData/WordPuzzleAids-dnwilitxxdvpzablseyseujsllag/Build/Products/Debug-iphoneos/WordPuzzleAids.app /Users/paddy/Library/Developer/Xcode/DerivedData/WordPuzzleAids-dnwilitxxdvpzablseyseujsllag/Build/Products/Debug-iphoneos/WordPuzzleAids.app: errSecInternalComp I have attached the build documentation file Build WordPuzzleAids_2024-08-29T21-17-09.txt

I'm trying to sign an app to run locally because development provisioning does not work for unspecified reasons. I'm adding NSAllowsLocalNetworking to the app transport security section of the entitlements and the result is that the selection to sign the app locally vanishes from the signing section in Xcode. I need to access a local web application which does not provide HTTPS. I'm not only very confused about this but actually pretty ******. Is this once again Apple playing games for absolutely no reason? Why can't I build and run an application on my system that does not have to do anything with Apple, the app store, customers or anything? This is just for me and I cannot make it work.

I have an app that runs on macOS Monterey. For various reasons, I have to externally add a sandbox entitlement (externally, as in using codesign, rather than rebuilding it) After adding the sandbox entitlement, and resigning appropriately, the app crashes on launch with the following error : ERROR:process_singleton_posix.cc(1186)] Failed to bind() /var/folders/s2/j0z79krx321qg318das1r95_zc0000gn/T/com.funkyapp/S/SingletonSocket So I assumed I needed to give access to this file. So I added the following entitlements to the app, via codesign : &lt;key&gt;com.apple.security.temporary-exception.files.absolute-path.read-write&lt;/key&gt; &lt;array&gt; &lt;string&gt;/var&lt;/string&gt; &lt;string&gt;/var/folders/s2/j0z79krx321qg318das1r95_zc0000gn/T/com.funkyapp/S/SingletonSocket&lt;/string&gt; &lt;/array&gt; and also &lt;key&gt;com.apple.security.network.client&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.network.server&lt;/key&gt; &lt;true/&gt; Unfortunately, it still crashes on load, with the same error. Does anyone know why that is? From my perspective, I gave the appropriate entitlements to bind a socket at that path, what am I missing? Thanks !

I have been working with a framework to add multiplayer support to my app. The app runs on test devices, simulators, and archives perfectly fine and the app is fine without the framework. But when I go to distribute the app, I see get this error related to the multiplayer framework I have added. I have tried updating the minimumOSVersion to 9.0, 10.0, 12.0, and 13.0 everywhere (info.plist, deployment info, build settings, etc) and they all match with each build/archive but no matter what I can't get fix this error. This error only shows up when I go to distribute the app to the store. Any ideas on what to try or how to fix this issue? I've attached a screenshot of the issue below.

I am having a peculiar issue with an app I am developing. I am trying to upload it onto App Store Connect but I am getting one error, and a very odd behavior. The error message I am getting is: /Users/user/Documents/GitHub/MyApp/MyApp/DerivedData/MyApp.pub/Build/Intermediates.noindex/ArchiveIntermediates/MyApp.pub/InstallationBuildProductsLocation/Applications/MyApp.pub.app: resource fork, Finder information, or similar detritus not allowed Command CodeSign failed with a nonzero exit code I have cleaned built the directory, I have removed the Derived Data, but this always gets thrown. It was working fine a few months ago, I have only just got back to working on it. The other issue I am havving, when I set to archive the app, I set the target as Any iOS Arm Device (arm64), but when it is archiving it switches to my iPhone as the target. I don't prompt it to do this, it just does it. This is very frustrating. I'm using a MacBook Air M1, with a macOS Sonoma. I updated my Xcode the other day, that's Version 15.4 (15F31d). My App has a minimum target of iOS 15 and a project target of Xcode 13. Any help is appreciated.

multiprocessing.Queue() method of python getting "PermissionError: [Errno 1] Operation not permitted" error if it is sandboxed: CODE: import multiprocessing tensorflow_coordinates_queue = multiprocessing.Queue() ERROR: ./test_temp9 Traceback (most recent call last): File "/Applications/test_temp9.app/Contents/MacOS/test_temp9.py", line 4, in <module> File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/context.py", line 103, in Queue File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/queues.py", line 43, in __init__ File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/context.py", line 68, in Lock File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/synchronize.py", line 162, in __init__ File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/synchronize.py", line 57, in __init__ PermissionError: [Errno 1] Operation not permitted BUNDELED WITH NUITKA: echo *** | sudo -S python3.9 -m nuitka --run --standalone --macos-disable-console --macos-create-app-bundle --macos-app-mode=ui-element --enable-plugin=pyside6 --macos-app-icon=icons/app_icon.png --include-data-dir=icons=icons test_temp9.py SIGNED WITH FOLLOWING SH: sign.txt sign2.txt ENTITLEMENTS: app.entitlements.txt

