Hi all, I got the entiltlements for the DriverKit PCI (primary match). so I added it to my driver app ID. so, I can show the ~~transport.pci entitlement item on my provision profile. However, macOS system still block the my driver, and log show the " Unsatisfied entitlements: com.apple.developer.driverkit.transport.pci"

I'm struggling to get past the following error from Transporter. I've tried everything I can think of and I'm not sure what else to do. WARNING ITMS-90885: ""Cannot be used with TestFlight because the executable “${executable}” in bundle “${bundle}” is missing a provisioning profile but has an application identifier in its signature. Nested executables are expected to have provisioning profiles with application identifiers matching the identifier in the signature in order to be eligible for TestFlight."" Setup I'm using electron with a main.app and nested helper apps (e.g. Main.app/Contents/Frameworks/Main Helper (Renderer).app) I'm trying to upload to the Mac App Store I'm codesign-ing the contents with Apple Distribution: ... and signing the pkg installer with 3rd Party Mac Developer Installer: ... I'm using osx-sign to manage the code signing for me: basically it's doing a whole bunch of this: codesign --sign {40-char-hash} --force --timestamp --options runtime --entitlements "$CHILD_PLIST" "packages/mas-universal/{APP_NAME}.app/Contents/Frameworks/{APP_NAME} Helper (Renderer).app"

All, I am currently facing an issue while trying to install a provisioning profile using the open command. The command works perfectly fine when executed through screen sharing and the terminal on the remote machine. However, when I attempt the same command using an SSH terminal connection on my local machine, it fails to work properly. Here is the command I am using: open /Users/ec2-user/Desktop/ProvProfile/MyAppQA.mobileprovision When I run this command in the SSH terminal connection on my local machine, I encounter the following error message: "The application cannot be opened for an unexpected reason, error=Error Domain=NSOSStatusErrorDomain Code=-10822 "kLSServerCommunicationErr: The server process (registration and recent items) is not available" UserInfo={_LSLine=3863, _LSFunction=_LSOpenStuffCallLocal}" Furthermore, when I execute this command in a Jenkins job, it fails with the same error message: "The application cannot be opened for an unexpected reason, error=Error Domain=NSOSStatusErrorDomain Code=-10822 "kLSServerCommunicationErr: The server process (registration and recent items) is not available" UserInfo={_LSLine=3863, _LSFunction=_LSOpenStuffCallLocal}" I am also attempting other commands concurrently, such as security import /Users/ec2-user/Desktop/ProvProfile/MyAppQA.mobileprovision -k /Users/ec2-user/Library/Keychains/login.keychain-db, but I encounter the following error: "security: SecKeychainItemImport: Unknown format in import." The security import command does not work on the Mac agent's terminal, the SSH terminal on my local machine, or in the Jenkins job. I would greatly appreciate any assistance in resolving this issue and finding a reliable way to install the provisioning profile using a Jenkins pipeline job. Thank you for your attention and support.

I've created a provisioning profile multiple times and made sure the device is properly included on the devices. This same process is working on my other projects using the same developer certificate and device included

I tried building and running our application with the new Xcode 15.0 beta (15A5160n) The build fails with the following message: Provisioning profile "REDACTED" doesn't support the Access Wi-Fi Information, Hotspot Configuration, and Push Notifications capability. However none of those capabilities are new, they are part of the profile and I was just able to build the project with Xcode 14 before. I already tried reloading the profiles but that does not help. Automatic Signing is disabled for our project.

