Post not yet marked as solved
I use three Macs for development of a web application. On each of the Macs (macOS 14.4) I used mkcert to install a local CA and to issue developer certificates (all separately). Accessing the web app with https://localhost:8080 works fine on two Macs with all browsers, but on one Mac Safari claims to have another root CA for localhost which it does not trust. And I cannot override the trust settings.
Using Keychain Access I do not find this certificate. Safari shows it like this:
Scrolling down I can see DNS Names localhost, localhost.localdomain and lvl.me, so I suspect it is a leftover from trying to install a root CA before using mkcert.
The mkcert certificate looks like this and I can see it in the System keychain:
So Safari complains and I cannot tell it to trust the server certificate as the CA does not fit (I think). Firefox and Chrome open the website just fine after warning me and me telling them to do so.
I tried to find the wrong CA using Keychain Access and Terminal (security find-certificate -a -c localhost, security find-certificate -a -c lvh...) but in vain.
Where can I find this certificate and how can I delete it?
Post marked as Apple Recommended
I've been trying to notarize an installer (.pkg file) on a new laptop. Previous versions have been notarized successfully on a previous Mac.
However, in spite of having the required certificates (same as the old Mac, generated for the new Mac) the submission gets stuck at "In Progress".
Doing it multiple times (even hours apart) doesn't help.
Is there a FAQ / suggested list of steps to help resolve this issue?
Here's what I see:
xcrun notarytool history --keychain-profile "(my profile name)"
results in (problem started with v4, the first version I've tried on this new Mac):
createdDate: 2023-10-17T01:34:36.911Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v4.pkg
status: In Progress
--------------------------------------------------
createdDate: 2023-10-17T01:33:59.191Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v4.pkg
status: In Progress
--------------------------------------------------
createdDate: 2023-10-16T21:01:25.832Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v4.pkg
status: In Progress
--------------------------------------------------
createdDate: 2023-10-16T19:57:44.776Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v4.pkg
status: In Progress
--------------------------------------------------
createdDate: 2023-10-02T14:17:34.108Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v3.pkg
status: Accepted
--------------------------------------------------
createdDate: 2023-09-28T14:04:46.211Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v2.pkg
status: Accepted
--------------------------------------------------
createdDate: 2023-09-20T17:28:46.168Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v1.pkg
status: Accepted
--------------------------------------------------
xcrun notarytool log xxxxxxxxxxxxxxxxxxxx --keychain-profile "(my profile name)" results in:
Submission log is not yet available or submissionId does not exist
id: xxxxxxxxxxxxxxxxxxxxxxxx
Post not yet marked as solved
If I develop my app with an SDK(binary) that other person developped and then the SDK certificate has expired,Can I submit my app to app store?
Or should I get a new SDK with updating certificate?
Post not yet marked as solved
Hello,
I am setting up a build (Gitlab CICD) runner. I create a keychain and imported certificate and my signing key.
$ security find-identity -v
XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)" (CSSMERR_TP_NOT_TRUSTED)
1 valid identities found
$ security find-identity -p codesigning -v
XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)"
1 valid identities found
Codesign fails with
unable to build chain to self-signed root for signer "Developer ID Application: XXXXXX, INC. (XXXXXX)" errSecInternalComponent
On the local machine everything is fine.
I think the point is that the identity is both valid and CSSMERR_TP_NOT_TRUSTED.
What can I do about it?
Hi,
I have this error:
Provisioning profile "iOS Team Provisioning Profile: com.Mcrich23.Pickt" doesn't include the com.apple.runningboard.assertions.webkit entitlement
However, I can't add this entitlement because it pretty much does not exist. Any ideas?
