I am trying to export my AppleScript as an application and have enabled my developer ID to sign it. I, however, get an error the following error: Any ideas? Thank you and best regards, pd NOTE: macOS Sonoma 14.7.

Hello, I had app written in React Native using Expo. Now, I cleared up Expo from project, created new project, moved old source file to new project. Everything works fine. Now I want to publish new project using old bundle id to overwrite existing app, but I can't. What is problem? Is not permitted to do that? Maybe I need to provide something additionally? Thank you for helping.

Codesigned and notarized app cannot directly write files inside the app bundle (neither in my.app/Contents/Resources/ nor my.app/Contents/MacOS/). Are there any restrictions regarding this? Is there a way to bypass these restrictions? Here is the situation I encountered: The main app contains several sub-apps and sub-executables. When the main app calls the sub-apps or sub-executables, it can write files within the app bundle, but when executed directly, it cannot write files. The app is usually opened using the GUI, and when using the command line, neither the main app nor the sub-apps/sub-executables can write files within the app bundle. My codesigning environment is: Sonoma 14.0 on mac mini M1. I manually sign the app directly using the codesign command in CI instead of using Xcode. The process will traverse all of the files and sub-apps in the app folder and sign them from the deepest paths to the shallowest paths. I also tried applying this process to other applications, but all of them encountered the same issue of failing to write files. The app should not be sandboxed (I did not add sandbox entitlements). I have tried adding the entitlement com.apple.security.files.user-selected.read-write, but this has not resolved the issue.

I have an app Arpeggio.app which I build and then sign without errors: "electron-osx-sign dist/mac-arm64/Arpeggio.app --identity="Developer ID Application: XXXX (XXXXXX)" --hardened-runtime --no-gatekeeper-assess --entitlements=entitlements.plist". It returns "Application signed: dist/mac-arm64/Arpeggio.app". I then use "/usr/bin/ditto -c -k --sequesterRsrc --keepParent src dst" to make a zip with the same signatures. I then submit the zip for notarization: "xcrun notarytool submit dist/mac-arm64/Arpeggio.zip --apple-id XXXX etc" which returns "Waiting for processing to complete. Current status: Accepted.............. Processing complete id: ***-***-xx-xx status: Accepted". Then I staple the notarization to the app and get "The staple and validate action worked!". Now it shows all validated and that the notarization is stapled. I then run "spctl --assess --type execute -vv 'dist/mac-arm64/Arpeggio.app'" as a last check and always get this: dist/mac-arm64/Arpeggio.app: unknown error 99999=1869f Why is this happening? I can't seem to debug the issue but out notarization and signing is always successful and the app works as expected. Pleas ehelp me get to the bottom of this.

I recently completed an app transfer from one developer account to another (both controlled by me). The old team ID was GZS3K47B3Y, the new one is LRG5645LP7. Almost everything is working properly, but I am seeing that my iCloud Key-Value store (NSUbiquitousKeyValueStore) is no longer shared across my app and app extensions after the transfer. Previously, my app and app extensions all shared a single iCloud Key-Value store, and they could all read/write to the same iCloud synced store. This is no longer working after the app transfer. According to this support page (https://developer.apple.com/help/app-store-connect/transfer-an-app/overview-of-app-transfer): "If your app uses iCloud Key-Value Storage (KVS), the full KVS value will be embedded in any new provisioning profiles you create for the transferred app. Update your entitlements plist with the full KVS value in your provisioning profile." This seems to be the case for the main app, whose provisioning profile contains the full value: com.apple.developer.ubiquity-kvstore-identifier: GZS3K47B3Y.com.serpentisei.studyjapanese But the app extension's provisioning profile now contains: com.apple.developer.ubiquity-kvstore-identifier: LRG5645LP7.* Is there a way to update the app extension provisioning profile to also include the original identifier from before the transfer, so that I can continue to share iCloud KVS access across the app and extension? Thanks!

I was able to setup a release test for an iOS app for distribution using a web server. It works perfectly fine for all the devices I registered for the deployment profile. However every time I try to distribute a Unity based Vision Pro application using the same process for building the package and set up for distribution it does not work. Safari only shows a message telling me: "Cannot connect to ." When trying to install the iOS app from the same server it shows the message "Do you want to install ?" and installation completes correctly. My iOS is a simple hello world app generated by Xcode. My Unity app is an AR app targeting com.apple.platform.xros. According to documentation there should not be any difference in deployment profiles/signing for iOS apps vs. visionOS apps. What am I doing wrong? Any hint is appreciated how to continue.

