Post not yet marked as solved
I am developing a macOS application and have encountered an issue with entitlements that I am unable to resolve. The error emerges from the RunningBoard service when I try to play a video in a WKWebView. Here is the specific error:
Error acquiring assertion: <Error Domain=RBSServiceErrorDomain Code=1 "(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)" UserInfo={NSLocalizedFailureReason=(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)}>
I'm seeking answers to the following questions:
What do the entitlements com.apple.runningboard.assertions.webkit and com.apple.multitasking.systemappassertions refer to specifically?
How can I resolve the errors associated with the absence of these entitlements?
This problem appears to affect many users, yet a public solution has not been identified. I've tried adding NSMicrophoneUsageDescription and NSCameraUsageDescription to my Info.plist, as suggested here, but to no avail. An apparent Apple employee suggested adding Background Modes to capabilities here, but such options do not exist.
Numerous similar issues are documented online, but none provide a resolution.
When I attempt to include the entitlements com.apple.runningboard.assertions.webkit and com.apple.multitasking.systemappassertions as indicated in the logs, my application fails to start, resulting in the following error message:
Could not launch “My App Name”
Runningboard has returned error 5. Please check the system logs for the underlying cause of the error.
The error logs are extensive and include:
Could not launch “Quick Music Bar”
Domain: IDELaunchErrorDomain
Code: 20
Recovery Suggestion: Runningboard has returned error 5. Please check the system logs for the underlying cause of the error.
User Info: {
DVTErrorCreationDateKey = "2024-02-24 06:26:22 +0000";
DVTRadarComponentKey = 968756;
IDERunOperationFailingWorker = IDELaunchServicesLauncher;
}
--
The operation couldn’t be completed. Launch failed.
Domain: RBSRequestErrorDomain
Code: 5
Failure Reason: Launch failed.
--
Launchd job spawn failed
Domain: NSPOSIXErrorDomain
Code: 153
--
Event Metadata: com.apple.dt.IDERunOperationWorkerFinished : {
"device_model" = "Mac14,10";
"device_osBuild" = "14.3.1 (23D60)";
"device_platform" = "com.apple.platform.macosx";
"dvt_coredevice_version" = "355.7.7";
"dvt_mobiledevice_version" = "1643.60.2";
"launchSession_schemeCommand" = Run;
"launchSession_state" = 1;
"launchSession_targetArch" = arm64;
"operation_duration_ms" = 113;
"operation_errorCode" = 20;
"operation_errorDomain" = IDELaunchErrorDomain;
"operation_errorWorker" = IDELaunchServicesLauncher;
"operation_name" = IDERunOperationWorkerGroup;
"param_debugger_attachToExtensions" = 0;
"param_debugger_attachToXPC" = 1;
"param_debugger_type" = 3;
"param_destination_isProxy" = 0;
"param_destination_platform" = "com.apple.platform.macosx";
"param_diag_MainThreadChecker_stopOnIssue" = 0;
"param_diag_MallocStackLogging_enableDuringAttach" = 0;
"param_diag_MallocStackLogging_enableForXPC" = 1;
"param_diag_allowLocationSimulation" = 1;
"param_diag_checker_tpc_enable" = 1;
"param_diag_gpu_frameCapture_enable" = 0;
"param_diag_gpu_shaderValidation_enable" = 0;
"param_diag_gpu_validation_enable" = 0;
"param_diag_memoryGraphOnResourceException" = 0;
"param_diag_queueDebugging_enable" = 1;
"param_diag_runtimeProfile_generate" = 0;
"param_diag_sanitizer_asan_enable" = 0;
"param_diag_sanitizer_tsan_enable" = 0;
"param_diag_sanitizer_tsan_stopOnIssue" = 0;
"param_diag_sanitizer_ubsan_stopOnIssue" = 0;
"param_diag_showNonLocalizedStrings" = 0;
"param_diag_viewDebugging_enabled" = 1;
"param_diag_viewDebugging_insertDylibOnLaunch" = 1;
"param_install_style" = 0;
"param_launcher_UID" = 2;
"param_launcher_allowDeviceSensorReplayData" = 0;
"param_launcher_kind" = 0;
"param_launcher_style" = 99;
"param_launcher_substyle" = 8192;
"param_runnable_appExtensionHostRunMode" = 0;
"param_runnable_productType" = "com.apple.product-type.application";
"param_structuredConsoleMode" = 1;
"param_testing_launchedForTesting" = 0;
"param_testing_suppressSimulatorApp" = 0;
"param_testing_usingCLI" = 0;
"sdk_canonicalName" = "macosx14.2";
"sdk_osVersion" = "14.2";
"sdk_variant" = macos;
}
--
System Information
macOS Version 14.3.1 (Build 23D60)
Xcode 15.2 (22503) (Build 15C500b)
Timestamp: 2024-02-24T15:26:22+09:00
The system information is as follows:
macOS Version 14.3.1 (Build 23D60),
Xcode 15.2 (22503) (Build 15C500b),
Timestamp: 2024-02-24T15:26:22+09:00
Has anyone else encountered this issue, or can anyone provide guidance on how to proceed?
