Having reviewed every document, this has been going on for nearly two months. Originally, it was thought that the problem might be related to the fact I had created the developer ID signing certificate on an intel mac, and trying to import and use it on an M1 Mac-Mini. That turned out to not be the case. Completely started over with a new account (the company changed names), requested and was granted the entitlements we needed. Create a new CSR from this new m1 machine, created a Developer ID certificate, installed the certificate on this machine. But no matter what, the codesign fails. Troubleshooting Environment: Brand new Apple Developer account and Developer ID Application certificate (generated CSR on this Mac, installed cert and private key in login keychain) macOS build/signing machine, not running codesign as root Working from Terminal app in GUI session, not via SSH/cron Keychain & Certificate Chain: Verified Developer ID Application: Fidelis Security LLC (J4WGF5B6KZ) certificate and private key are present in login keychain Verified certificate is marked as trusted and has a private key attached Developer ID Certification Authority present and trusted in System keychain (removed any extra from login) Evaluate certificate assistant shows everything is good Apple Root CA present and trusted in System keychain Set all trust settings back to System Defaults after testing with “Always Trust” No expired or duplicate Developer ID intermediates present codesign Troubleshooting: Ran: codesign --force --timestamp --options runtime --sign "Developer ID Application: Fidelis Security LLC (J4WGF5B6KZ)" ./fidelisevents Consistently received: Warning: unable to build chain to self-signed root for signer ... errSecInternalComponent Confirmed correct identity using: security find-identity -v -p codesigning (Shows my Developer ID Application cert as valid) Keychain order confirmed with security list-keychains Tried explicit --keychain argument in codesign (no change) Additional Steps Attempted: Downloaded and re-installed all relevant Apple intermediates/root certificates from https://www.apple.com/certificateauthority/ Rebooted the Mac and killed/restarted the securityd daemon Confirmed no use of sudo or root for codesigning Verified keychain is unlocked Checked that partition list grants access to codesign (set with security set-key-partition-list -S "apple:codesign:" -s -k "" ~/Library/Keychains/login.keychain-db) Attempted to codesign a copy of /usr/bin/true (same error) Ran codesign both with and without --timestamp, both on app bundle and binary Keychain Access showing: Certificate and private key present and linked Correct trust chain System keychain containing all Apple intermediates/roots No trust warnings or red Xs Downloaded the latest Apple CA and Developer ID Root certificates and installed those. None of the forum searches have helped. AI is likewise confused.

We have a rather complex network of dependencies for our application stack and, from it, we create multiple unique executables that are placed into the Contents/MacOS directory of our bundle. MyApp.app `- Contents/ `- Frameworks/... `- MacOS/ `- exec_a `- exec_b `- Resources/... Both executables require the same dependencies (and use the same shared .dylib files built as targets in the same project) so it makes sense for them to be in the same place rather than in their own .app folder as I understand it. Qt Libs -> core_lib.dylib -> gui_lib.dylib -> exec_a `-> exec_b etc. We've confirmed build artifacts are correct and the rpath/dependencies are all clean. When in development, all executables run as expected and we can command exec_a (the executable we're listing in the primary Info.plist) to launch exec_b at any time. Once the bundle is signed, however, we cannot get exec_b to launch in any capacity. Even lldb dies right away because it can't attach to anything. We assume this is something in the gatekeeper area of blocking these additional executables. We get the following when trying to run those additional exes in any way: Trace/BPT trap: 5 We're using macdeployqt to finalize the bundle and bring in the correct packages - perhaps something it's doing is causing the additional executables to fail or we're missing an entitlement. We've submitted the app to TestFlights successfully even with these invalid executables to see if there was something the processing of the app would find but so far nothing. We've seen other example of applications with multiple executables in the same MacOS directory and are wondering what the difference is. Any hints or guidance would be great. Thank you!