I updated my keychain certificate. At that time I forgot to always trust and build. When I did so, I was prompted repeatedly to enter my username and password in a dialog. There were so many that I rejected them all in the process. Then I went to the keychain, changed the certificate to always trust, and built again. But I got an error and was told to change the trust setting back to default. So I did as I was told and built again. Then I was asked to enter my username and password again and again, so this time I entered them all correctly. However, it still did not work. After building Xcode, I found a Repair button in the provisioning file settings, so I pressed it and built again. After entering the dialog, I got Build Sccess, but it could not start and I got an issue dialog. How do I get it to build on a real machine? Details Could not launch “Runner” Domain: IDEDebugSessionErrorDomain Code: 3 Failure Reason: failed to get the task for process 14356 User Info: { DVTErrorCreationDateKey = "2023-06-06 06:48:35 +0000"; DVTRadarComponentKey = 855031; IDERunOperationFailingWorker = DBGLLDBLauncher; RawUnderlyingErrorMessage = "failed to get the task for process 14356"; } -- Analytics Event: com.apple.dt.IDERunOperationWorkerFinished : { "device_model" = "iPhone10,3"; "device_osBuild" = "15.4.1 (19E258)"; "device_platform" = "com.apple.platform.iphoneos"; "launchSession_schemeCommand" = Run; "launchSession_state" = 1; "launchSession_targetArch" = arm64; "operation_duration_ms" = 22537; "operation_errorCode" = 3; "operation_errorDomain" = IDEDebugSessionErrorDomain; "operation_errorWorker" = DBGLLDBLauncher; "operation_name" = IDEiPhoneRunOperationWorkerGroup; "param_consoleMode" = 0; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 1; "param_debugger_type" = 5; "param_destination_isProxy" = 0; "param_destination_platform" = "com.apple.platform.iphoneos"; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_tpc_enable" = 1; "param_diag_gpu_frameCapture_enable" = 0; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_queueDebugging_enable" = 1; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 0; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 0; "param_launcher_substyle" = 0; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = "com.apple.product-type.application"; "param_runnable_type" = 2; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "iphoneos16.2"; "sdk_osVersion" = "16.2"; "sdk_variant" = iphoneos; } -- System Information macOS Version 12.6.3 (Build 21G419) Xcode 14.2 (21534) (Build 14C18) Timestamp: 2023-06-06T15:48:35+09:00

After updating the os to iOS17 beta, not able to install the enterprise app through ipa, it throws error Error installing '//Downloads/-Internal-Appstore-23.6.5-1.ipa', ERROR: Error Domain=com.apple.dt.CoreDeviceError Code=3002 "Failed to install the app on the device." UserInfo={NSUnderlyingError=0x600019bcc750 {Error Domain=com.apple.dt.CoreDeviceError Code=3000 "The item at -Internal-Appstore-23.6.5-1.ipa is not a valid bundle." UserInfo={NSURL=file:////Downloads/-Internal-Appstore-23.6.5-1.ipa, NSLocalizedDescription=The item at -Internal-Appstore-23.6.5-1.ipa is not a valid bundle., NSLocalizedFailureReason=Failed to read the bundle.}}, NSLocalizedDescription=Failed to install the app on the device., NSURL=file:///Downloads/-Internal-Appstore-23.6.5-1.ipa} Kindly update on this. Do any code side changes have to be done for this to fix these issue?

Trying to connect with the api,https://api.appstoreconnect.apple.com/v1/profiles/{profile_id} with method as patch and request body as { 'data': { 'relationships': { 'devices': { 'data': [ { 'type': 'devices', 'id':device_id } ] } } } } it shows 403 error and couldn't find the issue with it.The api key and the auth key file used for generating the jwt token is provided with admin access to all.Through this api we can fetch the details but can't add the device.Please suggest a solution to resolve the issue.

Hi! I am working with App Store Connect API for the first time, from NodeJS (if that matters, but I also tried with curl). I was able to authenticate and send GET requests with no problem, but when trying to send POST request I always get "METHOD_NOT_ALLOWED" error. Is anyone able to send post request? specifically to "https://api.appstoreconnect.apple.com/v1/certificates", but I also tried the Profiles endpoint, and I got the same problem. The docs claim its possible, but this error makes me feel something is not updated over there. Any help will be very much appreciated! Some extra information: JWT Playload: { iss:"KEY ISSUER", iat:Math.floor(Date.now() / 1000), exp:Math.floor(Date.now() / 1000) + (60 * 10), aud:'appstoreconnect-v1', scope:[ 'POST /v1/certificates' ] } JWT Options { algorithm:'ES256', header:{ alg:'ES256', kid:"KEY ID", typ:'JWT' } } Request Body(Before Stringify): { data:{ type:'certificates', attributes:{ certificateType:'IOS_DISTRIBUTION', csrContent:"PEM CERT" } } }

