It requires a provisioning profile, and while I have one, I cannot select it within Signing & Capabilities since it is empty. On blank projects it works as intended, but whenever the Unity stuff gets imported, it just disappears entirely, making it impossible to export Unity Titles to visionOS.

I'm experiencing an issue while attempting to create a provisioning profile for push notifications. But I can clearly see that the push notification service is enabled for the new provisioning profile. However it still shows error.

Hi, I successfully developed a key storage provider (KSP) under Windows that allows me to digitally sign from 3rd party application (typically Acrobat Reader but not only). Now I'm trying to port the key storage provider to macOS, but I cannot find an equivalent technology under this OS. I've tried different solutions: API hooking/method swizzling/dll interposing: It doesn't look officially supported plus easily blockable (with hardened runtime); Endpoint security framework: It looks basically for watch-only purposes plus minimal blocking capabilities; Is there any supported way to implement a KSP macOS equivalent? Any suggestion? Something else to explore? Thanks a lot, max

Hello everyone I tried to upload my playground app via Xcode to AppStore Connect. Unfortunately it didn’t worked. I tried everything what the error suggested me to do. But its still not working. Has anyone ever encountered this error?

Hello all professions, I'm now facing an problem with distribution certification expiration for the enterprise account. We're using enterprise account for publishing some internal apps for our organization without uploading to AppStore but by other platforms, but both cert and profile have 1 year expiration and now it's about to expire. So we're going to extend the app expiration date now. Read some articles that the best practice is renewing cert before it expired, for some reasons that we CANNOT add new certifications if we're not revoking any of existing certs, so what we are going to do is: We will revoke the cert first let's say certA, and then create a new cert with all configurations as same as certA let's say certB and then distribute new app version by certB. If we're going to do so, then the question comes: Will the existing installed apps distributed by certA still available? (if it has couple months to be expired for certA) Continue with question1, if no, all existing apps will not be available anymore, then what's the best practice for us to manage certs and app for the users without cert renewing downtime? Will there be any issue if we user another cert let's say certC just create now to distribute new app version without revoking current certA? such as it will be recognized a brand new app, etc thanks all

Hello, I build my app on Unity 2021 using the service Unity Cloud Build. I enabled iCloud key-value storage and it correctly show up in the entitlement file. Whenever I try to make a cloud save, Unity Logs says that the process was successful but it didn't save anything on the cloud. I had a look to the logs on my device and I found this strange error: cloudd(CloudKitDaemon)[804] <Error>: Identity set <private> was expected to have a current key set <private>. Error Domain=securityd Code=-25300 UserInfo={NSLocalizedDescription=<private>} cloudd(CloudKitDaemon)[804] <Error>: Identity set <private> does not have a current key set. Not using it. cloudd(CloudKitDaemon)[804] <Error>: Didn't get a service identity from the PCS framework I searched online but I couldn't find anything informative. Any suggestions?

After updating the os to iOS17 beta, not able to install the enterprise app through ipa, it throws error Error installing '//Downloads/-Internal-Appstore-23.6.5-1.ipa', ERROR: Error Domain=com.apple.dt.CoreDeviceError Code=3002 "Failed to install the app on the device." UserInfo={NSUnderlyingError=0x600019bcc750 {Error Domain=com.apple.dt.CoreDeviceError Code=3000 "The item at -Internal-Appstore-23.6.5-1.ipa is not a valid bundle." UserInfo={NSURL=file:////Downloads/-Internal-Appstore-23.6.5-1.ipa, NSLocalizedDescription=The item at -Internal-Appstore-23.6.5-1.ipa is not a valid bundle., NSLocalizedFailureReason=Failed to read the bundle.}}, NSLocalizedDescription=Failed to install the app on the device., NSURL=file:///Downloads/-Internal-Appstore-23.6.5-1.ipa} Kindly update on this. Do any code side changes have to be done for this to fix these issue?

We are using an iPhone app distributed as an AdHoc app, but an error message saying "App cannot be verified" was displayed. The error screen says, "Internet connection is required to verify the credibility of developer "Apple Distribution:●●●● CO.,LTD.(QQQ29B8GG2)"." When using this app, We are connected to the LAN, but not connected to the Internet. If you temporarily connect to the Internet and start the app when the error screen appears, the error screen will disappear. After that, when I switched from connecting to the Internet to connecting to LAN, it worked normally for a while, but after about 2 months, the same error screen appears again. Please tell me how to resolve this error.