Hello I have a qt, CMAKE app, non-xcode one till xcode start supporting cmake. I have 3 apps, 2 basic ones and 1 very complex ones. My complex one build/links/notarises/validates/deploys beautifly. I have tear in my eye when I see it build. The other 2 apps explode and torment me for past 5 days. The build proves is 99% the same, the only thing that a little changes are info.plist and app name+ some minor changes. Its absolutely bananas and I can't fix it, I'm running out of ideas so if any1 could sugged anything, I'll buy & ship you a beer. Anyway, errors: Log: Using otool: Log: inspecting "/Users/dariusz/Qt/6.9.1/macos/lib/QtCore.framework/Versions/A/QtCore" Log: Could not parse otool output line: "/Users/dariusz/Qt/6.9.1/macos/lib/QtCore.framework/Versions/A/QtCore (architecture arm64):" Log: Adding framework: Log: Framework name "QtCore.framework" Framework directory "/Users/dariusz/Qt/6.9.1/macos/lib/" Framework path "/Users/dariusz/Qt/6.9.1/macos/lib/QtCore.framework" Binary directory "Versions/A" Binary name "QtCore" Binary path "/Versions/A/QtCore" Version "A" Install name "@rpath/QtCore.framework/Versions/A/QtCore" Deployed install name "@rpath/QtCore.framework/Versions/A/QtCore" Source file Path "/Users/dariusz/Qt/6.9.1/macos/lib/QtCore.framework/Versions/A/QtCore" Framework Destination Directory (relative to bundle) "Contents/Frameworks/QtCore.framework" Binary Destination Directory (relative to bundle) "Contents/Frameworks/QtCore.framework/Versions/A" Log: copied: "/Users/dariusz/Qt/6.9.1/macos/lib/QtWebSockets.framework/Versions/A/QtWebSockets" Log: to "/AppBuild/Agameri_Toolbox/Agameri_Toolbox.app/Contents/Frameworks/QtWebSockets.framework/Versions/A/QtWebSockets" Log: copy: "/Users/dariusz/Qt/6.9.1/macos/lib/QtWebSockets.framework/Resources" "/AppBuild/Agameri_Toolbox/Agameri_Toolbox.app/Contents/Frameworks/QtWebSockets.framework/Versions/A/Resources" Log: copied: "/Users/dariusz/Qt/6.9.1/macos/lib/QtWebSockets.framework/Resources/Info.plist" Log: to "/AppBuild/Agameri_Toolbox/Agameri_Toolbox.app/Contents/Frameworks/QtWebSockets.framework/Versions/A/Resources/Info.plist" Log: copied: "/Users/dariusz/Qt/6.9.1/macos/lib/QtWebSockets.framework/Resources/PrivacyInfo.xcprivacy" Log: to "/AppBuild/Agameri_Toolbox/Agameri_Toolbox.app/Contents/Frameworks/QtWebSockets.framework/Versions/A/Resources/PrivacyInfo.xcprivacy" Log: symlink "/AppBuild/Agameri_Toolbox/Agameri_Toolbox.app/Contents/Frameworks/QtWebSockets.framework/QtWebSockets" Log: points to "Versions/Current/QtWebSockets" Log: symlink "/AppBuild/Agameri_Toolbox/Agameri_Toolbox.app/Contents/Frameworks/QtWebSockets.framework/Resources" Log: points to "Versions/Current/Resources" Log: symlink "/AppBuild/Agameri_Toolbox/Agameri_Toolbox.app/Contents/Frameworks/QtWebSockets.framework/Versions/Current" Log: points to "A" Log: Using install_name_tool: Log: in "/AppBuild/Agameri_Toolbox/Agameri_Toolbox.app/Contents/MacOS/Agameri_Toolbox" Log: change reference "@rpath/QtWebSockets.framework/Versions/A/QtWebSockets" Log: to "@rpath/QtWebSockets.framework/Versions/A/QtWebSockets" ERROR: "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/install_name_tool: fatal error: file not in an order that can be processed (link edit information does not fill the __LINKEDIT segment): /AppBuild/Agameri_Toolbox/Agameri_Toolbox.app/Contents/MacOS/Agameri_Toolbox\n" ERROR: "" Even tho I get that error, it will "Notarize" and "greenlight by gatekeeper. So my automatic build app if he sees error with the __LINKEDIT it will stop deployment. But even tho he "stops" release of app to public I can still go check binary and when I try to run that I get: Library not loaded: @rpath/QtConcurrent.framework/Versions/A/QtConcurrent Referenced from: <69A296DB-8C7D-3BC9-A8AE-947B8D6ED224> /Volumes/VOLUME/*/Agameri_Toolbox.app/Contents/MacOS/Agameri_Toolbox Reason: tried: '/Users/dariusz/Qt/6.9.1/macos/lib/QtConcurrent.framework/Versions/A/QtConcurrent' (code signature in <192D5FAC-FE8C-31AB-86A7-6C2CE5D3E864> '/Users/dariusz/Qt/6.9.1/macos/lib/QtConcurrent.framework/Versions/A/QtConcurrent' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs), '/System/Volumes/Preboot/Cryptexes/OS/Users/dariusz/Qt/6.9.1/macos/lib/QtConcurrent.framework/Versions/A/QtConcurrent' (no such file), '/Volumes/DEV_MAC/02_CODE/Dev/Icarus.nosync/Icarus_Singleton/codeSingleton/libOutput/Release/QtConcurrent.framework/Versions/A/QtConcurrent' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/Volumes/DEV_MAC/02_CODE/Dev/Icarus.nosync/Icarus_Singleton/codeSingleton/libOu (terminated at launch; ignore backtrace) And here is my build script, its QT based application, I'm using macdeployqt + my own custom signing as the one from macdeployqt breaks on the complex app. (I will post it in next post as apparently there is 7k limit O.O) I've tried to replace the @rpath/ to @executable_path but that has made a million new issues and I'm just lost.

