Hello I jump on my mac every 3-4 months to release new version of my apps. Process usually is "ok" some cmake/compile issues as 99% of dev is done on windows but other than that its all good. But now I'm stuck. My app can run locally/start etc just fine, but clients are panicking because they can't run them. They have undefined developer warning. I don't understand this. Its notarised and been working for 2 years. What am I doing wrong ?! How can I test it ? I tried creating new user-profile on my mac, but there is no issue, app starts. Do I need to buy ANOTHER mac to test my apps before release ?! Can any1 help how to debug this issue? I'm lost, I used finder-compress myapp.app & send it via slack to client to get him quickly going but that does not help either. - I though it was zip stripping down data or something. Anyway, very frustrated here, and lost. Can any1 help? hint? Is this good resource to check against? https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html I've run spctl --assess --type execute myApp and I'm getting rejected (bundle format is ambiguous (could be app or framework)) But then why does it notarize/sign/etc with no errors ?! I'm so lost :- (((( Any help would be greatly appreciated I've attached app content > Ok I've tested my older releases, they all have the same issue but they all work on client system. I'm so lost :- (((

I'm working on an app using entitlements. The entitlements are setup in its code signature and they are also applied in the corresponding provisioning profile. I embed said provisioning profile in the app, but when I launch the binary it gets rejected by taskgated-helper (as seen in console.app it says "profile not found"). However, if I install the same embedded provision profile it will work! So I can only assume taskgated-helper is not looking in the Contents/embedded.provisionprofile file when I try to run the binary? I can only imagine that the issue revolves around the binary not being the main bundle binary in the application, as that one works just fine without installing the profile. I would simply install the profile to fix the issue, but it brings other problems when trying to install the application in a headless environment (as opening the profile to install in system settings requires user interaction). Any ideas?

Hi, I've ran into an issue which only seems to affect one of my macs. It's currently running 14.2.1 but I first saw this issue in 13.6. If I download the macOS Sonoma 14.2.1 installer (via App store) onto this particular machine, it will never execute the installer. It always reports that the installer is "damaged". Of course I did reasearch this online and you get the usual unhelpful posts which just say "re download it" and of course, I wouldn't be posting here had I not tried that. This happens with any macOS installer I download using the softwareupdate --fetch-full-installer utility as well. The thing is, if I copy this .app to another (identical as far as I can tell) Mac - it will work. So far this also seems limited to macOS installers - other third party apps are fine. I'm convinced this is related to trusted execution and something has gone wrong in the environment. I've been looking at my router logs to see if any connections may have been blocked (I'm using OPNsense) and also looking to see what connections are being made via Little Snitch and so far it looks fine. Again, other machines on the network can run these just fine. I've read through eskimo's excellent guide here: https://forums.developer.apple.com/forums/thread/706442 but I was wondering if anyone can give me some pointers to narrow this down further. As it stands, I can't trust this machine for app development if I can't even get the official Apple installers to run sucessfully.

I am looking for any help regarding an errSecInternalComponent error I am seeing when trying to archive my iOS app via my CI process. Specifically, this CI process is a GitHub Action running on a self-hosted M2 Pro Mini machine to which we have Screen Share access. I have followed the very helpful seminal post and have confirmed that I can run the necessary command in the local terminal via Screen Share, and I don't get any Keychain Access dialogs to pop up. When I try to run the same command via an SSH terminal from my local machine on that same machine, I get the following error: /Users/{username}/Library/Developer/Xcode/DerivedData/{projectID}/Build/Intermediates.noindex/ArchiveIntermediates/{projectname}/IntermediateBuildFilesPath/UninstalledProducts/iphoneos/{some name}NotificationServiceExtension.appex: errSecInternalComponent I only get the error for that one service extension target. The project is only a couple years old, created with Xcode 14 or maybe 13. The signing has always been managed automatically with the provisioning profiles for all our targets being managed by Xcode. Thanks in advance for any advice or suggestions as to what I may be missing or how to address this problem. I am more than happy to provide any more information I can to diagnose and solve the issue.

Two days ago everything was working fine. Then I decided to step on with the OneSignal Sdk and the problems starts to come. Now I have two big problem but I want to go with order and begin from the first and maybe the second will follow. When I try the app on emulator, it builds fine but stopped immediately with The parent bundle has the same identifier (com.domain.bundlename) as sub-bundle at /Users/myname/Library/Developer/CoreSimulator/Devices/F2D73A5F-1B86-4D2D-9989-518387D0FB24/data/Library/Caches/com.apple.mobile.installd.staging/temp.O4MORK/extracted/Runner.app/Frameworks/App.framework (com.domain.bundlename is for obscuring the real ones) Then I tried creating a new emulator device, but I got the same error. No clues on my internet search.