Post not yet marked as solved
Electron-Builder Version: 24.12.0
Electron-Builder-notarize Version: 1.5.1
Node Version: v15.14.0
Electron Version: 11.3.0
Electron-updater version: ^4.3.5
Target: Mac Apple Store (mas)
Hello, I am trying to build and sign a new version of my electron app for the mac apple store (mas), but when I get to the final step of uploading the RenderTune.pkg file to the mac transporter app, I get a failed status with 22 errors all the same formatting like so:
Asset validation failed (90284)
Invalid Code Signing. The executable 'com.martinbarker.digifyunique.pkg/Payload/RenderTune.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/etc....dylib' must be signed with the certificate that is contained in the provisioning profile. (ID: abc-abc-abc-abc-abc)
In order to build and sign this RenderTune.pkg file, first I run the command npm run build-mas locally while on branch v1.1.5 ( code here )
Which runs the following command:
"build-mas": "electron-builder build --mac && sh signmasscript.sh",
So first it runs electron-builder build --mac and gives this output:
Martins-MacBook-Air:rendertune-v1.1.5-feb-24 martinbarker$ npm run build-mas
> rendertune@1.1.5 build-mas
> electron-builder build --mac && sh signmasscript.sh
• electron-builder version=24.12.0 os=20.6.0
• loaded configuration file=package.json ("build" field)
• writing effective config file=dist/builder-effective-config.yaml
• packaging platform=darwin arch=x64 electron=11.3.0 appOutDir=dist/mac
• signing file=dist/mac/RenderTune.app platform=darwin type=distribution identity=ACBACBACBACBACBACBACBACBACB provisioningProfile=none
• skipped macOS notarization reason=`notarize` options were not provided
• building target=DMG arch=x64 file=dist/RenderTune-mac.dmg
• building target=macOS zip arch=x64 file=dist/RenderTune-mac.zip
• building block map blockMapFile=dist/RenderTune-mac.dmg.blockmap
• building block map blockMapFile=dist/RenderTune-mac.zip.blockmap
Completes without issue. The next part is running the signmasscript.sh file, which does complete but gives these errors:
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
productbuild: Adding component at /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/dist/mas/RenderTune.app
productbuild: Signing product with identity "3rd Party Mac Developer Installer: Martin Barker (LV6WXG529F)" from keychain /Users/martinbarker/Library/Keychains/login.keychain-db
productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/RenderTune.pkg
productbuild: Supported OS versions: [10.10.0, )
The final output RenderTune.pkg file gives 22 error messages saying `` when I try to deliver it via the mac os transport app.
Asset validation failed (90284)
Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile
Is my app even being signed correctly? Or is there just one file that I need to fix? Please help me out !
Post not yet marked as solved
I am using TapToPay with stripe it is working fine on the development mode but when i try to create build for app store it shows 2 errors.
I am having trouble with my Team/Bundle Identifier and the iOS box right under it in Signing & Capabilities. I went and tried to add my device to the apple developer website but it was already logged in. If anyone can help me that would be most appreciated.
Post not yet marked as solved
General:
DevForums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements
Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities.
Developer > Support > Certificates covers some important policy issues
Entitlements documentation
TN3125 Inside Code Signing: Provisioning Profiles — This includes links to other technotes in the Inside Code Signing series.
WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing
Certificate Signing Requests Explained DevForums post
--deep Considered Harmful DevForums post
Don’t Run App Store Distribution-Signed Code DevForums post
Resolving errSecInternalComponent errors during code signing DevForums post
Finding a Capability’s Distribution Restrictions DevForums post
Signing code with a hardware-based code-signing identity DevForums post
Mac code signing:
DevForums tag: Developer ID
Creating distribution-signed code for macOS documentation
Packaging Mac software for distribution documentation
Placing Content in a Bundle documentation
Embedding Nonstandard Code Structures in a Bundle documentation
Embedding a Command-Line Tool in a Sandboxed App documentation
Signing a Daemon with a Restricted Entitlement documentation
Defining launch environment and library constraints documentation
WWDC 2023 Session 10266 Protect your Mac app with environment constraints
TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference.
Manual Code Signing Example DevForums post
The Care and Feeding of Developer ID DevForums post
TestFlight, Provisioning Profiles, and the Mac App Store DevForums post
For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Post not yet marked as solved
I'm not able to run my app on my device as Xcode is unable to create a provisioning profile for my app without the paid developer membership.
I followed the troubleshooting steps on stack overflow here but to no avail.
Any help?
