I encountered a signature issue, codesign -f -s "Developer ID Application: ***" /Users/leagsoft/Desktop/uninstall /Users/leagsoft/Desktop/uninstall: replacing existing signature Warning: unable to build chain to self-signed root for signer "Developer ID Application:***" /Users/uninstall: errSecInternalComponent but using Sodu can sign normally

Summary We have a .net 8 application that consists of 2 components, a GUI app and a launch daemon. The .pkg file for the GUI app is created by Visual Studio, and this .pkg is then bundled with the launch daemon into one installer using the packagesbuild utility. The problem we're facing is that our customer's MDM system is refusing to install the app because of a missing lock icon in the installer, which makes it look as if the app was not signed even though it is (shown on the right in the image below). Installer package contents The .pkg file created by packagesbuild contains the GUI app .pkg file shown on the left in the image above, signing of this file is handled by the .net build process. It also contains two third party .dylib files (one for intel, the other for arm), which are re-signed with the following command: codesign --sign "Developer ID Application: [...]" \ --force --options runtime --no-strict \ "<file-path>" The launch daemon is build with .net and then signed using this command: codesign --sign "Developer ID Application: [...]" \ --force --options runtime --no-strict \ --entitlements "<entitlements-path>" \ "<file-path>" I don't know if it's relevant, but there are also several .plist and .json files. Final package signing The .pkg file created by packagesbuild is signed using: productsign --sign "Developer ID Installer: [...]" \ --cert "Developer ID Installer: [...]" \ "com.optimidoc.cloudclient.pkg" \ "com.optimidoc.cloudclientsigned.pkg" After signing, the package is notarised with xcrun notarytool. Both the signing and notarisation finish without error, which I've validated by running pkgutil --check-signature "<file-path>" Package "com.optimidoc.cloudclientsigned.pkg": Status: signed by a developer certificate issued by Apple for distribution Notarization: trusted by the Apple notary service Signed with a trusted timestamp on: 2024-06-13 11:41:57 +0000 Certificate Chain: 1. Developer ID Installer: OptimiDoc s.r.o. (2YMBVCM8TM) Expires: 2028-03-01 07:37:30 +0000 SHA256 Fingerprint: 02 E2 C1 A0 06 E1 C1 A2 FF 70 BD CD A5 47 43 B2 DB CF 62 BB 6D D4 90 69 3E 7C C8 A7 29 73 7D 69 ------------------------------------------------------------------------ 2. Developer ID Certification Authority Expires: 2031-09-17 00:00:00 +0000 SHA256 Fingerprint: F1 6C D3 C5 4C 7F 83 CE A4 BF 1A 3E 6A 08 19 C8 AA A8 E4 A1 52 8F D1 44 71 5F 35 06 43 D2 DF 3A ------------------------------------------------------------------------ 3. Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 68 C5 BE 91 B5 A1 10 01 F0 24 What I've tried I played around with the signing process for a few days but I was unable to figure out where the installer UI gets the certificate information from. I've tried limiting the files included in the final .pkg file. First I tried only including the GUI app .pkg with a known good signature. I also tried only including the launch daemon executables. All to no avail. In regard to the packagesbuild utility, I noticed the --identity option, but at the moment I'm stuck with an "unknown error" message: The command is: packagesbuild "com.optimidoc.cloudclient.pkgproj" -v \ --identity "Developer ID Installer: [...]" \ --keychain "/Library/Keychains/System.keychain" And the output I get is: Building Project (11:56:49) at path: [...] ------------------------------------------------------------------------------ Build Folder (done) Package "com.optimidoc.cloudclient" Payload Assemble file hierarchy (done) Split forks (done) Create bill of material (done) Create pax archive (done) Scripts Assemble file hierarchy (done) Split forks (done) Create pax archive (done) PackageInfo (done) Create xar archive ============================================================================== ERROR: Description: Unknow Error ============================================================================== Build Failed I think the --identity option is the way forward, but I don't know how to debug the "unknown error" message. I've sunk a few days into this problem already, so any help would be greatly appreciated. I'll update the post if I have any news.

Hello, I've just got a new computer and now I want to transfer my developer account (certificates, keys etc.) to the new computer. Right now my developer membership has expired since I'm not doing any apps right now, but I might start again in the future. I'm not sure if I need to transfer anything, or if I will just get new certificates and keys when (if) I restart my membership? What do I need do, before I reset my old computer? I have developed apps for both for iOS and macOS.

