Codesigned and notarized app cannot directly write files inside the app bundle (neither in my.app/Contents/Resources/ nor my.app/Contents/MacOS/).
Are there any restrictions regarding this? Is there a way to bypass these restrictions?
Here is the situation I encountered:
The main app contains several sub-apps and sub-executables.
When the main app calls the sub-apps or sub-executables, it can write files within the app bundle, but when executed directly, it cannot write files.
The app is usually opened using the GUI, and when using the command line, neither the main app nor the sub-apps/sub-executables can write files within the app bundle.
My codesigning environment is:
Sonoma 14.0 on mac mini M1.
I manually sign the app directly using the codesign command in CI instead of using Xcode.
The process will traverse all of the files and sub-apps in the app folder and sign them from the deepest paths to the shallowest paths.
I also tried applying this process to other applications, but all of them encountered the same issue of failing to write files.
The app should not be sandboxed (I did not add sandbox entitlements).
I have tried adding the entitlement com.apple.security.files.user-selected.read-write, but this has not resolved the issue.
General
RSS for tagDemystify code signing and its importance in app development. Get help troubleshooting code signing issues and ensure your app is properly signed for distribution.
Post
Replies
Boosts
Views
Activity
I have an app Arpeggio.app which I build and then sign without errors: "electron-osx-sign dist/mac-arm64/Arpeggio.app --identity="Developer ID Application: XXXX (XXXXXX)" --hardened-runtime --no-gatekeeper-assess --entitlements=entitlements.plist".
It returns "Application signed: dist/mac-arm64/Arpeggio.app".
I then use "/usr/bin/ditto -c -k --sequesterRsrc --keepParent src dst" to make a zip with the same signatures.
I then submit the zip for notarization: "xcrun notarytool submit dist/mac-arm64/Arpeggio.zip --apple-id XXXX etc"
which returns "Waiting for processing to complete.
Current status: Accepted..............
Processing complete
id: ***-***-xx-xx
status: Accepted".
Then I staple the notarization to the app and get "The staple and validate action worked!". Now it shows all validated and that the notarization is stapled. I then run "spctl --assess --type execute -vv 'dist/mac-arm64/Arpeggio.app'" as a last check and always get this:
dist/mac-arm64/Arpeggio.app: unknown error 99999=1869f
Why is this happening? I can't seem to debug the issue but out notarization and signing is always successful and the app works as expected. Pleas ehelp me get to the bottom of this.
I was able to setup a release test for an iOS app for distribution using a web server. It works perfectly fine for all the devices I registered for the deployment profile.
However every time I try to distribute a Unity based Vision Pro application using the same process for building the package and set up for distribution it does not work.
Safari only shows a message telling me:
"Cannot connect to ."
When trying to install the iOS app from the same server it shows the message "Do you want to install ?" and installation completes correctly.
My iOS is a simple hello world app generated by Xcode.
My Unity app is an AR app targeting com.apple.platform.xros.
According to documentation there should not be any difference in deployment profiles/signing for iOS apps vs. visionOS apps.
What am I doing wrong? Any hint is appreciated how to continue.
I am a developer, please send me the authentication code !
Hi all,
I have two apple accounts. Stupidly my project is written in Account A and my paid developer account is Account B. When I tried to archive and publish under Account A, it says "Team "*** (Personal Team)" is not enrolled in the Apple Developer Program". But when I add a team to Account B, "Command CodeSign failed with a nonzero exit code". I know it is not the code itself because it runs fine when I use Account A. Just couldn't publish.
Any advice? Many many thanks
Hi Team,
mac installer is crashing in macos15 after successfully installing. but it is working in below mac os versions.
.app file in successfully code signed and notarized.
crash logs is attahced, please check.
sh-2024-10-17-124323 2 1.ips
below is our entitlement.plist file for reference.
we are clueless what is causing issues in macos 15 as we are unable to luanch it post succesful installation.
please kind take a look into the logs attached and help us resolve the issues.
Thanks,
NareshG
Incremental builds using xcodebuild are very slow, around 3x slower when compared to the same build using Xcode.
Recently, I discovered that CODE_SIGNING_ALLOWED=NO" fixed the issue, but of course, I can't then run iOS app.