Hello community, I'm new here, so please excuse my blunt question. I'm trying to understand how everything works and the logic behind it. I have an idea for an app which requires the FamilyControl entitlement. Now I am not sure if the idea even works, so I wanted to test it on my own device. Am I correct, that I cannot even test an App with such entitlements without paying for the ADP? Not even on my own device? I completely understand I need to be a member in the ADP if I want to distribute my app, but I'm not there, yet, and I just want to do a proof-of-concept. I thought I can't be the first one with that question, but couldn't find a past topic on this, so I'm posting it. Regards, Niklas

Hi there! I have an issue with uploading a PKG installer to the MacOS AppStore. Uploading with: xcrun altool --upload-app -t macos -f $PKGPATH -u $DEVELOPER_ID -p $APP_SPECIFIC_PWD results in error: *** Error: Validation failed Invalid Provisioning Profile. The provisioning profile included in the bundle com.frogblue.frogCom [com.frogblue.frogCom.pkg/Payload/frogSIP.app] is invalid. [Missing code-signing certificate.] For more information, visit the macOS Developer Portal. (ID: fc4e5488-6d09-4ab2-b1f7-017a33c69723) (409) Application seems to be correctly code signed with „3rd Party Mac Developer Application“ certificate. codesign -dv --verbose=4 /Users/dietmar.finkler/Desktop/frogSIP/deploy/frogSIP.app Identifier=com.frogblue.frogCom Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=266432 flags=0x10000(runtime) hashes=8315+7 location=embedded VersionPlatform=1 VersionMin=720896 VersionSDK=918784 Hash type=sha256 size=32 CandidateCDHash sha256=923de799a54616706b76050b50b7ee6d59f8355a CandidateCDHashFull sha256=923de799a54616706b76050b50b7ee6d59f8355a65aa7cce03e34bb2033da1e9 Hash choices=sha256 CMSDigest=923de799a54616706b76050b50b7ee6d59f8355a65aa7cce03e34bb2033da1e9 CMSDigestType=2 Executable Segment base=0 Executable Segment limit=31604736 Executable Segment flags=0x1 Page size=4096 CDHash=923de799a54616706b76050b50b7ee6d59f8355a Signature size=9109 Authority=3rd Party Mac Developer Application: frogblue TECHNOLOGY GmbH (UG2P6T5LNH) Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA Timestamp=26.02.2025 at 10:07:08 Info.plist entries=31 TeamIdentifier=UG2P6T5LNH Runtime Version=14.5.0 Sealed Resources version=2 rules=13 files=1124 Internal requirements count=1 size=212 The PKG build with productbuild seems also be correctly code signed with„3rd Party Mac Developer Installer“ certificate. pkgutil --check-signature /Users/dietmar.finkler/Desktop/frogSIP/frogSIP-1.2a2.pkg Status: signed by a developer certificate issued by Apple (Development) Certificate Chain: 1. 3rd Party Mac Developer Installer: frogblue TECHNOLOGY GmbH (UG2P6T5LNH) Expires: 2026-02-25 17:17:54 +0000 SHA256 Fingerprint: D1 9E AC 27 C7 26 F3 2E 1E F5 50 2C 7A 1B 1D FB 54 D6 17 C1 1C 58 C1 7E F8 87 B6 44 D1 49 17 DC ------------------------------------------------------------------------ 2. Apple Worldwide Developer Relations Certification Authority Expires: 2030-02-20 00:00:00 +0000 SHA256 Fingerprint: DC F2 18 78 C7 7F 41 98 E4 B4 61 4F 03 D6 96 D8 9C 66 C6 60 08 D4 24 4E 1B 99 16 1A AC 91 60 1F ------------------------------------------------------------------------ 3. Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 68 C5 BE 91 B5 A1 10 01 F0 24 KeyChain login items show both "3rd Party Mac Developer Application" and "3rd Party Mac Developer Installer“ certificates. But checking with security find-identity -v -p codesigning shows only the "3rd Party Mac Developer Application“ certificate. "3rd Party Mac Developer Installer“ is missing. I check also the entitlement in the app package, which looks ok for me. codesign -d --entitlements :- /Users/dietmar.finkler/Desktop/frogSIP/deploy/frogSIP.app <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.application-identifier</key><string>UG2P6T5LNH.com.frogblue.frogCom</string><key>com.apple.developer.aps-environment</key><string>production</string><key>com.apple.developer.associated-domains</key><array><string>applinks:go.dev.frogblue.cloud</string><string>applinks:go.test.frogblue.cloud</string><string>applinks:go.prod.frogblue.cloud</string></array><key>com.apple.developer.team-identifier</key><string>UG2P6T5LNH</string><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.cs.disable-library-validation</key><true/><key>com.apple.security.device.audio-input</key><true/><key>com.apple.security.device.camera</key><true/><key>com.apple.security.network.client</key><true/><key>com.apple.security.network.server</key><true/></dict></plist> What I am missing? Thanx for any hint! Regards Dietmar Finkler

Command failed: codesign --sign 142DA07B8371F5C9BCE0FFEC6B23CDEB84F48E52 --force --timestamp --options runtime --entitlements /Users/mymac/Desktop/ElectronApp/node_modules/app-builder-lib/node_modules/@electron/osx-sign/entitlements/default.darwin.plist /Users/mymac/Desktop/ElectronApp/dist/mas-arm64/electron.app/Contents/Library/LoginItems/electron Login Helper.app/Contents/MacOS/electron Login Helper /Users/mymac/Desktop/ElectronApp/dist/mas-arm64/electron.app/Contents/Library/LoginItems/electron Login Helper.app/Contents/MacOS/electron Login Helper: replacing existing signature /Users/mymac/Desktop/ElectronApp/dist/mas-arm64/electron.app/Contents/Library/LoginItems/electron Login Helper.app/Contents/MacOS/electron Login Helper: resource fork, Finder information, or similar detritus not allowed failedTask=build stackTrace=Error: Command failed: codesign --sign 142DA07B8371F5C9BCE0FFEC6B23CDEB84F48E52 --force --timestamp --options runtime --entitlements /Users/mymac/Desktop/ElectronApp/node_modules/app-builder-lib/node_modules/@electron/osx-sign/entitlements/default.darwin.plist /Users/mymac/Desktop/ElectronApp/dist/mas-arm64/electron.app/ I'm not entirely sure what's causing this issue. Has anyone else encountered this error while signing their macOS app? I’d really appreciate any guidance or solutions you can share.