Post not yet marked as solved
Hello everyone,
I was added to an organization account, and I was given app owner access. I can see the created app on my dashboard, but I can access it on my XCode. I can only see my Personal team
Here's the screenshot below:
I can't see the team I was added to because that was where the app was created.
Here's the app on my dashboard
Can anyone help please?
Thanks in advance
Post not yet marked as solved
I've installed the same developer certificate onto three different Macs.
When viewed in the keychain (or in Xcode) on one Mac it says its revoked, on another it says its not trusted, but on a third there's no issue reported.
How could there be a difference between the three Macs?
(Both Macs have the date/time set to be the same).
Can 3rd party software, VPNs etc. interfere in this at all?
Post not yet marked as solved
I am having a very weird issue with Xcode 15.0.1. If you are running an app that was built with XCode 14 and install the new version of the app with XCode 15 it works fine.
If you delete the XCode 14 build of the app, and install the XCode 15 build of the app you get "This app cannot be installed because its integrity could not be verified" error message on launching the app.
Then when we rebuild the app again with XCode 14 the app works fine with no issues.
I have tried multiple solutions that I have found on various forums, but with no luck.
Anyone have any suggestions on how to fix this issue.
Post not yet marked as solved
Hello everyone,
Due to a change in our development team we had to revoke some certificates and regenerate new one. I have generated a Development Mobile profile including needed certificates etc. Also, in Xcode 15 i have disabled "automatically manage signing" and everything look okay as I can see the generated provisioning profile, my team, my certificate etc. Build is working correctly. We are using App Center as a CI to build/archive.. our iOS app.
During the last step of the archive export I have the following error which I cannot resolve :
[command]/usr/libexec/PlistBuddy -c Print CFBundleIdentifier /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive/Products/Applications/OurStagingApp.app/Info.plist
com.OurStagingDomain.OurStagingApp
[command]/usr/libexec/PlistBuddy -c Add provisioningProfiles:com.OurStagingApp.OurStagingApp string toktokdoc provisioning profile development _XcodeTaskExportOptions.plist
[command]/usr/bin/xcodebuild -exportArchive -archivePath /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive -exportPath /Users/runner/work/1/output/build/export/_XcodeTaskExport_OurStagingApp -exportOptionsPlist _XcodeTaskExportOptions.plist
2024-02-08 14:21:05.218 xcodebuild[18640:56463] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/r0/ztvld9wd66bfpv_g6h3ksl000000gn/T/OurStagingApp_2024-02-08_14-21-05.213.xcdistributionlogs".
2024-02-08 14:21:05.370 xcodebuild[18640:56463] [MT] IDEDistribution: -[IDEDistributionMethodManager orderedDistributionMethodsForTask:archive:logAspect:]: Error = Error Domain=IDEDistributionMethodManagerErrorDomain Code=2 "Unknown Distribution Error" UserInfo={NSLocalizedDescription=Unknown Distribution Error}
error: exportArchive: exportOptionsPlist error for key "method": expected one of {}, but found development
Error Domain=IDEFoundationErrorDomain Code=1 "exportOptionsPlist error for key "method": expected one of {}, but found development" UserInfo={NSLocalizedDescription=exportOptionsPlist error for key "method": expected one of {}, but found development}
** EXPORT FAILED **
##[error]Error: /usr/bin/xcodebuild failed with return code: 70
I tried to regen certificates, regen provisioning profile, use automatically signed..
Also this is the logs of the last working build :
DEV PROV PROFILE TokTokDocRCX
[command]/bin/rm -f _xcodetasktmp.plist
[command]/usr/libexec/PlistBuddy -c Print CFBundleIdentifier /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive/Products/Applications/OurStagingApp.app/Info.plist
com.OurDomain.OurStagingApp
[command]/usr/libexec/PlistBuddy -c Add provisioningProfiles:com.OurDomain.OurStagingApp string DEV PROV PROFILE TokTokDocRCX _XcodeTaskExportOptions.plist
[command]/usr/bin/xcodebuild -exportArchive -archivePath /Users/runner/work/1/output/build/archive/OurStagingApp.xcarchive -exportPath /Users/runner/work/1/output/build/export/_XcodeTaskExport_OurStagingApp -exportOptionsPlist _XcodeTaskExportOptions.plist
2023-08-02 11:20:01.234 xcodebuild[19044:64264] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/cn/nkrr6l5n0jz01kq9jbtb9tg00000gn/T/OurStagingApp_2023-08-02_11-20-01.233.xcdistributionlogs".