I want to build a CLI tool (using SwiftPM - without XCode) to read the contacts on my mac. The end goal is to use the notes field or maybe custom fields to build a simple CRM (customer relationship tool) to keep track of some things. It especially means reading the NOTE field, and also writing it back. But... as mentioned on com.apple.developer.contacts.notes | Apple Developer Documentation reading the note field requires the com.apple.developer.contacts.notes. How do I do that? If it runs locally only on my machine I am happy. I wrote an entitlements.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.contacts.notes</key> <true/> </dict> </plist> And do # build swift build --configuration release --disable-sandbox --arch arm64 Building for production... [2/2] Linking contacts Build complete! (0.29s) #sign codesign --sign - --entitlements entitlements.plist --deep .build/release/contacts --force .build/release/contacts: replacing existing signature But upon running, I get: ./.build/release/contacts fish: Job 1, './.build/release/contacts' terminated by signal SIGKILL (Forced quit) Without signing I get: *** Terminating app due to uncaught exception 'CNPropertyNotFetchedException', reason: 'A property was not requested when contact was fetched.' *** First throw call stack: ( 0 CoreFoundation 0x000000018b1cc570 __exceptionPreprocess + 176 1 libobjc.A.dylib 0x000000018acbdeb4 objc_exception_throw + 60 2 CoreFoundation 0x000000018b1cc460 +[NSException exceptionWithName:reason:userInfo:] + 0 3 Contacts 0x000000019f8f9b74 -[CNContact note] + 152 4 contacts 0x0000000104879e04 $s8contacts3CliV3runyyKF + 436 5 contacts 0x000000010487a0c8 $s8contacts3CliV14ArgumentParser15ParsableCommandAadEP3runyyKFTW + 12 6 contacts 0x000000010487a160 contacts_main + 96 7 dyld 0x000000018acf90e0 start + 2360 ) libc++abi: terminating due to uncaught exception of type NSException fish: Job 1, './.build/release/contacts' terminated by signal SIGABRT (Abort) I am new to Swift and SwiftPM and the world of code signing. I currently am NOT a member of the Apple Developer program but if needed I am (reluctantly) willing to pay 99$ to be able to sign/notarize/.. but since the goal is to only run it for myself I hppe there is a way to self-sign. Do I need so sign my cli? Is it even possible to codesign command line tools (i've seen comments that it is not)? How would I do that? What am I missing? Cheers, Oliver

I'm working on a macOS app that uses a JSContext and I want to debug it with the Safari Web Inspector. According to Session 402 at WWDC 2016 the following entitlement is required: <key>com.apple.webinspector.allow</key> <true/> This is easy enough to add, but it causes the app to crash at launch with a code signing issue. The console shows that taskgated-helper is reporting just before the crash: Unsatisfied entitlements: com.apple.webinspector.allow For anyone who finds this, here's what you need to know: https://webkit.org/blog/13936/enabling-the-inspection-of-web-content-in-apps/ Basically, there's now a inspectable property on both the WKWebView and JSContext. Unfortunately, there's no mention of the old entitlement in the WebKit blog post, so it's impossible for folks using the old technique to find. Hopefully this post will bridge this gap. It also might be something for @eskimo to add to his (always helpful) code signing documentation. -ch

I have a strange problem and I don't know what's causing it A year ago, I purchased this account and created a certificate and it was working successfully, but its time expired on 1/8/2024, and I want to create a new one in order to update my applications. So I went to create a new certificate of type (iOS Distribution) and it was downloaded successfully, and when I called it in the (Keychain access) program in order to convert it to (.P12) instead of (.cer). But the program refuses to recall it, and I choose the (Local Item) section. thus : But when the file is dragged or double-clicked while I am standing in the (Login) section, the certificate is summoned successfully, and here the real problem begins. It is assumed that in order for me to convert the certificate from (cer) to (p12), there must be an arrow next to the certificate so that the key appears so that it can be pressed. Right-click, then we choose Export, and then we choose (p12). This happens because there is no arrow next to the certificate, and also when I By clicking on the certificate to export it, I am not allowed to choose (p12). How can I convert the file successfully because I want to update my applications, which is very important.