Hello everyone, I'm currently experiencing repeated "Invalid Binary" rejections when submitting my Flutter-based iOS app ("Master Tere") through App Store Connect. I've followed all the expected steps and guidelines, but the rejection contains no additional explanation beyond the "Invalid Binary" status. Here’s my current setup: Built using Flutter and Xcode 15.3 WebView-based app loading a professional portfolio site Runner target is signed automatically using Xcode Managed Profiles Certificates: Apple Development and Apple Distribution (auto-managed) Bundle ID: com.actuain.mastertere1 Version: 1.0.0, Build: 6 Deployment target: iOS 18.0 Device family: iPhone only All signing identities and provisioning profiles match for Debug and Release In my Info.plist, I’ve cleaned up legacy keys that might cause conflicts: ✅ Removed <key>UIMainStoryboardFile</key> (no storyboard is used) ✅ Removed <key>CFBundleSignature</key> as it was set to ???? ✅ Display name and Bundle ID align with Xcode project settings Despite all this, every time I upload through Xcode Organizer, I get an "Invalid Binary" error after processing. No issues are shown during archive validation. I suspect the issue may be related to: Flutter WebView integration with latest iOS SDKs Residual metadata in the archive from unused iOS storyboard references Possibly missing entitlements or capabilities not flagged by Xcode Questions: Are there any known issues affecting Flutter WebView apps recently (especially around Xcode 15.3 or iOS 18 SDK)? Is it mandatory to remove Main.storyboard from the project bundle even if it's not used? Could this issue be related to background modes, UIRequiredDeviceCapabilities, or entitlements even if not directly flagged? I’d appreciate any insights or experiences from others who’ve faced this issue recently. Thanks in advance! Luis Antonio Pinto Acosta

I’ve been having problems with MacOS builds. I’m making a release Appstore build and uploading it to Testflight. However when running it instantly crashes, and report screen shows the following: Current flow: I sign all files in PlugIns/ (we have a number of .bundle), and I’ve tried combinations of signing with/without --entitlements, as well as with/without --deep. After this I sign Frameworks/GameAssembly.dylib and Frameworks/UnityPlayer.dylib. Again, I’ve tried combinations of with/without --entitlements and --deep, also not signing them at all. After signing PlugIns and frameworks, I sign the .app, also tried this with/without --deep (always with --entitlements). Finally I make a .pkg and upload to Testflight. It’s not the game, as I can make an enterprise version that runs fine. We have some restricted entitlements, such as Apple Arcade. Building from an M1 mac, and architecture is Universal (Intel + ARM). Unity documentation says to use --deep, but Apple documentation highly recommend against it. So basically, my question is, how and in what order should I sign the files? Much obliged!

Hello, I have created multiple Developer ID Application and Developer ID Installer certificates across different Apple OS versions without keeping the Certificate Signing Requests (CSR). As I’m not very experienced with Apple’s system, I made this mistake and now I am unable to create new certificates because I have reached the maximum number of certificates allowed. I develop software based on Electron and have been building and signing my applications with electron-builder, integrating the app signing needed to submit the app to the Apple Store via Transporter. Here is the relevant portion of my package.json build config: "mac": { "appId": "com.nome_app.ext", "type": "distribution", "target": [ "mas" ], "artifactName": "name_app.${ext}", "category": "public.app-category.utilities", "provisioningProfile": "build/prov_prof_mac_name_app.provisionprofile" }, "mas": { "appId": "com.name_app.ravia", "hardenedRuntime": false, "type": "distribution", "gatekeeperAssess": true, "artifactName": "name_app.${ext}", "category": "public.app-category.utilities", "entitlements": "build/entitlements.mas.plist", "extendInfo": { "NSMicrophoneUsageDescription": "This app requires microphone access.", "NSCameraUsageDescription": "This app requires webcam access." }, "entitlementsInherit": "build/entitlements.mas.inherit.plist" } } Currently, I have recreated the Mac Developer Application and Mac Developer Installer certificates, but without valid Developer ID Installer and Developer ID Application certificates, I always get this error during build: `skipped macOS application code signing reason=cannot find valid "Developer ID Application" identity or custom non-Apple code signing certificate, it could cause some undefined behaviour, e.g. macOS localized description not visible, see https://electron.build/code-signing allIdentities= 718241A413826C6A97E2062EAEC155BEF5330CCA "iPhone Distribution: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED) 60B360CCE27FE915799FAE7C8E6A16962F2DE9B0 "3rd Party Mac Developer Installer: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED) 4518A8CE3BAC4F27B09D654DA14F52FBE15A0A85 "3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED) ... (additional identities with CSSMERR_TP_NOT_TRUSTED) Valid identities only: 718241A413826C6A97E2062EAEC155BEF5330CCA "iPhone Distribution: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED) ... • signing file=dist/mas/Studio Medico Specialistico.app platform=mas type=distribution identityName=3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ) identityHash=4518A8CE3BAC4F27B09D654DA14F52FBE15A0A85 provisioningProfile=build/prov_prof_mac_studiomedicospecialistico.provisionprofile • Command failed multiple times: codesign --sign "3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" --force --timestamp --entitlements build/entitlements.mas.inherit.plist /path/to/app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/af.lproj/locale.pak Warning: unable to build chain to self-signed root for signer "3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" Error: errSecInternalComponent From my understanding, the system cannot find a valid Developer ID Application identity for signing. The existing certificates all show the CSSMERR_TP_NOT_TRUSTED error and the signing command fails with errSecInternalComponent. **I have confirmed that the certificates are installed in my keychain, but they may be missing private keys or not fully trusted. Is there a possibility to reset my Apple Developer account’s Developer ID Application and Developer ID Installer certificates, so I can start fresh and generate new valid certificates? Could you please advise on how to proceed or if there is any way to clear the current certificate limit?** Thank you very much for your help.