Is setting "Enable App Sandbox : Yes" required for distributing an app to the App Store? I'm building my first app, a game, and can only test on my physical device with the Sandbox set to No. I can run it on the emulators with Sandboxing enabled. I'm still using the free developer account and will be enrolling in the paid account once 2024 arrives.

We have started creating third-party applications and for that we required to apple certificate and initially created multiple certificate (application and installer), later on realises that one can be enough to approve multiple application. Now we are not seeing any option to remove or revoke the certificates so that we can create new certificate. Support team also not able to help on this. What should we do to create new certificate?

Hi, after many hours looking for a solution I hope to find one here :) I am creating an ios application using flutter. Since updating my macbook to MacOs Sonoma it is impossible for me to launch an archive of the application on Xcode (the error below is displayed). By searching I thought I understood that it could come from Icloud but even if I put my App in the Application folder, I got this error. I can launch my application on Simulator but not on a physical phone either. error: Target release_unpack_ios failed: Exception: Failed to codesign /Users/etiennemary/Library/Developer/Xcode/DerivedData/Runner-hcgaysxersoeaugykishvsewlgps/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter with identity ...... /Users/etiennemary/Library/Developer/Xcode/DerivedData/Runner-hcgaysxersoeaugykishvsewlgps/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter: replacing existing signature Warning: unable to build chain to self-signed root for signer "Apple Development: Etienne Mary (. )" /Users/etiennemary/Library/Developer/Xcode/DerivedData/Runner-hcgaysxersoeaugykishvsewlgps/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter: errSecInternalComponent Failed to package /Applications/aa/evento.

I want to distribute my app with my developer ID. This works fine in a dmg or zip container if I download it on another Mac by FTP. But if I download it by HTTPS macOS brings a Popup: “Rocrail.app” is damaged and can’t be opened. You should move it to the Bin. I don't understand the diff between FTP and HTTPS download... How can I fix this?

Searching for insight on the best and most compliant way to essentially merge two apps. They have the same functionality but one is much more advanced than the other, although the legacy app has a higher user count. Instead of letting both run, we want to push the legacy app an update with the code from the new app and ultimately kill the newer one. What is the best way to do this? Is it allowed to simply push the source code from new app to legacy and update the identifier? We do not wan't to break any app store rules and want to limit the potential of losing users by forcing them to download a new app.

I’m trying to implement XPC Rendezvous like Quinn described in many awesome posts on here but I’m now at a stuck point were I just have no idea. I want to communicate with a Safari extension via XPC and also a helper application which led me to XPC Rendezvous (https://developer.apple.com/forums/thread/715338) because a XPC Service in the Extension is scoped to the container. I then made a Command Line Target and added it like its described here (https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app ) and also took the xpc test code and inspiration to set up my launch agent from here (https://developer.apple.com/documentation/servicemanagement/updating_your_app_package_installer_to_use_the_new_service_management_api). This command line tool should do the management for the XPC connections because it’s not in the sandboxed container. The tool sets up the xpc connection like in the sample code directly and not in a XPC Service added via a Target template. It exposes the Mach Service. And that looks like its building fine after some fighting but the service just wont start - I saw it trying in console and after running it in Xcode and finally finding the crash report - it brought me there (https://developer.apple.com/forums/thread/706390) I have Process is not in an inherited sandbox. - and thinking about it, it makes sense because I first thought its just because it ran through Xcode, but its crashing this way also as a LaunchAgent. I mean it does make sense - there is nothing to inherit because it’s spawned by launchd - and that’s what I want isn’t it - to make the Rendezvous? Okay I thought now removing com.apple.security.inherit brings it in its own Sandbox (its needs sandboxing) but this also crashes the process because of the sandbox. Also after adding it to the App Group. What am I missing here or what do I want to accomplish? Do I want to inherit the sandbox? I guess not the helper should have its own. The only difference I see in comparison to SMAppServiceSampleCode is it moves the product in Copy Bundle Resources, and I have a Copy Files Phase with Destination: Executables (Like the other sample code said - and that’s looks “more correct” - and well SMAppServiceSampleCode isn’t sandboxed. I then tried making a new Command Line Target and just added App Sandbox Capability and tried to run this fresh one - and that also crashes. This makes me think I’m just ****** somewhere but I have read now everything I could find. I’m happy to provide any Code or crash logs but I dont know what part is really relevant here, It looks like the LaunchAgent gets installed correctly and wants to run but the sandbox is preventing me. The Bundle Identifier and XPC device name of the helper starts with my teamID (I got that from here https://developer.apple.com/forums/thread/703702) What could I be doing wrong? Thanks a lot! Benjamin