I have been making a game in Unity and been able to create builds successfully. I added the app tracking transparency compliance in my newest version, and made a new build in the same folder. When I make a build in Xcode to the iPad, the build is successful but the Install Fails. I get this message: A valid provisioning profile for this executable was not found. Domain: com.apple.dt.MobileDeviceErrorDomain Code: -402620395 I have tried installing the profile manually through the Devices window, but it gives me this error: "Failed to install one more provisioning profiles on this device." I have assigned the correct team and profile that corresponds with the right certificate. It was working on previous builds, but just started giving me this error in my newest build out of Unity. My suspicion is that when the iPad iOS downloaded the update that day, my version of Xcode (14.2) isn't able to install provisioning profiles on it anymore. Because my build machine is old and the OS is Monterrey, I can't upgrade Xcode beyond 14.2. However, I have added the 16.4 and 16.5 device support folders which has allowed me to make builds successfully. The issue now is the profiles. Here is what I have tried so far: Deleting old certificates and making new ones Making new Provisioning Profiles and double checking the device and capabilities are accurate Turning On/Off automatic signing Clean Build folder Restart device, unpair, unplug, pair again Make a new Build Project out of Unity Making sure device is unlocked I am now at my wits end and considering that I need to buy a new device in order to make a build.

Can we use below appstoreconnect api to only download developer provisioning profile ? or can we also use to download Enterprise provisioning profile ? https://developer.apple.com/documentation/appstoreconnectapi/list_and_download_profiles API: https://api.appstoreconnect.apple.com/v1/profiles Thanks Ravi K

Hello , i need to install accessory developper profile on my iphone , but i could'nt find the profile , someone can support please to find it or provide link to download it ? thanks in advance

According to the WWDC202310224 "Simplify distribution in Xcode and Xcode Cloud" video, there are two questions about my development process. First, the developer must use "Development Profile" to config Signing & Capability instead of "Developer ID Application profile" for building Applications? shown as the pictures below Second, after build application successfully with "Development Profile", process Product -> archive will fail with "Command SetOwnerAndGroup failed with a nonzero exit code" error message, I have no idea how to solve this problem. Cloud you please tell me how to successfully archive the DriverKit application step by step and further directly distribute Application ? Thanks for your helpful support.

After many days hard slog I have migrated my Flutter mobile app onto macos and installed everything I need, ran the iOS simulator and tested - all good! No when I try to build, Xcode complains it cannot locate my provisioning profile and therefore cannot create a provisioning profile. The BundleId (and Team) are set up in the app store and valid - but everytime I run the Signing & Capabilities within Xcode/Runner it errors with "no profiles for.." were found - Xcode couldn't find any iOS App Development profiles - when it is clearly there Help!!