A few hours ago my app could be loaded , built and run without a problem. Now, after opening the app again with Xcode I get the message Command CodeSign failed with a nonzero exit code The app cannot be built. I don't know how to solve this problem. Please, can anyone help? Best regards Gerhard

1) The situation in general: 1A) I begun USB-DExt project for Mac & iPADsOS>=17. 1B) I started-from scratch with DriverKitSampleApp 1C) For these two different targets (Mac,iPAD; using IDE XCode15.0), I couldn't find another way to build the sample project from Apple, beside this: now I have two handmade sets of ini-profiles and two respective "command-files". 2) My current palliative solution comprises of two specific ~"command-files" (each one runs in a directory with specific DriverKitSampleApp.entitlements,project.pbxproj)_ : 2A) my current file "cpy.command" for target "MAC" ## Destination "Mac" ## DriverKitSampleApp.entitlements: "com.apple.developer.driverkit.userclient-access" ## item0: "com.ry.dexsample1.driver" ## Build Settings "DriverKitSampleApp":Signing:Code Signing Identity:"Sign to Run Locally" ## "NullDriver":Signing:Code Signing Identity:"Sign to Run Locally" ## "NullDriver":"AD_HOC_CODE_SIGNING_ALLOWED=YES" cp DriverKitSampleApp.entitlements ../DriverKitSampleApp cp project.pbxproj ../RyDExtSmpl1.xcodeproj 2B) my current file ~"cpy.command" for target "iPAD" ## Destination "iPAD" ## Build Settings "DriverKitSampleApp":Signing:Code Signing Identity:"Apple Development" ## "NullDriver":Signing:Code Signing Identity:"Apple Development" ## "NullDriver":"AD_HOC_CODE_SIGNING_ALLOWED=NO" cp DriverKitSampleApp.entitlements ../DriverKitSampleApp cp project.pbxproj ../RyDExtSmpl1.xcodeproj 2C) This state is inconvenient (predicting that I will switch between MAC and iPAD dozens thousands of times when debugging this project) 3) The question 3A) I need to build the Apple's sample project "DriverKitSampleApp" just selecting one of two possible targets (Mac,iPad) in XCode-IDE. 3B) Option1: what developer(or team's entitlements) do I need for "3A"? 3C) Option2: what adjustments of project's configuration files do I need for "3A"? .

My dev Acct expired. I renewed, now when trying run/load the app from Xcode onto my phone, it complains that it's not registered or there's no cert. (sorry, don't have it with me right now to get the actual text) Instructions say to look at VPN & Device Mgt, but the info it says is not there.

Hi, I am trying to release a small application which bundles a conda environment and a python script. I am using Platypus to turn it into a .app, and I include all necessary resources (libraries, binaries etc) inside the Resources directory. My application works correctly before code signing, and is portable between machines (so I don't think it is the case that the conda environment is missing something). However, after signing, it crashes when it runs one of the programs within the conda environment. I am first signing all .so, .dylib and all files in conda_env/bin as follows: # Within the conda environment directory in Resources find bin -type f | xargs -n1 codesign -f -o runtime --timestamp --sign "Developer ID Application: Whatever (123456789)" find . -name "*.dylib" -o -name "*.so" -type f | xargs -n1 codesign -f -o runtime --timestamp --sign "Developer ID Application: Whatever (123456789)" I am then signing the .app itself codesign -f -o runtime --timestamp --sign "Developer ID Application: Whatever (123456789)" my_app.app Finally, I convert it into a .dmg (with appdmg) and sign that. codesign -f --sign "Developer ID Application: Whatever (123456789)" --timestamp my_app.dmg I submit to the notary service, which succeeds, and then I staple the ticket to the .dmg: xcrun notarytool submit my_app.dmg --keychain-profile my_notarytool_keychain_id --wait xcrun stapler staple my_app.dmg spcl is happy with the signed .app and .dmg and accepts them both. spctl -a -vv my_app.app # my_app.app: accepted # source=Notarized Developer ID # origin=Whatever (123456789) spctl -a -vv -t install my_app.dmg # my_app.dmg: accepted # source=Notarized Developer ID # origin=Whatever (123456789) I have a valid Developer Application ID. All good, right? Except, during execution, the signed .app crashes. When I look in the Console, the error log always looks similar - something like: Exception Type: EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid)) Termination Reason: Namespace CODESIGNING, Code 2 Invalid Page Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_platform.dylib 0x186e15848 sys_icache_invalidate + 40 1 libllvmlite.dylib 0x2a022f8e8 llvm::sys::Memory::protectMappedMemory(llvm::sys::MemoryBlock const&, unsigned int) + 384 2 libllvmlite.dylib 0x29d765528 LLVMPY_TryAllocateExecutableMemory + 92 3 libffi.8.dylib 0x103abc04c ffi_call_SYSV + 76 etc I think all the .dylib, .so, and binaries are signed in my codesign scripts, except for the libsystem_platform.dylib mentioned in the first line of the log. Could this be the problem? How can I find if I am not signing something that is being used? Are there other types of files that I should be signing that I am missing? I've been trying to fix this for several days and I feel I have tried everything (constructing the conda env in different ways, signing in different ways, e.g. with/without --deep, with/without signing each type of library/binary) to no avail... Any help would be greatly appreciated! All the best, George