It seems like automatic signing using xcodebuild is somehow broken. Therefore, I think I could set CODE_SIGNING_ALLOWED=NO" and sign it manually later. However, I'm not sure how to do that.
I checked what Xcode does and it's:
/usr/bin/codesign --force --sign - --entitlements /Users/wkulik/Library/Developer/Xcode/DerivedData/XYZ-hblnhsksxjrctzekqmlevcflnsji/Build/Intermediates.noindex/XYZ.build/Debug-iphonesimulator/XYZ.build/XYZ.app.xcent --timestamp\=none --generate-entitlement-der /Users/wkulik/Library/Developer/Xcode/DerivedData/XYZ-hblnhsksxjrctzekqmlevcflnsji/Build/Products/Debug-iphonesimulator/XYZ.app
However, if I run xcodebuild with disabled signing I don't have XYZ.app.xcent required by this command.
I also tried:
codesign --force --deep --sign "Apple Development: John Snow (XYZ)" /Users/wkulik/Library/Developer/Xcode/DerivedData/XYZ-hblnhsksxjrctzekqmlevcflnsji/Build/Products/Debug-iphonesimulator/XYZ.app
but the app immediately terminates (the same way like when unsigned).
Could anyone help with that?
I found a post that submitted the same issue, but the solution was not made public. I didn't get a reply to my comment at the bottom of the post, so I'm pasting the content of the post here.
I am a developer working on iOS apps.
I would like to report an issue occurring in iOS 18 beta and iOS 18.1 beta.
Our company has two Enterprise accounts, and we are developing two apps:
A app / TeamId: ABCDEFG
B app / TeamId: HIJKLMN
When we distribute these apps, which have different TeamIds, and install them on a device running iOS 18 beta, both apps install successfully, but only one app will run.
(Other app crashed immediately after being launched.)
This issue does not occur on versions prior to iOS 18. I would like to know if this is a problem that will be resolved in future updates, or if it is a policy change.
We have a native ARM64 application. The application is a development environment and native compiler for the language Common Lisp. CL has a foreign function interface, which allows loading of .dylib files into CL and calling functions in them from CL. For this reason, we add certain entitlements. See below.
It is notarized and installed on macOS 14.7. When I run spctl on it I get this:
$ spctl --assess -v /Applications/AllegroCL64.app
/Applications/AllegroCL64.app: rejected (the code is valid but does not seem to be an app)
That’s before I run it. Which is odd because the app is notarized. When I run the app, it asks for a license file and installs it into /Applications/AllegroCL64.app/Contents/Resources/ and after that, the spctl shows this:
$ spctl --assess -v /Applications/AllegroCL64.app
/Applications/AllegroCL64.app: a sealed resource is missing or invalid
I assume the mere act of copying the license (a file called devel.lic which is a small text file) is causing this. Why does it say it “does not seem to be an app”?
This self-modification of the files in the Contents/Resources directory is a huge feature. We allow downloading of patches, which add features and fix bugs in the product. Is this going to be a problem, going forward? I don’t remember seeing this result from spctl before and I have a feeling it’s a new , due to tightening of security policies, etc.
All of this is quite worrying to us.
More details of the app:
$ codesign -vvvv mlisp
mlisp: valid on disk
mlisp: satisfies its Designated Requirement
$ codesign -d --entitlements - /Applications/AllegroCL64.app
Executable=/Applications/AllegroCL64.app/Contents/MacOS/AllegroCL64
[Dict]
[Key] com.apple.security.cs.allow-dyld-environment-variables
[Value]
[Bool] true
[Key] com.apple.security.cs.allow-jit
[Value]
[Bool] true
[Key] com.apple.security.cs.disable-library-validation
[Value]
[Bool] true
[Key] com.apple.security.get-task-allow
[Value]
[Bool] true
$
Other details:
The app was built with the Command Line tools version 2395 on macOS 12.x.
App is signed, notarized and stapled, I send that dmg file with file transfer tool, it can open correctly on other mac without any warning or error. However, if I send that dmg file through IM to the same mac, it will produces the "cannot check it for malicious software" error.
I check the transfered dmg with spctl -a -t open -vvv --context context:primary-signature MyApp.dmg, it show source=Notarized Developer ID; origin=***
How can I resolve this issue?