I am creating a macOS application to be distributed to Mac App Store. I am getting an error when I try to validate my .pkg file with the "altool". This is the error I am getting: 2023-06-28 22:15:18.389 *** Error: Asset validation failed Invalid Provisioning Profile. The provisioning profile included in the bundle com.***.safari.web.Extension [com.***.safari.web.Extension.pkg/Payload/XXXX.app] is invalid. [Missing code-signing certificate.] For more information, visit the macOS Developer Portal. (ID: cef119d1-f045-4e50-94f7-22ee94877fad) (90283) { NSLocalizedDescription = "Asset validation failed"; NSLocalizedFailureReason = "Invalid Provisioning Profile. The provisioning profile included in the bundle com.***.safari.web.Extension [com.***.safari.web.Extension.pkg/Payload/XXXXXXX.app] is invalid. [Missing code-signing certificate.] For more information, visit the macOS Developer Portal. (ID: cef119d1-f045-4e50-94f7-22ee94877fad)"; NSUnderlyingError = "Error Domain=IrisAPI Code=-19241 "Asset validation failed" UserInfo={status=409, detail=Invalid Provisioning Profile. The provisioning profile included in the bundle com.***.safari.web.Extension [com.***.safari.web.Extension.pkg/Payload/XXXXXX.app] is invalid. [Missing code-signing certificate.] For more information, visit the macOS Developer Portal., id=cef119d1-f045-4e50-94f7-22ee94877fad, code=STATE_ERROR.VALIDATION_ERROR.90283 "iris-code" = "STATE_ERROR.VALIDATION_ERROR.90283"; } Exited with code exit status 1 CircleCI received exit code 1 The steps I am following, are as follows: Command to generate the archive: xcodebuild -workspace ${WORKSPACE}/XXXXXX.xcodeproj/project.xcworkspace -scheme XXXXXX -sdk macosx -destination 'generic/platform=macOS' -archivePath ${WORKSPACE}/XXXXXXExt.xcarchive DEVELOPMENT_TEAM=XXXXXXXXXXXX PROVISIONING_PROFILE_SPECIFIER="match Development com.***.safari.web.Extension mac" PRODUCT_BUNDLE_IDENTIFIER=com.***.safari.web.Extension CODE_SIGN_STYLE=Manual CODE_SIGN_IDENTITY="Apple Development" archive **The command to generate the .app file (export archive step): ** xcodebuild -exportArchive -exportOptionsPlist ${WORKSPACE}/Config/Prod-MacAppStore-exportOptions.plist -archivePath ${WORKSPACE}/XXXXXX.xcarchive -exportPath ${WORKSPACE}/mac/packages I am using AppStore Distribution certificate for this step. **The Command for generating .pkg file: ** productbuild --component ${WORKSPACE}/mac/packages/XXXXXX.app /Applications/ ${WORKSPACE}/mac/packages/XXXXX-${app_build_number}.unsigned.pkg The Command for signing the .pkg file: productsign --sign "3rd Party Mac Developer Installer: XXXXX Inc. (XXXXXXXXXX)" ${WORKSPACE}/mac/packages/XXXXX-${app_build_number}.unsigned.pkg ${WORKSPACE}/mac/packages/XXXXX-${app_build_number}.pkg I am using Mac Developer Installer certificate for this step. The Command for validating the .pkg file: xcrun altool --validate-app -f ${WORKSPACE}/mac/packages/signed/XXXXX-${app_build_number}.pkg -t macos --apiKey "${APP_STORE_API_KEY}" --apiIssuer ${APP_STORE_API_ISSUER} --show-progress The last command is failing. Could someone please let me know what I am missing? And what does it mean by "Missing code-signing certificate"?

Hi, New to ios dev. I just started actually. I want to test an app on my actual device while plugged into my computer. Is this possible? I have created a developer account (free) and added it to my Xcode. However I am still getting the error: Signing for "appTest" requires a development team. I have seen websites that say you can do this for free but the instructions are vague. Please could someone guide me through this like i'm a child? Much appreciated.