mac .cer证书不能导出.p12证书 不知道那个步骤出错

Hi, I have an account that is only a few days old. My first notary went smooth and was done within minutes. Every subsequent notary has been stuck pending. The oldest one being a day or so.

Displaying attribute for a private key I see a number of applications that are allowed to access it without needing a password e.g. racoon; Keychain Access.app; Certificate Assitant.app etc.. I want to add /usr/bin/codesign to the list but the gui window that pops up when I click on + doesn't seem to allow me to do that :( How do I do it please

I encountered code signing issue with Apple Distribution certificate for both iOS and MacCatalyst. The app crashes with "Beta Profile". I followed this instruction to manually re-sign my ipa to confirm that I use the Apple Distribution and the correct Provisioning Profile. https://gist.github.com/WDUK/4239548f76bd77b2c4b0 When I double click on the Apple Distribution certificate in KeyChain Access, it shows "Extension: Apple Mac App Signing (Development)" and "Extension: Apple Developer Certificate (Submission)" I have been stuck in this issue for more than a month. I really need help because I do not know how to proceed further. Thank you.

The driver does not show up in the app settings after switching to “DriverKit USB Transport - VendorID”. Previously, the app used “DriverKit USB Transport (development)” and everything worked as expected. The entitlements looked like this: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.driverkit</key> <true/> <key>com.apple.developer.driverkit.transport.usb</key> <array> <dict> <key>idVendor</key> <string>*</string> </dict> </array> </dict> </plist> I received approval to use “DriverKit USB Transport - VendorID”. I updated the App ID configuration in the portal, removed all development entitlements, updated the provisioning profile, and edited the driver’s .entitlements as follows: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.driverkit</key> <true/> <key>com.apple.developer.driverkit.transport.usb</key> <array> <dict> <key>idVendor</key> <integer>1111</integer> </dict> </array> </dict> </plist> The app installs on an iPad with an M processor, but the driver does not appear in the settings. In the logs I see the following: 272 debug 19:50:42.005193+0300 installd 7935 signing bytes in 5 blob(s) from /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.bugkAE/extracted/Payload/****.app/SystemExtensions/****Driver.dext/****.Driver(arm64) 272 debug 19:50:42.012068+0300 installd open(/var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.bugkAE/extracted/Payload/****.app/SystemExtensions/net.svedm.****.SDRDriver.dext/Info.plist,0x0,0x1b6) = 4 272 debug 19:50:42.012712+0300 installd 0xc2e14c618 done serializing <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>application-identifier</key><string>****.Driver</string><key>com.apple.application-identifier</key><string>****</string><key>com.apple.developer.driverkit</key><true/><key>com.apple.developer.driverkit.transport.usb</key><array><dict><key>idVendor</key><integer>3034</integer></dict></array><key>com.apple.developer.team-identifier</key><string>****</string><key>com.apple.security.get-task-allow</key><true/><key>get-task-allow</key><true/></dict></plist> 0 error 19:53:08.930054+0300 kernel Sandbox: MyApp(844) deny(1) sysctl-read kern.bootargs 0 error 19:53:08.931571+0300 kernel Sandbox: driverkitd(77) deny(1) syscall-unix 284 syscall-unix-denied-SIGKILL 0 error 19:53:09.985946+0300 kernel 1 duplicate report for Sandbox: driverkitd(77) deny(1) syscall-unix 284 syscall-unix-denied-SIGKILL 0 error 19:53:09.985985+0300 kernel Sandbox: MyApp(844) deny(2) file-test-existence /usr/bin/swift-backtrace 0 error 19:53:09.986011+0300 kernel Sandbox: MyApp(844) deny(2) file-test-existence /usr/bin/arm64e But I don’t quite understand what is going wrong. Any ideas?