Hi, When postinstall tries to run another binary inside the ./scripts folder I package with pkgbuild, it gets killed by taskgated when the postinstall script tries to run it. └── Contents ├── Helpers ├── Info.plist ├── MacOS │   ├── UI │   └──Worker ├── PkgInfo ├── Resources │   ├── com.ui.plist │   ├── com.worker.plist │   └── icon.icns ├── _CodeSignature │   └── CodeResources └── embedded.provisionprofile scripts: ├── token_installer ├── postinstall ├── token_installer ├── postinstall How I am signing: codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force out/myapp.app/Contents/MacOS/UI codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force out/myapp.app/Contents/MacOS/Worker codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force ./scripts/token_installer codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force ./scripts/postinstall codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force out/myapp.app echo "pkgbuilding..." pkgbuild --root ./out/myapp.app --sign "$DEVELOPER_ID" --identifier com.myapp.app --version 1.0 --install-location /Applications/myapp.app --scripts ./scripts ./out/myapp.pkg echo "productbuilding..." # productbuild --distribution ./Distribution.xml --package-path ./out/myapp.pkg --resources . ./out/MyAppInstaller.pkg productbuild --product requirements.plist --distribution ./Distribution.xml --package-path ./out/myapp.pkg --resources . ./out/MyAppInstaller.pkg productsign --sign "Developer ID Installer: My Company Inc (***)" --force ./out/MyAppInstaller.pkg ./out/MyAppInstallerSigned.pkg Sidenote: all binaries that are not the main executable, UI, get killed by taskgated, but I figured I will wrap the Worker in its own app Inside Helpers. I just do not see the point in doing that for the token_installer, since it should only be called once ever, during postinstall. Is there a way to make it run without having to include it in the app bundle itself?

I am having an issue when archiving in Jenkins. The log says: SignatureCollection /Users/***/Library/Developer/Xcode/DerivedData/***/Build/Intermediates.noindex/ArchiveIntermediates/***/BuildProductsPath/Release-iphoneos/Some.xcframework-ios.signature error: signature-collection failed: The operation couldn't be completed. (XCBUtil.CodeSignatureInfo.Error error 0.) I am able to build and archive without any issue locally.

I have embedded Python in my iOS project in XCODE according to Beewares Usage guide https://github.com/beeware/Python-Apple-support/blob/main/USAGE.md when running, I get the error that pythonKit can't find cv2, imported by ultralytics. When I add OpenCV-python to my app_packages folder (just like ultralytics) I get the following error: Code signing identifier (libtheoraenc.1) does not match bundle identifier (com.iubh-lea.Meye.cv2.) for /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.s2Bujt/extracted/Meye.app/Frameworks/cv2..framework any way to add cv2 Framework accessible by python kit without signing mismatch?

I have been having this problem since xcode cloud came out, it is a shame that this tool cannot be used, I have this problem that xcode cloud always fails to form the code, I have already tried deleting the xcode cloud certificates. Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “MyApp.app/MyApp” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values ​​at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing.

I have a security agent plugin that uses NSXPCConnection to communicate with a launch daemon. This works well, but I want to make sure the launch daemon has not been compromised. I added code to call setCodeSigningRequirement in my module that handles the client side of the NSXPCConnection. However, when used in the security agent plugin, remoteObjectProxyWithErrorHandler reports an error NSCocoaErrorDomain Code=4102 "The code signature requirement failed." If I call my xpc module from a test application, I do not receive an error and everything works as expected. I have tried different code signing requirements. Even with just "anchor apple generic" I still get the error. The console log shows two entries of interest com.apple.SecurityAgentHelper.arm64 default 09:13:29.677567-0500 SecurityAgentHelper-arm64 EOGSecurityServiceClient biometricAuthorization remote proxy error: Error Domain=NSCocoaErrorDomain Code=4102 "The code signature requirement failed." UserInfo={NSDebugDescription=The code signature requirement failed.}

Helo, I'm trying to upload my React Native App to test with TestFlight but in the archives when I validate the app I received the following error: Missing signing identifier at "/var/folders/72/pp85df852gxbzn51b2b34blw0000gn/T/XcodeDistPipeline.~~~PCbJ98/Root/Payload/ Failed to cloud sign "/var/folders/72/pp85df852gxbzn51b2b34blw0000gn/T/XcodeDistPipeline.~~~PCbJ98/Root/Payload/Click+". Please file a bug report at https://feedbackassistant.apple.com.