I regularly come across Mac developers who have an app in the Mac App Store but are unable to submit it to TestFlight. This post explains a common cause of that problem. If you have any questions or comments about this, start a new thread and tag it with Provisioning Profiles and TestFlight so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" TestFlight, Provisioning Profiles, and the Mac App Store A provisioning profile authorises a device to run your app. For historical reasons, not all Mac apps need a provisioning profile. A Mac app only needs a profile if it uses a restricted entitlement, that is, an entitlement that must be authorised by a profile. For more background on this, see TN3125 Inside Code Signing: Provisioning Profiles and, specifically, its Entitlements on macOS section. IMPORTANT Your Mac App Store apps must be signed with the App Sandbox Entitlement, but that entitlement is unrestricted. This means that many Mac App Store apps ship without a provisioning profile, and that’s absolutely fine. However, these apps run into problems with TestFlight. To submit an app to TestFlight, it must have a provisioning profile. If you attempt to submit an app without a profile to TestFlight, it’ll fail with an error like this: ITMS-90889: Cannot be used with TestFlight because the bundle at 'MyApp.app' is missing a provisioning profile. Main bundles are expected to have provisioning profiles in order to be eligible for TestFlight. The fix is to give your app a profile. How you do this depends on how you build your app. Fix an app built with Xcode If you build your app with Xcode, the fix is relatively straightforward: Sign your app with a restricted entitlement. This causes Xcode’s code signing machinery to kick in. If you have automatic code signing enable, Xcode will sort this all out for you. If you use manual signing, Xcode will highlight the problems you need to solve. A good restricted entitlement to use is the Keychain Access Groups Entitlement. Enable this by adding Keychain Sharing to the Signing & Capabilities editor for your app. You have two options here: Leave the Keychain Groups list empty. This will fix this problem while having no effect on any keychain code in your app. Use this as an opportunity to switch to the data protection keychain. In this case you might want to add one or more keychain access groups. For an explanation as to why you might want to switch to using the data protection keychain, see TN3137 On Mac keychain APIs and implementations. For more information about keychain access groups, see Sharing Access to Keychain Items Among a Collection of Apps Fix an app built outside of Xcode If you don’t use Xcode to build your app: Use Developer > Account > Identifiers to create an App ID for your app. Remember that your App ID is the combination of an App ID prefix and your app’s bundle ID. For new App IDs, use your Team ID as the App ID prefix. Use Developer > Account > Profiles to create a macOS App Development provisioning profile for that App ID. Use Developer > Account > Profiles to create a Mac App Store distribution provisioning profile for that App ID. Update your build system to embed a provisioning profile into your app. Use the profile from step 2 for development-signed builds and the one from step 3 for distribution-signed builds. For information about where to place the profile, see Placing Content in a Bundle. Add the following to your .entitlements: A com.apple.application-identifier property whose value is your App ID A com.apple.developer.team-identifier property whose value is your Team ID Build your app and check your work by dumping the entitlements claimed by your app and the entitlements authorised by your provisioning profile. For the specific commands to use, see TN3125 Inside Code Signing: Provisioning Profiles. WARNING In step 1, if your team has any unique App ID prefixes registered, the Developer website might default to using one of those legacy values rather than your Team ID (r. 70571514). If the App ID Prefix value is a popup, select your Team ID from the list. If the App ID value is a read-only copy of your Team ID, your team has no unique App ID prefixes, and so the Developer website always uses your Team ID as the App ID prefix. IMPORTANT In step 5, make sure that your .entitlements file is only applied to the app itself, not to any nested code. For more on this, see the Entitlements and Nested Code section below. Historically you might have been able to get away with using single .entitlements file for all your code. Once you start adding restricted entitlements, like com.apple.application-identifier, this bad practice will cause problems. For general information about how to sign and package apps outside of Xcode, see Creating Distribution-Signed Code for Mac and Packaging Mac Software for Distribution. Entitlements and Nested Code An App Store app might contain the following code; The app itself Nested libraries, like a framework or a dynamic library Nested executables, like a helper tool or an app extension Step 5 in the previous section specifically refers to the entitlements of the main app. When it comes to nested code, the first case is easy: Never add entitlements to nested libraries. It doesn’t do anything useful and can prevent your code from running. The story with nested executables is more nuanced. To start, every nested executable must be signed with at least one entitlement because: All App Store executables must be sandboxed. You enable the App Sandbox with the com.apple.security.app-sandbox entitlement. In many cases a nested executable only needs unrestricted entitlements, like com.apple.security.app-sandbox and com.apple.security.inherit. In that case the nested code doesn’t need a provisioning profile. If a nested executable uses restricted entitlements, it needs a provisioning profile to authorise the use of those entitlements, and its own unique App ID to tie the executable to the profile. Place this profile in the nested executable’s bundle, according to the rules in Placing Content in a Bundle. IMPORTANT The nested code can’t ‘piggyback’ off the app’s provisioning profile. It needs its own profile with its own unique App ID. Revision History 2023-08-17 Added the Entitlements and Nested Code section. Made other minor editorial changes. 2023-07-17 First posted.