Have been using a Mac for about a month, but am a 48-year engineer. Too many operating systems to list. Have my cross-platform self-contained Java application looking great on macOS with all the cool Mac conventions and a DMG "installer". Am attempting to get the existing self-updater working for macOS. It has conditional logic based on the operating system. But I'm stuck ... this is on a Macbook Pro 13" Retina Late 2013 2.8Ghz running macOS Big Sur 11.7.10 (fully updated). Deliberately supporting older hardware due to the nature of the application. The Process in Short Main program downloads updater program into a system temp directory Mounts updater DMG image with -mountroot in that directory Executes updater .app Exits Updater program downloads new Main program Mounts new program DMG image in the system temp directory The DMG image is the same one used for initial installations Makes back-ups of the Java and Plugins directories of existing program Copies the new Java and Plugins directories to existing Main program locations Umounts new program DMG image Either deletes back-up directories or restores them based on success or failure Restarts Main program .app Exits Main program receives special argument indicating success or failure of update Unmounts updater DMG image Displays appropriate dialog Issues The problems encountered are the mounting and unmounting of the DMG images executing hdiutil with Java Runtime.getRuntime().exec(). All mounts and unmounts have 1.5 sec. time-delayed retries for 3 attempts The initial download, mount, and execution of the updater works The mounting of the downloaded update DMG fails Running the command by hand works When the Main program is restarted the unmount of the updater DMG fails Running the command by hand works Also - these are unsigned images at this point. Have been unsure whether I would support macOS. But this is the last stumbling block. Questions Odd point - the initial download, mount and execution of the updater works Is this all because the DMG images are not signed (yet), so hdiutil is failing? Or is there something basic that I'm missing? Thank You For taking your time to read this. Any pointers would be appreciated. The Project https://github.com/Corionis/ELS/tree/Version-4.0.0 (not released) Component projects: https://github.com/Corionis

I'm trying to run an app that has a .dylib listed in the configuration of the application as "Embed & Sign" I can confirm it is correctly signed by inspecting the package using codesign -dv --verbose=4 lib_paths.dylib and it gives me the following: Executable=/Users/blablabla/Debug-iphoneos/TestApp.app/Frameworks/lib_paths.dylib Identifier=lib_paths Format=Mach-O thin (arm64) CodeDirectory v=20400 size=784 flags=0x0(none) hashes=16+5 location=embedded VersionPlatform=2 VersionMin=917504 VersionSDK=1049600 Hash type=sha256 size=32 CandidateCDHash sha256=7eaecbb8e00114767c9de0ac9054213620052212 CandidateCDHashFull sha256=7eaecbb8e00114767c9de0ac90542136200522121105dd217b38bd27e1fda4de Hash choices=sha256 CMSDigest=7eaecbb8e00114767c9de0ac90542136200522121105dd217b38bd27e1fda4de CMSDigestType=2 Executable Segment base=0 Executable Segment limit=32768 Executable Segment flags=0x0 Page size=4096 Launch Constraints: None CDHash=7eaecbb8e00114767c9de0ac9054213620052212 Signature size=4795 Authority=Apple Development: myemail@address.com (XXXXXXXXX) Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA Signed Time=13 Dec 2023 at 21:39:28 Info.plist=not bound TeamIdentifier=XXXXXXXXXXX Sealed Resources=none Internal requirements count=1 size=180 But when trying to run the application, I am getting the following error: Referenced from: '/private/var/containers/Bundle/Application/3142F1F2-547B-41B5-8EF4-239F4EAD2A4F/TestApp.app/FSVTestApp' Reason: tried: '/usr/lib/system/introspection/lib_paths.dylib' (no such file), '/usr/lib/swift/lib_paths.dylib' (no such file), '/private/var/containers/Bundle/Application/3142F1F2-547B-41B5-8EF4-239F4EAD2A4F/TestApp.app/Frameworks/lib_paths.dylib' (code signature invalid (errno=1) sliceOffset=0x00000000, codeBlobOffset=0x0000C5E0, codeBlobSize=0x00004B50 for '/private/var/containers/Bundle/Application/3142F1F2-547B-41B5-8EF4-239F4EAD2A4F/TestApp.app/Frameworks/lib_paths.dylib'), Note that I enabled the "Automatically manage signing" option, and using a Personal Team. This seems to work fine for the application itself (otherwise it wouldnt even try to load the dylib). What is going on ?

For a unit test, we are building a (non-bundled) test executable with the ENABLE_HARDENED_RUNTIME build setting enabled (set to "YES"), which eventually causes codesign to be run with the "--option runtime" setting. The resulting binary has the "hardening" bit (0x1000) set in the code signature and there are no exceptions per entitlements. In our unit test, we launch the test executable, obtain a SecCodeRef to the (dynamic) code using SecCodeCopyGuestWithAttributes() and inspect the flags in the signing information. We expect both kSecCodeStatusHard and kSecCodeStatusKill to be set for this code. When building and testing locally, this is always the case. When building and testing in our build pipeline, this is mostly the case, but every now and then, the test fails, because both "hard" and "kill" flags are missing from the signing information. It is my understanding that the "runtime" option (or the "hardening" bit in the signature) causes those two flags to be set when the code executes - is this incorrect or not guaranteed? If OTOH this is a correct understanding I would also assume that those flags are being set before the executable enters its main() function? Any explanation why we sometimes don't see those flags in the SecCodeRef for the guest code?