Yesterday there were reported outages on the Developer ID Notary Service, but it was reported pretty late and we were able to notice the outages in real time. It says resolved now, however an error still persists: Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired. Is there an ongoing outage at this moment that is not being reported again? Our pipelines have been working flawlessly for months without intervention nor changes until the most recent outages

Two months ago we got approval for using the Notification Filtering entitlement. We rushed out to implement it in our app, only to find out that the permission was set for the wrong bundle identifier. We expected to get the permission for the notification extension's bundle identifier, yet it is added for the main app's bundle identifier. Per the official docs, the entitlement permission should be in the notification service extension target: After you receive permission to use the entitlement, add com.apple.developer.usernotifications.filtering to the entitlements file in the Notification Service Extension target. However, this fails to get signed when compiling for non-simulator targets because of the bundle mismatch issue. Simulator perfectly filters notifications. Adding the entitlement to the main app does compile, but filtering does not work (as expected). We reached out to Apple twice (Case-ID: 14330583) but we have yet to receive any response. Could there be something else wrong instead of the identifier mismatch?

Hi, We have an app that is a default mail client, so it has this entry in its entitlements file: com.apple.developer.mail-client. This seems to create issues with ad-hoc distribution. We can distribute the app on App Store Connect without any issues and have been doing so for a while. We wanted to try using Xcode Cloud to manage our releases. The app export works fine for both App Store Distribution and Development Distribution. However, the ad-hoc distribution step fails. (We don't need ad-hoc distribution, but Xcode Cloud seems to prevent us from removing this step.) I tried building and releasing the app locally for ad-hoc distribution and encountered the same error as on Xcode Cloud. When Xcode tries to generate the profile, it outputs the following error: Provisioning profile "iOS Team Ad Hoc Provisioning Profile: com.infomaniak.mail" failed qualification checks: Profile doesn't support Default Mail App. Profile doesn't include the com.apple.developer.mail-client entitlement. Is it something broken with our config ? What are we missing ? Local error in Xcode Organizer: Remote error on Xcode cloud:

Hi, I am facing an issue with login persistence using firebase, but basically, it seems that I need to ensure I enable the Keychain Sharing within the Identities capabilities, the problem is, it is not even on the list. Thank you much

I’ve been working on a Catalyst version of my iOS apps. Finally everything is working apart from the custom intents the user user to configure the widgets. The config UI loads: And changing settings at this level works. But it can’t load the options for the other settings: “No options were provided for this parameter” I see this crash in the intent: Termination Reason: Namespace DYLD, Code 1 Library missing Library not loaded: @rpath/CocoaLumberjack.framework/Versions/A/CocoaLumberjack Referenced from: <E1BF4CC5-4181-3272-828C-86B1CD1A66BF> /Applications/my.app/Contents/PlugIns/Intents.appex/Contents/MacOS/Intents Reason: , (security policy does not allow @ path expansion) (terminated at launch; ignore backtrace) I have added the Hardened Runtime Capability to the Main App Target, the Widget Target and the Intents Target. I also allowed “Disable Library Validation” just in case. What am I missing?

I've added my Vendor ID to the appropriate entitlement files but my binary fails validation when trying to upload it to the store for distribution. The embeded.mobileprovision file in the generated archive shows an asterisk instead of my approved Vendor ID. How can I make sure the embedded provisioning file has my Vendor ID?