Post not yet marked as solved
I am using TapToPay with stripe it is working fine on the development mode but when i try to create build for app store it shows 2 errors.
Post not yet marked as solved
Hi, so I want to have a set of config files and data files which need to be accessible for say 3 of the apps I am building. And these files should be accessible to all 3 regardless of who makes them. The config file can have details like theme etc or sign in details etc.
How do I go about doing this? Some of the things I thought of were,
Using the app group storage folder, where if I understand correctly, if my apps belong to the same app group and have the required entitlement I can create files, they can be accessed by all 3 apps and they will exist until the last of the applications is uninstalled. Is this right?
Letting the user pick a location/folder in "On my iPhone" in each of the apps and store the folder in bookmarks for each of the app. In this way the data will remain even after it is uninstalled.
Is there any other way this can be done. Is there a recommended way of doing this?
Post not yet marked as solved
I followed the official Apple documentation to integrate external puchase, but after adding the com.apple.developer.storekit.external-purchase key to the entitlements plist file, I got the following error: "Provisioning profile "{company name}" doesn't include the com.apple.developer.storekit.external-purchase entitlement." error and fails to build.
https://developer.apple.com/support/storekit-external-entitlement-kr/
Post not yet marked as solved
several steps I have done:
1、send Apple Pay Entitlement & Whitelisting Request email and approved by Apple
2、setting Addiction Capability,config wallet ,import Profile Provisioning
3、setting Entitlement.info,enable com.apple.developer.payment-pass-provisioning=YES
4、successfully show “add Card to ApplePay” Page
5、error occurs in
(void)addPaymentPassViewController:(PKAddPaymentPassViewController *)controller
generateRequestWithCertificateChain:(NSArray<NSData *> *)certificates
nonce:(NSData *)nonce
nonceSignature:(NSData *)nonceSignature
completionHandler:(void (^)(PKAddPaymentPassRequest *request))handler{
.....
handler(request);
}
download from testflight to test
I got a error ’Error Domain=PKPassKitErrorDomain Code=1 "(null)"’, it seems always happened whatever i do.
It is there any steps I miss?What I can do to solve the issue.
Post not yet marked as solved
General:
DevForums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements
Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities.
Developer > Support > Certificates covers some important policy issues
Entitlements documentation
TN3125 Inside Code Signing: Provisioning Profiles — This includes links to other technotes in the Inside Code Signing series.
WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing
Certificate Signing Requests Explained DevForums post
--deep Considered Harmful DevForums post
Don’t Run App Store Distribution-Signed Code DevForums post
Resolving errSecInternalComponent errors during code signing DevForums post
Finding a Capability’s Distribution Restrictions DevForums post
Signing code with a hardware-based code-signing identity DevForums post
Mac code signing:
DevForums tag: Developer ID
Creating distribution-signed code for macOS documentation
Packaging Mac software for distribution documentation
Placing Content in a Bundle documentation
Embedding Nonstandard Code Structures in a Bundle documentation
Embedding a Command-Line Tool in a Sandboxed App documentation
Signing a Daemon with a Restricted Entitlement documentation
Defining launch environment and library constraints documentation
WWDC 2023 Session 10266 Protect your Mac app with environment constraints
TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference.
Manual Code Signing Example DevForums post
The Care and Feeding of Developer ID DevForums post
TestFlight, Provisioning Profiles, and the Mac App Store DevForums post
For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Hi,
I've an OSX app packages up outside of XCode (because it's based on a legacy cross-platform build system). The layout looks like this:
App
App/Contents <- info.plist is here
App/Contents/Frameworks <- Dylibs go here
App/Contents/MacOS <- Main executable and bash startup script go here
App/Contents/Resources <- Non-executable resources.
There are no helper apps, etc that I know of.
info.plist, the Frameworks, Main Executable and App are all signed. The Main Executable includes entitlements with the sandbox entitlements.