Getting this error on iOS 17.5.1 not sure how to solve it

I've been given an Xcode project which produces a command line tool which links to a dylib. I have the dylib, but not its source code. I change the signing option for the command line tool target so it is signed automatically by my personal team. On an attempt to run the tool, it fails to load the dylib, because the dylib is signed with a different certificate. I manually codesign the dylib with the same certificate I am using for the command line app. Now, I can build the app, but not run it. If I try to do so, I see four dialogs telling me “libXXX.dylib” can’t be opened because Apple cannot check it for malicious software, then the console tells me "'/path/to/libXXX.dylib' not valid for use in process: library load disallowed by system policy)" I found an old document about Gatekeeper (https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html) which suggests that Gatekeeper just won't let me do this - I can't just put the dylib next to the executable, although the dynamic linker finds the dylib, Gatekeeper doesn't like it because the dylib isn't inside the app bundle (there is none), and isn't in one of the well-known places. I dealt with this by making a do-nothing app which I can sign with my personal certificate. Then I replace the signature on the dylib (and its dependent dylibs) with my own. I add the command line tool and all its dylib dependencies to the do-nothing app, then add those files into the Copy Bundle Resources phase of the do-nothing app. Now, the command line tool and its dylibs all live in do-nothing.app/Contents/Resources, and I can run the tool from there without Gatekeeper complaining. Is there an easier way (aside from asking my supplier for static libraries)? And if this is the only way, is Contents/Resources the right place to put command line tools and the dylibs they link to?

I need help, when I run code without a sandbox it works well. however, when I enabled it, it gave me (Thread 3: "launch path not accessible")! How can I fix that? let task = Process() task.launchPath = "/Users/alielzieny/Documents/TerrierSectraFix/TerrierSectraFix/Frameworks/python3" task.arguments = ["/Users/alielzieny/Documents/TerrierSectraFix/TerrierSectraFix/SectraFix.py", selectedDirectoryURL.path, destinationDirectoryURL.path] let pipe = Pipe() task.standardOutput = pipe task.launch() task.waitUntilExit() let data = pipe.fileHandleForReading.readDataToEndOfFile() if let output = String(data: data, encoding: .utf8) { print(output) }

Hi, I am trying to create a new Identifier for my app. When I write down the Bundle ID I am getting this popup: An attribute in the provided entity has invalid value An App ID with Identifier 'de.{domain}.app is not available. Please enter a different string. Can anyone please help? The domain is mine and no apps have been released yet. I can't find a solution for this

I got the python app notarized and downloaded it fine. However, if you are caught by Gatekeeper and open the information window, you will see a lock and even if you enter the password to open the lock, it will not work. xattr -d com.apple.quarantine ./test.app You have to exclude it from the gatekeeper directly. I wonder if the downloaded app is unavoidable... or if there is another way.

I have an app that needs re-signing/updating to work on ios 17 (ios 17.4.1). I have renamed the IPA file to zip and extracted it to the desktop. The files in the extracted folder are: ItunesArtwork ItunesMetadata.plist Payload folder Payload folder contains the app App package contents contains all the app files, including the _CodeSignature folder. I extracted the package contents to a folder on the desktop. Xcode 15.3 (15E204a) is installed. Need the steps necessary to complete it and generate the new IPA file to test. Thanks all, Ed

I'm trying to add a feature to my app which requires OpenMP as third party library. The first time an openMP API gets called makes the app crash. The Xcode terminal reports this: OMP: Error #179: Function Can't open TEMP failed: OMP: System error #1: Operation not permitted Assertion failure at kmp_runtime.cpp(6918): temp_reg_status_file_name. OMP: Error #13: Assertion failure at kmp_runtime.cpp(6918). Console app reports this: Sandbox: deny(1) ipc-posix-shm-write-create /__KMP_REGISTERED_LIB_31975 I cannot substitute or get rid of the OpenMP library as it is used by other third party libs needed by the feature I’m developeng. Hope there is a workaround to the sandbox security restrictions that allows to use the lib. Thanks, Andrea