I’m developing this tvOS app, and it builds and runs fine locally in Simulator. However, when I do Product > Archive (so I can upload it to app store later), it fails with error in the screenshot. Looks like Xcode is trying to sign the app with a certificate, but could not find a valid profile to do so. Since I don't have a physical Apple TV device, I'm unable to add an Apple TV to the Devices list on developer.apple.com, thus unable to create a profile. Is the any way around this issue to archive my tvOS app?

Hello, What is the key for In-App Purchases entitlement I can add to my app.entitlements file in my project, so that I can autonomously enable the In-App Purchase capability? I have searched far a wide for this, however, it's unclear where it can be located. I know I can enable this capability manually by opening Xcode -> Selecting the "Signing & Capabilities" tab -> selecting "+ Capability" -> selecting "In-App Purchase" capability. However, this is not really an ideal solution for adding the capability to my app, especially when automated processes for building, testing, distributing via CI/CD are integrated. It would beneficial to be able to reference some documentation or resources for enabling capabilities (or any other build settings) autonomously in a project as opposed to having to manually click my way through enabling them. Looking forward to hearing back. Thanks!

I recently built an update to one of our apps, which installs a driver extension. The new version won't launch on my Mac, Finder says it "can't be opened". I captured the logs, which say "no matching profile found": error 2024-01-10 14:36:03.306061 -0800 taskgated-helper <app-bundle-id>: Unsatisfied entitlements: com.apple.developer.system-extension.install, com.apple.developer.team-identifier info 2024-01-10 14:36:03.306279 -0800 amfid Requirements for restricted entitlements failed to validate, error -67671, requirements: '<private>' error 2024-01-10 14:36:03.306287 -0800 amfid Restricted entitlements not validated, bailing out. Error: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=<private>, unsatisfiedEntitlements=<private>, NSLocalizedDescription=No matching profile found} default 2024-01-10 14:36:03.306432 -0800 amfid /Applications/<app-bundle-id>/Contents/MacOS/<app-name> not valid: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=file:///Applications/C<escaped-app-name>/, unsatisfiedEntitlements=<CFArray 0x14f3041d0 [0x1dd7d39a0]>{type = immutable, count = 2, values = ( 0 : <CFString 0x14f3055a0 [0x1dd7d39a0]>{contents = "com.apple.developer.system-extension.install"} 1 : <CFString 0x14f304130 [0x1dd7d39a0]>{contents = "com.apple.developer.team-identifier"} )}, NSLocalizedDescription=No matching profile found} default 2024-01-10 14:36:03.306514 -0800 kernel AMFI: bailing out because of restricted entitlements. default 2024-01-10 14:36:03.306523 -0800 kernel mac_vnode_check_signature: /Applications/<app-bundle-id>/Contents/MacOS/<app-name>: code signature validation failed fatally: When validating /Applications/<app-bundle-id>/Contents/MacOS/<app-name>: Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: com.apple.developer.system-extension.installcom.apple.developer.team-identifier The thing is, when I run this command codesign -v -vvv <path-to-app> the app is valid on disk and satisfies its Designated Requirement and these two commands: codesign --display --entitlements - security cms -D -i <path-to-app>/Contents/embedded.provisionprofile when run against the old app (which works) and the new app (which doesn't) have absolutely identical outputs. The certificates haven't expired yet. Where else should we be looking to figure out where we've messed up? We know we changed the signing and notarization flow; the working build was made by a person using Xcode, the new app was built, signed and notarized using the command line tools (xcodebuild and notarytool).

We have one enterprise app and for which Provisioning profile got expired and all our user's app stop working. We haven't received any reminder mail from Apple to update the Provisioning profile. We used to get the reminder mail before expiry of any Apple certificate. What is the solution for this? Do we need to manually keep track for Provisioning profile expiry?

I'm working on this project for the first time in a while, so I'm not sure if this issue started with Xcode 15 or what, but now when I run my UI tests I get the warning "“MyAppUITests-Runner” is from an unidentified developer and differs from previously opened versions. Are you sure you want to open it?" Code signing identity for the UITest target is set to "sign to run locally". Changing it to "Apple Development" doesn't help, and neither did a clean build. How do I need to configure it to eliminate the warning?