On startup, we crash in the usual Sandbox place:
0 libsystem_secinit.dylib 0x7ff811fcc2a5 _libsecinit_appsandbox.cold.9 + 49
1 libsystem_secinit.dylib 0x7ff811fcb636 _libsecinit_appsandbox + 1749
2 libsystem_trace.dylib 0x7ff8044029e9 _os_activity_initiate_impl + 50
3 libsystem_secinit.dylib 0x7ff811fcaf20 _libsecinit_initializer + 67
4 libSystem.B.dylib 0x7ff811fe08a1 libSystem_initializer + 292
5 dyld 0x20905939f invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const::$_0::operator()() const + 185
(Even though I'm not signing the bash startup script, which invokes the main executable, it's still getting signed and has entitlements. And I'm not using --deep.
I've tried setting com.apple.security.inherit - that didn't work.
I've tried explicitly signing the bash startup script - that didn't work.
It fails not matter how I start the app - by clicking on it, command line, just launching the main executable via the command line, and of course using LLDB.
Any ideas? Crash report enclosed.
ProgUhost-2024-02-17-171425.ips
Post not yet marked as solved
I'm trying to run the Checking IDs with the Verifier API Sample Code. The display request app works fine but when i try to run the data request app i get this error for provisioning profile :
Provisioning profile "iOS Team Provisioning Profile: com.example.apple-samplecode.verifier-api-sample-data-requestRPTDZQM3C9" doesn't include the com.apple.developer.proximity-reader.identity.read entitlement.
and I'm not able to fins how to add this entitlement to the app. I tried to add it from capabilities but it's not available there, only the tap to present ID on iPhone (Display Only) is available.
Is this entitlement restricted to a specific country or I need to request access to it from somewhere? or Is there anyway to add it to run the app?
Post not yet marked as solved
Hello, we have a universal app that runs on iOS and iPadOS today but we're having an issue where it crashes on launch on visionOS.
When I try to run our app, I see messages like these in the console logs:
AMFI: constraint violation /private/var/containers/Bundle/Application/***/***.app/Frameworks/***.framework/*** has entitlements but is not a main binary
I see these for what seems to be all of our internal frameworks, we use cocoapods for all of these.
The following output is from running: codesign -d --entitlements :- ***.framework
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict></dict></plist>
Why would this cause a crash on launch for visionOS, but not iOS or iPadOS?
Why does AMFI think there are entitlements for the framework when they are empty?
Since the macOS 14.2 update, services installed with SMAppService are required to be sandboxed when the main app is sandboxed as well (113037504).
I had developed a daemon to communicate with the pmset interface, as that requires root privileges to make changes. Since the macOS 14.2 this daemon executable has to be sandboxed as well if I want my main app to be sandboxed.
When sandboxing the daemon, it requires a temporary exception entitlement as the pmset command writes to one of the following two preference located in /Library/Preferences/:
com.apple.PowerManagement.plist
com.apple.PowerManagement.{UUID}.plist
The specific command I use writes to the latter, which includes some specific UUID, that is specific to that device.
When I use the: com.apple.security.temporary-exception.shared-preference.read-write entitlement with com.apple.PowerManagement.0000 where 0000 is the exact UUID string as on my Mac, the daemon is able successfully use the pmset command. This results however in that on other user devices it would not work as the UUID in the preference name would be different.
When I try setting it to a wildcard variation such as com.apple.PowerManagement.*, the command doesn't run anymore as this format for the exception entitlement seems to be unsupported.
My question is now, is there any way to get an exception entitlement which accounts for the unique identifier or is that impossible and must I disable the sandbox altogether?
(as I have to use a daemon, I am not developing for the Mac App Store and a sandbox isn't strictly necessary so it wouldn't break my app. Its more I would prefer to use sandboxing if possible)
Thanks in advance!
For reference, this is the error I get when the entitlement is set incorrectly or not set:
rejecting write of key(s) AC Power in { com.apple.PowerManagement.0000, kCFPreferencesAnyUser, kCFPreferencesCurrentHost, /Library/Preferences/com.apple.PowerManagement.0000.plist, managed: 0 } from process 15694 (pmset) because setting preferences outside an application's container requires user-preference-write or file-write-data sandbox access
Post not yet marked as solved
I want to build an iOS VPN app for personal use only, so I need to add the NetworkExtensions capability (according to my understanding)
From Apple's documentation on "Adding Capabilities to Your App":
The platform, and whether you're a member of the Apple Developer Program, may limit the capabilities available to your app
The documentation doesn't explicitly say which capabilities require being a part of the Apple Developer Program. I also don't see why I'd need to be a part of the Apple Developer Program to write software for personal use. Note that, at least to my knowledge, the NetworkExtensions capability does not depend on any service from Apple (as opposed to HealthKit or Game Center).