Many of the trusted execution problems I see are caused by folks signing their product using the --deep option. While that can work in some circumstances, I generally recommend against it. There are two issues with --deep: It applies the same code signing options to every code item that it signs, something that’s not appropriate in general. For example, you might have an app containing a nested command-line tool, where the app and the tool need different entitlements. The --deep option will apply the same entitlements to both, which is a serious mistake. It only signs code that it can find, and it only finds code in nested code sites. If you put code in a place where the system is expecting to find data, --deep won’t sign it. The first issue is fundamental to how --deep works, and is the main reason you should not use it. Indeed, on macOS it may cause the trusted execution system to block your program from running. For the details, see the Check for Entitlements on Library Code section of Resolving Library Loading Problems. The second issue is only a problem if you don’t follow the rules for nesting code and data within a bundle, as documented in Placing Content in a Bundle. However, my experience is that the products that don’t follow those rules are exactly the same sort of products that try to use --deep. The alternative to --deep is to sign each code item separately, from the inside out. If your product has lots of nested code, automate this using a script. Note One exception to the prohibition on --deep is Automator apps. If you’re signing an Automator app, see this DevForums post. For detailed information on how to correctly sign and package Mac software, see Creating distribution-signed code for macOS and Packaging Mac software for distribution. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Revision history: 2024-05-06 Update some links to reference the Real Documentation™ rather than my legacy DevForums posts. 2022-06-14 Added a link to Resolving Library Loading Problems. Replaced the link to Signing a Mac Product For Distribution with a link to Creating Distribution-Signed Code for Mac. Made other minor editorial changes. 2021-10-21 Replaced the nested code reference with one to Placing Content in a Bundle. Minor editorial changes. 2020-09-15 Adopted the correct terminology for Automator apps. 2020-03-09 First version.

Hi, we have an app that has been in development since Catalina and ever since Sonoma came out we noticed that when executing our pkg installer the application is installed correctly but the postinstall script is not executed. The weird thing is that if I run the pkg for the first time the postinstall does not execute BUT if I run it again then it DOES!! Looking through the logs I found these ones that confirm the execution of the script is being blocked. We haven't changed anything in the way we build the installer so I'm not quite sure how to fix this. 2024-04-25 16:29:51.570662-0300 0x1c62 Error 0x0 308 0 syspolicyd: [com.apple.syspolicy.exec:default] Unable (errno: 2) to read file at &lt;private&gt; for pid: 784 process path: &lt;private&gt; library path: (null) 2024-04-25 16:29:51.570662-0300 0x1c62 Error 0x0 308 0 syspolicyd: [com.apple.syspolicy.exec:default] Terminating process due to Malware rejection: 784, &lt;private&gt; 2024-04-25 16:29:51.570679-0300 0x1d13 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Sleep interrupted, signal 0x100 2024-04-25 16:29:51.570682-0300 0x1d13 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 784, /private/tmp/PKInstallSandbox.m5Av3O/Scripts/com.mycompany.myapp.pkg.BSOjtt/postinstall The app as well as the installer are both signed, notarized and stapled. Here you can see the script which just simply executes the app. #!/bin/bash echo "Running postinstall" /Applications/myapp.app/Contents/MacOS/myapp --load-system-extension &amp; exit 0 Any help would be much appreciated. Thanks!

I have a personal app I use only for myself on my iPhone. I do not distribute this. Its stops working every year when my renewal comes up. Once I renew my subscription I reload the app onto my phone and it works again. Is there a way that I can have it work forever without having to reload it every year? Sometimes I forget to reload after my renewal and it does not work until I do so.

I am able to successfully install the app on my device, but I am unable to verify the app. Steps to reproduce: Navigate to Settings -> VPN & Device Management on iPhone 14 Select developer under Developer App Select trust this computer Attempt to Verify App The "Verify App" button has no effect. The app can still be installed when built, but is not able to be opened. Navigating to ppq.apple.com in a browser results in a "cannot be trusted":

How to change Bundle ID in "Certificates, Identifiers & Profiles" (Edit your App ID Configuration) ? Which certificate is needed for a free Mac application (.app) ? The application need only save\restore disk data (no extension, no wifi, no In-App Purchase, etc). A very simple basic 3 windows application (type math Calculator). Do I need set some "Capabilities" (App Services) ?

Hi, We have an app that installs a number of system extensions. According to this documentation the app must be located in the Applications folder to be activated so when the app launches we check that it is running from /Applications (or a subfolder) and if it isn't we inform the user and exit. This has been working fine until a recent submission whereupon installing the app via TestFlight casuses it to be translocated when run and our check to fail. So, a couple of questions: Is it expected that an app installed via TestFlight (or indeed the AppStore) can be translocated when it is run? If yes to the above, how can we ensure that out app is running from Applications and can therefore activate its extensions? Thanks Alan