Exported OurStagingApp to: /Users/runner/work/1/output/build/export/_XcodeTaskExport_OurStagingApp
** EXPORT SUCCEEDED **
I have replaced some logs with "OurStagingApp".
Also when trying to build the archive via xcode 15 the button validate is disabled.
In my podfile:
target.build_configurations.each do |config|
config.build_settings['ENABLE_BITCODE'] = 'NO'
config.build_settings['CODE_SIGNING_ALLOWED'] = 'NO'
config.build_settings['IPHONEOS_DEPLOYMENT_TARGET'] = '14.0'
config.build_settings['BUILD_LIBRARY_FOR_DISTRIBUTION'] = 'YES'
config.build_settings['SKIP_INSTALL'] = 'NO'
end
Thanks for your help
Post not yet marked as solved
I've tried to implement the steps suggested for configuring code signing https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development on runners
However, I could not sign my app build when I was using Virtual Runner.
Is it a limitation coming from the Apple virtualization framework restriction (for signing in with Apple ID), or did I miss some configuration for Xcode?
I was trying both manual and automatic signing but never succeeded (
Post not yet marked as solved
Learn how code signing uses certificates to identify code authors.
View Technote TN3161 >
Hi all,
I've spent 3 of my 'coding-time' sessions already on trying to figure this one out. But I wasn't successful. I'm a hobby dev, so not too experienced with signing of anything code-wise. So time to head to the forums for help.
My SwiftUI app runs fine on the simulator. My app also runs fine when downloaded from the store. But I cannot:
Build the item from Xcode to my new iPhone 15
Build and distribute an archive, so that I can release a new version of my app
What I did so far:
Removed and reinstalled my Pods via Terminal
Removed and reinstalled my packages through Xcode
Removed trusted devices from my iPhone
Removed trusted devices from my Macbook
Added my new iPhone to my Apple Developer account via https://developer.apple.com/account/resources/devices/list
Removed my old iPhone
Restarted everything at least 5 times
I keep getting this error after building, but immediately upon installing:
Failed to install the app on the device.
Domain: com.apple.dt.CoreDeviceError
Code: 3002
User Info: {
DVTErrorCreationDateKey = "2023-10-16 11:47:42 +0000";
IDERunOperationFailingWorker = IDEInstallCoreDeviceWorker;
NSURL = "file:///Users/jorritgernaat/Library/Developer/Xcode/DerivedData/WalkApp-fukevcszpwufbzavuluhlbvhsaaa/Build/Products/Debug-iphoneos/WalkApp.app/";
}
--
Paaltjesroutes moet worden bijgewerkt
Domain: IXUserPresentableErrorDomain
Code: 17
Failure Reason: Deze app moet door de ontwikkelaar worden bijgewerkt om te kunnen werken met deze iOS-versie.
Recovery Suggestion: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.UleUN5/extracted/WalkApp.app/Frameworks/FirebaseFirestore.framework : 0xe8008029 (The code signature version is no longer supported.)
--
Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.UleUN5/extracted/WalkApp.app/Frameworks/FirebaseFirestore.framework : 0xe8008029 (The code signature version is no longer supported.)