So is there a way to add a Network Extensions capability to an iOS app without joining the Apple Developer Program?
Post not yet marked as solved
Our app uses Family Control and have 2 extensions for monitoring and shielding.
We got Family controls Distribution entitlement for main app bundle and we have applied to get for extensions too, but its like 2 months we didn't get the Distribution entitlements for extensions. We need to upload the app to TestFlight, but without Distribution entitlements for extensions we can't do it.
Bundle id exp:
com.example.example -- Distribution entitlement provided
com.example.example.MonitorExtension -- only development entitlement
com.example.example.ShieldConfiguratoionExtension -- only development entitlement
Is there nay workaround?
Hello,
I requested entitlement 4 times from 4 days ago.
But I did not get any kind of response mail.
I need entitlement for only development, to check file IO events.
Is there any way to request entitlement ?
Regards,
Daehong
(Sometimes I think I'm the only person who's actually using the new Xcode multiplatform app paradigm! So hard finding info on the various "gotchas".)
My multiplatform app supports macOS (not Catalyst), iOS, iPadOS, and tvOS. It's an internal testing app, never meant to be on any app store.
It has only one Target (the new multiplatform target).
I've been able to work through all the teething issues except for Entitlements. My iOS and tvOS app both use 3 entitlements that are for those platforms only. The macOS version doesn't need or want them. But if those 3 entitlements are in the .entitlements file, the macOS version won't launch at all (not even in the sim).
Of course as soon as I take those 3 entitlements out of the file, it runs.
Sooo...in a multiplatform targeted app how do you specify different entitlements for different platforms? Or is it not possible?
Thanks!
Post not yet marked as solved
When we added a com.apple.developer.associated-domains entitlement to our apps, they crash on launch with a code signing error on our old 2011 Mac running 10.13.6 High Sierra.
The signature is accepted on current Macs, and the associated domains do work.
The command line utilities say everything is ok, the entitlement is in the signature and the embedded profile.
The apps will run fine on High Sierra without the entitlement.
The only guess I have is perhaps High Sierra is rejecting any unknown entitlement?
The error is
Code has restricted entitlements, but the validation of its code signature failed.
Unsatisfied Entitlements:
No Unsatisfied Entitlements are listed.
Removing the entitlements from the signature lets the apps run on High Sierra.
Post not yet marked as solved
Years ago, JSCore on non-macOS disabled JIT, leading to much worse performance than could possibly be achieved with JIT on. Has anything changed recently to permit greater optimizations for JSCore on mobile platforms? (iPadOS, visionOS).
My guess is ”no” since the docs still llist only macOS under the MAP_JIT flag, but as far as I know, Apple could still choose to enable JSCore optimizations behind the scenes if this option were available to developers.
Post not yet marked as solved
Hi,
our account holder did the networking.multicast entitlement request on November 24th through the appropriate form:
https://developer.apple.com/contact/request/networking-multicast
but we never received any kind of answer, positive or negative. We also tried to submit again the request 3 weeks ago and still no answer.
I already checked if the entitlement was granted without an answer and we don't have it.
I tried to write also with the feedback assistant but no answer. What I can do to unblock this situation?
Post not yet marked as solved
I am developing a Mac application. Within this application, I need to execute certain commands and expressions with root privilege access. I am working to perform this action, and once authenticated, it should persist throughout the entire app lifecycle. Similar to allowing keychain access for Xcode applications by selecting the 'Always allow' permission.
Please let me know:
1. Is it possible for a third-party application to exhibit such behavior?
2. If it is possible, what type of permissions do I need to set?
3. Do I need any specific entitlements for this?
Thank you for your insights and assistance. Your responses are highly valued, and any guidance you can provide will be greatly appreciated.
Post not yet marked as solved
There are several questions regaring the following guide about Interoperability requests in the EU.
Will other developers be able to use all the APIs that have been created? For non-EU applications?
If it's a private API, would there be a list of all the APIs that have been implemented to see who has which one?
Will there be a difference in priority between feature requests submitted through Feedback Assistant and interoperability requests?
Post not yet marked as solved
Hi All,
I would like to know if the 'deferred deep link' feature is compatible with the apps hosted in the Enterprise App Store.
A 'deferred deep link' is intended to direct the user to the App Store page, where they can download the app. During the initial startup, SFSafariViewController is expected to provide the URL parameters passed as part of the deep link.
I would appreciate your assistance in confirming whether the 'deferred deep link' functionality will work seamlessly if we use Enterprise Appstore for distribution.
Thanks and regards,
Sujith Joseph