Hi our team is looking into feasibilities of appending customized data to personalized installer, so that we can make new users onboarding experience better. I did some investigations.
Append token data to xattr to a dmg, I went though this smoothly. I can successfully retrieve the data back, and the app can still be launched successfully. Want to make sure this doesn't require the dmg to be re-signed and re-notarized, and I didn't miss any steps in between
I created a fake simulation app try to sign and notarize. Signing the dmg seems to be successful, but when I notarize, it gave me back Invalid status. Is there anything wrong?
This is the signature:
Executable=/Users/myname/myname/poc/MySimulation.dmg
Identifier=MySimulation
Format=disk image
CodeDirectory v=20200 size=304 flags=0x0(none) hashes=1+6 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=e2a149614f6e0e3939db3a
4c762adda0e8c24
CandidateCDHashFull sha256=e2a149614f6e0e3939db3a3054adda0e8c24f597ddf4c4503cd27fb83821
Hash choices=sha256
CMSDigest=e2a149614f6e0e3939dba3054c62adda0e8c24f597ddf4c4503cd27fb83821
CMSDigestType=2
CDHash=e2a149614f6e0e39393a3054c762adda0e8c24
Signature size=4789
Authority=Apple Development: myId (someId)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Oct 14, 2024 at 3:46:08 PM
Info.plist=not bound
TeamIdentifier=W3TC3HXUZC
Sealed Resources=none
Internal requirements count=1 size=188
Do you have any other recommendations for us to append some data that doesn't break signing / notarization?
We are facing following message "A timestamp was expected but was not found" during codesign for following .dylib and .pkg and it cause notarization process failed.
We are facing this issue for last 3 days.
we have access for timestamp.apple.com and 17.0.0.0/8 and we didn't change firewall settings. We are facing this issue randomly and not for all time(scenario is 3:1).
We tried the below command to sign the package,
codesign --verbose --deep --force --timestamp --options=runtime --sign ""
Kindly let us know how to fix this probelm.
traceroute timestamp.apple.com
traceroute to timestamp.v.aaplimg.com (17.157.80.35), 64 hops max, 52 byte packets
....
10 17.0.9.19 (17.0.9.19) 185.693 ms
17.0.9.17 (17.0.9.17) 180.932 ms 189.060 ms
11 * * *
12 17.0.17.141 (17.0.17.141) 191.513 ms *
17.0.17.137 (17.0.17.137) 183.086 ms
13 * * *
14 * * *
There does not seem to be a way to code sign a PAM module so that an XPC service can verify the signature with setCodeSigningRequirement.
There should be a way to build a PAM module (dynamic Library ) so it can be code signed. Put in a bundle and code signing the bundle does not work .
Hi,
the documentation says that an application bundle for Mac OS X can have a Frameworks folder within Contents. Using a framework for console applications (no bundle) and GUI applications (bundle), I cannot load the console applications anymore on Ventura.
Prior to Ventora I have tested and ran both on Mojave or earlier - I am not sure.
To fix the issue, I have moved the frameworks within the application bundle to match the rpath for /Users/lothar/Library/Frameworks when I place the console into /Users/lothar/bin, the same rpath for application bundles works for those within the bin folder.
Can I publish an application bundle with that modified layout or do I have to expect getting problems and do rather a Symlink pointing from /Users/lothar/Frameworks to /Users/lothar/Library/Frameworks?
Thanks, Lothar
CodeSign /Users/abc007/Library/Developer/Xcode/DerivedData/App-fjztkcxqsstohgfvqdfnedgpwltj/Build/Intermediates.noindex/ArchiveIntermediates/App/InstallationBuildProductsLocation/Applications/App.app (in target 'App' from project 'App')
cd /Users/abc007/Documents/WorkSpace/RegulusIT/Release_Oct_2024/UI\ Backup/ios/App
Signing Identity: "Apple Development: Yatin Ghat (JS84GYN3O4)"
Provisioning Profile: "iOS Team Provisioning Profile: www.rightschool.net"
(bdc0759d-b9d0-4470-8e3f-b5b67d3c2586)
/usr/bin/codesign --force --sign 82C0E5904219E333688CE627A21522F732446038 --entitlements /Users/abc007/Library/Developer/Xcode/DerivedData/App-fjztkcxqsstohgfvqdfnedgpwltj/Build/Intermediates.noindex/ArchiveIntermediates/App/IntermediateBuildFilesPath/App.build/Release-iphoneos/App.build/App.app.xcent --generate-entitlement-der /Users/abc007/Library/Developer/Xcode/DerivedData/App-fjztkcxqsstohgfvqdfnedgpwltj/Build/Intermediates.noindex/ArchiveIntermediates/App/InstallationBuildProductsLocation/Applications/App.app
/Users/abc007/Library/Developer/Xcode/DerivedData/App-fjztkcxqsstohgfvqdfnedgpwltj/Build/Intermediates.noindex/ArchiveIntermediates/App/InstallationBuildProductsLocation/Applications/App.app: errSecInternalComponent
Command CodeSign failed with a nonzero exit code
When I try to launch my own Java app, I get the following error message.