After installing n application to my AppleTv I can't open it up. I get: This app cannot be installed because its integrity could not be verified.

Dear Support, I am trying to verify the installation of my macOS app via Test Flight. I have verified through code sign that it is properly signed and has all of the the required entitlements, including sandbox. The package uploaded successfully via Transporter, and the app installs with Test Flight. However, the app will not run. After numerous attempts, I discovered that the embedded.provisionprofile is missing from the Contents of the app bundle in the version that installs via Test Flight. If I install directly from the same PKG I uploaded to Transporter (that TestFlight is using for the build) I can verify that the embedded.provisionprofile is present. Why does uploading the PKG and installing through Test Flight result in the removal of the embedded provisioning file? Is this expected and/or could be another reason why my app is refusing to run? Much appreciated, ~Ross

Hello, I was trying to solve the error "Command CodeSign failed with a nonzero exit code" that occurs when I try to archive and publish my app. I realized the Team IDs on the Portal (To right corner next to my name eg "Pete Park - ABC1D2E334") and my Mac Keychain Acces (eg "Pete Park - XYZ9W8V776") do not match. The number on KeyChain Access, is that's a Team ID. (clueless self learner here) If yes, do they need to match? Any suggestion for the CodeSign error? Is "errSecInternalComponent" the error? Sorry if these questions are obvious or stupid. Thanks so much for any advice.

Hello everyone, We develop an app called Unite (bundle ID: com.BZG.Unite), which allows users to create standalone macOS applications from websites. These user-generated apps are based on a backend browser template called DefaultApp (bundle ID: com.bzg.default.app). Here's how our setup works: Unite and DefaultApp: Both are signed with our Developer ID and include necessary provisioning profiles and entitlements. User-Created Apps: When a user creates an app with Unite, it generates a customized version of DefaultApp with the user's chosen name and settings. These apps are ad-hoc signed upon creation to reflect their unique identity. Issue Since updating to macOS 15, every time a user launches a created app, they encounter a persistent prompt asking for permission to access files outside the app's container. Granting full disk access in System Preferences suppresses the prompt, but this is not a practical solution for end-users. Upon launching a user-created app (e.g., "ExampleTest"), the following prompt appears: This prompt appears on every launch of the app. Steps to Reproduce On a Mac running macOS 15, create a new app using Unite (e.g., "ExampleTest"). Launch the newly created app. Observe the prompt requesting access to files outside the app's container. Close and relaunch the app; the prompt appears again. What We Have Tried Given that our apps use an app group (group.BZG.unite.sharedData) to share data between Unite, DefaultApp, and user-created apps, we believe this is triggering the prompt due to changes in System Integrity Protection (SIP) in macOS 15. We are further confident given that if the user does not allow access, the app does launch, but shows an error indicating that the created app was unable to access the data that is typically in the shared group. Here’s a summary of our troubleshooting efforts: 1. Adjusting App Group Configuration Ensured the app group name aligns with Apple's guidelines, including prefixing with the Team ID (teamid.group.BZG.unite.sharedData). Verified that the app group is correctly declared in the com.apple.security.application-groups entitlement. 2. Provisioning Profile Creation Generated provisioning profiles via Xcode and the Developer Console, ensuring the app group entitlement is included. Applied the provisioning profile to the user-created app during code signing. Despite these efforts, the issue continues. 3. Entitlements and Code Signing Created an entitlements file for the user-created app, mirroring the entitlements from DefaultApp, including: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>id.com.BZG.ExampleTest</string> <key>com.apple.developer.team-identifier</key> <string>id</string> <key>com.apple.security.application-groups</key> <array> <string>id.group.BZG.unite.sharedData</string> </array> <key>com.apple.security.app-sandbox</key> <true/> </dict> </plist> Signed the user-created app with our Developer ID and the provisioning profile Verified the entitlements 4. Reviewing System Logs Observed error messages indicating unsatisfied entitlements: message: com.BZG.ExampleTest: Unsatisfied entitlements: com.apple.security.application-groups **5. Consulting Documentation and WWDC Sessions ** Referenced post on App Groups in macOS vs iOS. Reviewed the macOS 15 Release Notes regarding SIP and app group container protection. Watched WWDC 2024 Session 10123: What's new in privacy, starting at 12:23. Questions Is there a way to authorize the com.apple.security.application-groups entitlement in the provisioning profile for ad-hoc signed apps? Given the SIP changes in macOS 15, how can we enable our ad-hoc signed, user-generated apps to access the app group container without triggering the persistent prompt? Are there alternative approaches to sharing data between the main app and user-generated apps that comply with macOS 15's SIP requirements? Is there anything to try that we're missing here to solve this? Any guidance on how to resolve this issue or workarounds to allow app group access without triggering the prompt would be greatly appreciated. Thank you for your assistance!