Domain: MIInstallerErrorDomain
Code: 13
User Info: {
FunctionName = "+[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]";
LegacyErrorString = ApplicationVerificationFailed;
LibMISErrorNumber = "-402620375";
SourceFileLine = 78;
}
--
Event Metadata: com.apple.dt.IDERunOperationWorkerFinished : {
"device_isCoreDevice" = 1;
"device_model" = "iPhone15,4";
"device_osBuild" = "17.0.3 (21A360)";
"device_platform" = "com.apple.platform.iphoneos";
"dvt_coredevice_version" = "348.1";
"dvt_mobiledevice_version" = "1643.2.4";
"launchSession_schemeCommand" = Run;
"launchSession_state" = 1;
"launchSession_targetArch" = arm64;
"operation_duration_ms" = 1864;
"operation_errorCode" = 17;
"operation_errorDomain" = "com.apple.dt.CoreDeviceError.3002.IXUserPresentableErrorDomain";
"operation_errorWorker" = IDEInstallCoreDeviceWorker;
"operation_name" = IDERunOperationWorkerGroup;
"param_debugger_attachToExtensions" = 0;
"param_debugger_attachToXPC" = 1;
"param_debugger_type" = 3;
"param_destination_isProxy" = 0;
"param_destination_platform" = "com.apple.platform.iphoneos";
"param_diag_MainThreadChecker_stopOnIssue" = 0;
"param_diag_MallocStackLogging_enableDuringAttach" = 0;
"param_diag_MallocStackLogging_enableForXPC" = 1;
"param_diag_allowLocationSimulation" = 1;
"param_diag_checker_tpc_enable" = 1;
"param_diag_gpu_frameCapture_enable" = 0;
"param_diag_gpu_shaderValidation_enable" = 0;
"param_diag_gpu_validation_enable" = 0;
"param_diag_memoryGraphOnResourceException" = 0;
"param_diag_queueDebugging_enable" = 1;
"param_diag_runtimeProfile_generate" = 0;
"param_diag_sanitizer_asan_enable" = 0;
"param_diag_sanitizer_tsan_enable" = 0;
"param_diag_sanitizer_tsan_stopOnIssue" = 0;
"param_diag_sanitizer_ubsan_stopOnIssue" = 0;
"param_diag_showNonLocalizedStrings" = 0;
"param_diag_viewDebugging_enabled" = 1;
"param_diag_viewDebugging_insertDylibOnLaunch" = 1;
"param_install_style" = 0;
"param_launcher_UID" = 2;
"param_launcher_allowDeviceSensorReplayData" = 0;
"param_launcher_kind" = 0;
"param_launcher_style" = 99;
"param_launcher_substyle" = 8192;
"param_runnable_appExtensionHostRunMode" = 0;
"param_runnable_productType" = "com.apple.product-type.application";
"param_structuredConsoleMode" = 1;
"param_testing_launchedForTesting" = 0;
"param_testing_suppressSimulatorApp" = 0;
"param_testing_usingCLI" = 0;
"sdk_canonicalName" = "iphoneos17.0";
"sdk_osVersion" = "17.0";
"sdk_variant" = iphoneos;
}
--
System Information
macOS Version 14.0 (Build 23A344)
Xcode 15.0 (22265) (Build 15A240d)
Timestamp: 2023-10-16T13:47:42+02:00```
It seems to somehow involve Firebase, but that can also be because that's simply the only 3rd party stuff I use.
Help me get back to writing code and shipping app updates :)
Post not yet marked as solved
It requires a provisioning profile, and while I have one, I cannot select it within Signing & Capabilities since it is empty.
On blank projects it works as intended, but whenever the Unity stuff gets imported, it just disappears entirely, making it impossible to export Unity Titles to visionOS.
Post not yet marked as solved
I'm experiencing an issue while attempting to create a provisioning profile for push notifications. But I can clearly see that the push notification service is enabled for the new provisioning profile. However it still shows error.
Post not yet marked as solved
Hi,
I successfully developed a key storage provider (KSP) under Windows that allows me to digitally sign from 3rd party application (typically Acrobat Reader but not only).
Now I'm trying to port the key storage provider to macOS, but I cannot find an equivalent technology under this OS.
I've tried different solutions:
API hooking/method swizzling/dll interposing: It doesn't look officially supported plus easily blockable (with hardened runtime);
Endpoint security framework: It looks basically for watch-only purposes plus minimal blocking capabilities;
Is there any supported way to implement a KSP macOS equivalent?
Any suggestion?
Something else to explore?
Thanks a lot,
max
Lumpy Gravy.