I created an application and initially I wasn't going to use it to send notifications, but then I realised that I needed to. So quite naturally, I changed the settings in "Certificates, Identifiers & Profiles". I activated : Communication Notifications Time Sensitive Notifications But not: Push Notifications Because it's a local application. However, when I transfer a new build to TestFlight, the notification settings are not present in "Settings" on my iPhone: Same thing, in the notifications settings, it doesn't show up :/. So my question is this: How can I get my notification settings to be "activated", knowing that they weren't originally authorised in my "Certificates, Identifiers & Profiles" settings?

Hi, Do we need a new Certificate, a new Identifier and a new Profile for each app that we want to create? Thanks, Best, Steeve

I am unable to run any Xcode projects - new or old. I think I messed up my certificates or profiles as I kept deleting and adding new versions but I have no idea how to fix this. Any help would be greatly appreciated.

Have been working on a Java Open Source project for 8 years with the last 2+ years on a cross-platform desktop GUI for it with a separate updater. The self-contained application runs on Linux and Windows - now I'm trying to figure-out Mac. Have had a Macbook Pro 13" Late 2013 Retina running Big Sur 11.7.10 for 3 weeks. Very new to Apple, but a retired 48-year engineer trying to support MacOS for the first time. Building with Ant and appbundler task, https://github.com/TheInfiniteKind/appbundler, then creating a DMG with DMG Canvas, https://www.araelium.com/dmgcanvas. Deliberately supporting older systems due to the nature of this data management and back-up application. It's been adapted to the MacOS look 'n feel. Questions: If I sign-up as an Apple Developer and pay the fee will this 2013 Macbook Pro still be able to sign DMG files - that will work on the latest MacOS - after the end-of-support in December 2023? For a updater: Should both the main application and separate updater both be signed? The basic process is: Download updater into system temp folder, prepare and execute updater, stop desktop application, updater downloads new version, prepares and copies update to installed location, then restarts desktop application and ends the updater. I'm old and have setup this Open Source project and web site so that it can be passed-off to others when I stop, one way or another. Can the developer account or certificate credentials be transferred to someone else at that time? Guidance for a noob would be appreciated. Thank you for your time. The project, not released yet: https://github.com/Corionis/ELS/tree/Version-4.0.0

Sehr geehrte Damen und Herren, ich wende mich an Sie als Entwickler im Rahmen eines akademischen Projektes. Aktuell arbeite ich an meiner Bachelorarbeit, in der ich eine mobile Anwendung für iOS-Geräte entwickle. Für den Erfolg dieses Projektes ist es essentiell, präzise Informationen über die Hardware-Komponenten spezifischer iPhone-Modelle zu haben, insbesondere des iPhone SE mit der Modellnummer MMXN3ZD/A und der iOS-Version 17.1.1. Mein Hauptinteresse liegt in den genauen technischen Spezifikationen der im iPhone SE verbauten LEDs und des CCD- oder CMOS-Bildsensors (je nachdem, ******* Typ verwendet wird). Für mein Projekt ist es entscheidend, die spektralen Eigenschaften dieser Komponenten zu verstehen: LED-Spezifikationen: Ich benötige Informationen über die Spektren der LEDs, insbesondere welche Wellenlängen des Lichts sie emittieren. Dies ist relevant für die Funktionalität meiner App, die sich auf fotometrische Analysen stützt. CCD-/CMOS-Sensorspezifikationen: Des Weiteren ist es wichtig für mich zu wissen, für welche Wellenlängen der im Gerät verbaute Sensor empfindlich ist. Diese Information ist kritisch, um die Interaktion zwischen dem Sensor und der beleuchteten Umgebung korrekt zu interpretieren. Die Ergebnisse meiner Forschung und Entwicklung werden nicht nur für meine akademische Arbeit von Bedeutung sein, sondern könnten auch wertvolle Einblicke für die Weiterentwicklung von iOS-Anwendungen in meinem Studienbereich bieten. Ich wäre Ihnen sehr dankbar, wenn Sie mir diese Informationen zur Verfügung stellen könnten oder mich an eine entsprechende Abteilung oder Ressource verweisen würden, wo ich diese spezifischen technischen Daten erhalten kann. Vielen Dank im Voraus für Ihre Unterstützung und Kooperation. Mit freundlichen Grüßen, Mohammad Jbeh