Hello, We use GitHub actions to build, sign and notarize our app. Everything was working fine, but lately the notarization has been failing almost every time. Only about 10% of attempts are successful. We haven't made any changes to the signing and notarizing processes. Here is command we use xcrun notarytool submit app.zip --wait --apple-id *** --team-id *** --password *** > notarization_output.txt Here is the error /Users/runner/work/_temp/c0b6c8e4-86d1-4307-af86-43666fcf39c7.sh: line 1: 3158 Bus error: 10 xcrun notarytool submit app.zip --wait --apple-id *** --team-id *** --password *** > notarization_output.txt

I am a developer, please send me the authentication code !

Hi all, I have two apple accounts. Stupidly my project is written in Account A and my paid developer account is Account B. When I tried to archive and publish under Account A, it says "Team "*** (Personal Team)" is not enrolled in the Apple Developer Program". But when I add a team to Account B, "Command CodeSign failed with a nonzero exit code". I know it is not the code itself because it runs fine when I use Account A. Just couldn't publish. Any advice? Many many thanks

Hello All, I am trying to do my research, but wanted to ask for confirmation and clarification on a couple of points. We are currently developing and app for a client, we would like to distribute the ipa to them via our own site, rather than running through the app store upload. It's not going to be a public facing app. We used to have access to the Enterprise side of things, but this was removed when Apple added the minmum employees restriction. I'm assuming that we would need to use the Developer ID Application certificate? But I was also wondering if more than one person can have this certificate on their machines to create builds? I appreciate that these may be obvious to some, but I'm fairly new to signing apps etc. Thanks for your help.

When attempting to run a build script that is currently working for several other projects, the export fails and the IDEDistribution.verbose.log (see below) suggestion is to add a profile to the Export Options property list but as can be seen in the ExportOptions.plist text (see below), there is a profile for each of the three builds. XCode 16.0 MacOS 14.7 IDEDistribution.verbose.log below 2024-10-28 12:20:30 +0000 [MT] Step failed: <IDEDistributionSigningAssetsStep: 0x60000146e840>: Error Domain=IDEDistributionSigningAssetStepErrorDomain Code=0 "Locating signing assets failed." UserInfo={NSLocalizedDescription=Locating signing assets failed., IDEDistributionUnderlyingErrors=( "Error Domain=IDEProvisioningErrorDomain Code=9 ""QuickDelegateTestApp.app" requires a provisioning profile." UserInfo={IDEDistributionIssueSeverity=3, NSLocalizedDescription="QuickDelegateTestApp.app" requires a provisioning profile., NSLocalizedRecoverySuggestion=Add a profile to the "provisioningProfiles" dictionary in your Export Options property list.}" )} ExportOptions.plist below

Hey folks, I developed a DLP program based on Endpoint Security for the enterprise, and everything functioned normally. I also applied for the development permission of Endpoint Security before, which took 3 months. Now I want to distribute the software internally, so I tried to apply for a certificate for distribution permission. After waiting for 3 months, Apple told me that the permission was rejected. This is the replay content: Thank you for your interest in Endpoint Security. After carefulconsideration, we regret that we're unable to approve your request at this time. If you'd like to submit another request for this capability, please review andconfirm that your app details and justification meet the criteria before resubmittting. Rejecting duplicate request. Apple Developer Relations I don't know what's wrong, what should I do to get distribution or developer id permissions.