xpcproxy exited due to OS_REASON_CODESIGNING | Launch Constraint Violation, error info: c[5]p[1]m[1]e[0], (Constraint not matched) launch type 3, failure proc [vc: 1]: /bin/bash
As far as I know, the failing process path is /bin/bash.
This issue is only happening on macOS Sequoia. The Java app works without any issue on MacOS Sonoma or any previous macOS versions. I did not make any changes, including launch constraints or any other settings. After updating to macOS Sequoia, I started getting this error and can no longer launch my app.
Thank you so much.
Hello,
We use automatic signing and Fastlane on our CI. Fastlane uses xcodebuild to create an archive.
xcodebuild -workspace ourApp.xcworkspace -scheme app-dev -destination generic/platform=iOS -archivePath app-dev.xcarchive -skipPackagePluginValidation -allowProvisioningUpdates -authenticationKeyID OurAppStoreConnectAuthKey -authenticationKeyIssuerID OurAppStoreConnectAuthKeyIssuerId -authenticationKeyPath /path/to/OurAppStoreConnectKey.p8 clean archive
All works fine, but ....
Why does Xcode 16 log out logged Apple ID and create a new every build? As a result, we have more and more Unknown Apple IDs in Xcode, and for each of them an error appears in log.
Error:
xcodebuild[3174:1804334] DVTDeveloperAccountManager: Failed to load credentials for 0A1DF15C-ETC-ETC: Error Domain=DVTDeveloperAccountCredentialsError Code=0 "Invalid credentials in keychain for 0A1DF15C-ETC-ETC, missing Xcode-Username" UserInfo={NSLocalizedDescription=Invalid credentials in keychain for 0A1DF15C-ETC-ETC, missing Xcode-Username}
Of course, the originally logged-in Apple ID has an error corresponding to his non-logged-in state.
xcodebuild[3174:1804334] DVTDeveloperAccountManager: Failed to load credentials for originally_logged-in_user: Error Domain=DVTDeveloperAccountCredentialsError Code=0 "Invalid credentials in keychain for originally_logged-in_user, missing Xcode-Token" UserInfo={NSLocalizedDescription=Invalid credentials in keychain for originally_logged-in_user, missing Xcode-Token}
Why does this happen and how can it be fixed? Why does Xcode 16 log out its logged Apple ID?
I would like to share my new project on an open source repository like GitHub. it need capabilities like iCloud. The problem is that I would prefer not have my appleid email being send to the open source repository. I saw that I can exclude files but I would be easier if the open source version had no Apple account associated with it.
how should I manage the open source version vs the App Store one.
Thank you
Hi Apple community,
many thanks in advance for your help.
My macOS app embeds a Python interpreter, compiled from source, including the Python executable and its associated libraries.
We have tried compiling the project with Xcode 16.0 and 16.1 beta 2 over MacOS Sequoia 15.0 and 15.1.
The project is 100% developed in Swift6.
This is how the project looks like:
SampleApp.app
SampleApp.app/Contents
SampleApp.app/Contents/MacOS
SampleApp.app/Contents/MacOS/SampleApp
SampleApp.app/Contents/MacOS/bin
SampleApp.app/Contents/MacOS/bin/python3.11
SampleApp.app/Contents/Resources
SampleApp.app/Contents/Resources/lib
SampleApp.app/Contents/Resources/lib/python3.11
SampleApp.app/Contents/Resources/Info.plist
Since we want to 'initially' distribute the app directly, Python binary is signed as follows:
codesign --deep --force --options runtime --timestamp --sign "$DEVELOPER_ID_APPLICATION" "$BINARY_PATH"
App entitlements contain the next entries:
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
The resulting app is signed with entitlements, notarised and stapled.