Hi, after 2 years of not updating my app on appstore i wanted to submit an update for my iOS app which also containts a watch app target. When i try to submit it to upload it i get the following errors: Failed registering bundle identifier The app identifier "(myappBundleID).watchkitapp" cannot be registered to your development team because it is nit available. Change your bundle identifier to a unique string to try again. No Profiles for "(myappBundleID).watchkitapp" were found. Xcode culdn't find any iOS App Store provisining profiles matching "(myappBundleID).watchkitapp" Since i have my app already in store with that bundle identifier i don't know why it can not be registered to my team. Also i don't want to change the bundle identifier because then i can not publish it as update to store.

I have a DriverKit system extension (dext) that uses PCIDriverKit. I would like to get the build environment straightened out to successfully distribute the dext and associated software to end users. There are three types of software involved: The Dext-hosting application - this is the application that must be installed to /Applications/, and will perform the registration of the dext. The dext is deployed "within" this application, and can be found in the /Contents/Library/SystemExtensions folder of the app bundle. The dext itself - this is the actual binary system extension, which will be registered by its owning application, and will operate in its own application space independent of the hosting application. Additional applications that communicate with the dext - these are applications which will connect to the dext through user clients, but these applications do not contain the dext themselves. There are multiple locations where settings need to be exactly correct for each type of software to be signed, provisioned, and notarized properly in order to be distributed to users: developer.apple.com - where "identifiers" and "provisioning profiles" are managed. Note that there are differences in access between "Team Agent", "Admin", and "Developer" at this site. Xcode project's Target "Signing & Capabilities" tab - this is where "automatically manage signing" can be selected, as well as team selection, provisioning profile selection, and capabilities can be modified. Xcode project's Target "Build Settings" tab - this is where code signing identity, code signing development team, code signing entitlements file selection, Info.plist options and file selection, and provisioning profile selection. Xcode's Organizer window, which is where you manage archives and select for distribution. In this case, I am interested in "Developer ID" Direct Distribution - I want the software signed with our company's credentials (Team Developer ID) so that users know they can trust the software. Choosing "automatically manage signing" does not work for deployment. The debug versions of software include DriverKit (development) capability (under App ID configuration at developer.apple.com), and this apparently must not be present in distributable provisioning. I believe this means that different provisioning needs to occur between debug and release builds? I have tried many iterations of selections at all the locations, for all three types of binaries, and rather than post everything that does not work, I am asking, "what is supposed to work?"

Here is the situation: We are shipping an application bundle which is submitted to the notarization service for approval. The application bundle adheres to the notarization standards and is approved. Problem: We need to ship a zip file inside this application. This zip file has all the files that are signed. Most of the files are signed by us. However there are some 3P zip files which are not signed by us. We would rather not open these 3P zip files as there might be SLAs involved here. As a result we end up with a zip file which contains mixed signatures. This zip file needs to be part of that application that needs to be notarized. Question: What is the best way to do this in order for the notarization service to approve the application and ship the zip file as part of the application? Note: We don't know if all the files inside the 3P zips are correctly signed (example: With Hardened Runtime). They are all signed though Also, when the zip files contents are laid out onto the customer machine, they are all signed and validated. However, some files might not have hardened runtime. Thanks in advance.

I have not been able to open any of my apps since I uploaded my latest update midOctober 2023. Previously I have tried everything on forums from removing derived data, adding new options in build folder and more. Since then I have wasted hours trying to open any app from my iCloud / hard disk and I wonder if part of the problem is caused by backing up to iCloud, as I can open from an external hard disk. It takes almost as long to upload from hard disk than cloud so whole thing annoying, does this add clues to this frustrating problem ? Also when I opened one of my apps it had made hundreds of unassigned assets that all had to be removed individually. I have no idea how to continue with my work I have three other apps in progress, but am halted at present but such a stupid small detail. // here is full commet /Users/ruwickigmail.com/Desktop/0-APPS-2023/InstaAnimates/InstaAnimates.xcodeproj: warning: Unable to find a target which creates the host product for value of $(TEST_HOST) '/Users/ruwickigmail.com/Desktop/0-APPS-2023/InstaAnimates/DerivedData/InstaAnimates/Index.noindex/Build/Products/Debug-maccatalyst/InstaAnimates.app/Contents/MacOS/InstaAnimates' (in target 'InstaAnimatesTests' from project 'InstaAnimates') My bundle ID is fine but it crashes on loading so may be due to something in signing but everything looks fine. I note that there are hundreds of enquiries on the forums, but most are unanswered. as this is an regular Xcode Apple problem and there are hundreds of people being put of continuing with their apps could the Apple team look into this please.