Once the app is running, we can see the next errors on Console:
Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={TCCDProcess: identifier=[IDENTIFIER]], pid=58826, auid=502, euid=502, binary_path=[PATH]}, requesting={TCCDProcess: identifier=com.apple.appleeventsd, pid=824, auid=55, euid=55, binary_path=/System/Library/CoreServices/appleeventsd},
Python process runs for some seconds and then the process disappears. We can not see any AMFI message on Console.
Then we add to Signing and Capabilities 'Apple Events' from Hardened Runtime section.
The resulting app gets signed, notarised and stapled, but when running we get only the next errors:
error 09:42:32.787744+0200 SampleApp Can't find or decode reasons
error 09:42:32.787832+0200 SampleApp Failed to get or decode unavailable reasons
Just in case it is relevant, this is how the app interacts with Python:
process.executableURL = URL(fileURLWithPath: [PATH_TO_PYTHON_BINARIE])
process.environment = environment
process.arguments = arguments
process.standardOutput = pipe
try process.run()
process.waitUntilExit()
We truly appreciate any guidance, help or advice.
Thanks!!
Hi Apple community,
many thanks in advance for your help.
My macOS app embeds a Python interpreter, compiled from source, including the Python executable and its associated libraries.
We have tried compiling the project with Xcode 16.0 and 16.1 beta 2 over MacOS Sequoia 15.0 and 15.1
This is how the project looks like:
SampleApp.app
SampleApp.app/Contents
SampleApp.app/Contents/MacOS
SampleApp.app/Contents/MacOS/SampleApp
SampleApp.app/Contents/MacOS/bin
SampleApp.app/Contents/MacOS/bin/python3.11
SampleApp.app/Contents/Resources
SampleApp.app/Contents/Resources/lib
SampleApp.app/Contents/Resources/lib/python3.11
SampleApp.app/Contents/Resources/Info.plist
Since we want to 'initially' distribute the app directly, Python binary is signed as follows:
codesign --deep --force --options runtime --timestamp --sign "$DEVELOPER_ID_APPLICATION" "$BINARY_PATH"
App entitlements contain the next entries:
&lt;key&gt;com.apple.security.app-sandbox&lt;/key&gt;
&lt;true/&gt;
&lt;key&gt;com.apple.security.files.downloads.read-write&lt;/key&gt;
&lt;true/&gt;
&lt;key&gt;com.apple.security.files.user-selected.read-only&lt;/key&gt;
&lt;true/&gt;
&lt;key&gt;com.apple.security.files.user-selected.read-write&lt;/key&gt;
&lt;true/&gt;
&lt;key&gt;com.apple.security.network.client&lt;/key&gt;
&lt;true/&gt;
&lt;key&gt;com.apple.security.network.server&lt;/key&gt;
&lt;true/&gt;
The resulting app is signed with entitlements, notarised and stapled.
Once the app is running, we can see the next error on Console:
Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={TCCDProcess: identifier=[IDENTIFIER]], pid=58826, auid=502, euid=502, binary_path=[PATH]}, requesting={TCCDProcess: identifier=com.apple.appleeventsd, pid=824, auid=55, euid=55, binary_path=/System/Library/CoreServices/appleeventsd},
Python process is not running, we can't see any AMFI message.
Next we added to Signing and Capabilities 'Apple Events' from Hardened Runtime section.
The resulting app gets signed, notarised and stapled, but when running we get only the next errors:
error 09:42:32.787744+0200 SampleApp Can't find or decode reasons
error 09:42:32.787832+0200 SampleApp Failed to get or decode unavailable reasons
Just in case it is relevant, this is how the app interacts with Python:
process.executableURL = URL(fileURLWithPath: [PATH_TO_PYTHON_BIN])
process.environment = environment
process.arguments = arguments
process.standardOutput = pipe
try process.run()
process.waitUntilExit()
We truly appreciate any guidance, help or advice.
Thanks!!