I'm using PyBind11 to allow use of Python code within my C++ application. The application links successfully, but on the py::module::import below:
LOGICAL WebServer::
CheckForPort()
{
EPython::Prepare();
auto socket = py::module::import("socket");
auto s = socket.attr("socket")(socket.attr("AF_INET"),socket.attr("SOCK_STREAM"));
if (s == Py_None)
return L_TRUE;
auto rc = s.attr("connect_ex")("localhost",8810);
//
// Returns zero if port in in use
//
return (rc.cast<int>() == 0);
}
I get a run-time error
libc++abi: terminating due to uncaught exception of type pybind11::error_already_set: ImportError: dlopen(/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so, 0x0002): tried: '/Users/Shared/Develop/IntelApps/WinTD 5/DerivedData/WinTDOSX/Build/Products/Debug/math.cpython-311-darwin.so' (no such file), '/usr/lib/system/introspection/math.cpython-311-darwin.so' (no such file, not in dyld cache), '/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so' (code signature in <855730B8-106D-389C-BF65-36A98463EDB5> '/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs),
I have no idea how to fix the code signature error---this is intended for distribution, so that presumably would be a file on the user's computer. I tried to link in the .so file, but that's a rabbit hole as there are a near endless set of further dependencies.
General
RSS for tagDemystify code signing and its importance in app development. Get help troubleshooting code signing issues and ensure your app is properly signed for distribution.
Post
Replies
Boosts
Views
Activity
When I make ipa by commond tools,Some errors have occurred.Has anyone encountered it before?
Ps:debug mode is ok,release mode is not ok.
error: exportArchive: Code signing "FBAEMKit.framework" failed.
Error Domain=IDEDistributionPipelineErrorDomain Code=0 "Code signing "FBAEMKit.framework" failed." UserInfo={NSLocalizedDescription=Code signing "FBAEMKit.framework" failed., NSLocalizedRecoverySuggestion=View distribution logs for more information.}
I am developing a mobile application with Delphi 11. I compiled the application using iOS SDK 17.5. I uploaded it to the Apple Store for testing and first tested it on an iPhone 7 (software version 15.7.1). The application worked smoothly. Later, I tested it on an iPhone 14 (software version 17.6.1) and an iPhone 11 (software version 18). On both of these devices, the application crashed before opening. Since the same application is available on the Apple Store, I downloaded it from there and saw that it worked fine on the last two devices. I thought that the SDK needed to be upgraded for newly compiled and submitted applications. However, in that case, it should have thrown an error when submitting the application to the Apple Store. I updated macOS and Xcode and upgraded to SDK 18. I also set SDK 18 in Delphi. When I compiled with these settings, I again saw that it worked normally on my first device, while the application crashed on the next two devices. Considering it could be an issue with a module in the application, I compiled a blank form by removing all permission requests for testing, but the result did not change. What can I do about this? Do you have any suggestions?
I need an OV certificate to code sign an Electron application. I was used to build in Jenkins the application oth for Windows and macOS using Electron-Forge (https://www.electronforge.io/guides/code-signing/code-signing-macos). To be more specific use XCode and Keychain to store the certificate.
Sadly, new certificate industry requirements will force me to use Azure Key Vaults (or other cloud HSM alternatives) to store the certificate.
I need to find a way to code-sign it for macOS from Azure Key Vaults or equivalent solutions.
Thank you
I got this error while compiling to macOS app on flutter, can anyone help this problem ?
error : replacing existing signature, resource fork, Finder information, or similar detritus not allowed
I am signing my app using this command:
codesign --verbose=4 --force --options=runtime --deep --timestamp --sign "${APP_IDENTITY}" "${APP_FILE}" --entitlements "./Protect.entitlements
I have ensured that the necessary provisioning profiles are embedded in the IPA file.
I am also verifying the signing using
codesign -dvv ./JumpCloud\ Protect\ Staging.ipa
and
codesign --verify --deep --verbose ./JumpCloud\ Protect\ Staging.ipa
Despite following the above steps, when I attempt to upload the IPA file to Transporter, I receive the following error message:
Missing or invalid signature. The bundle 'com.jumpcloud.JumpCloud-Protect.staging' at bundle path 'Payload/JumpCloud Protect Staging.app' is not signed using an Apple submission certificate.
Among the newest crash reports downloaded by Xcode for my App Store app there is one that contains a single thread, crashed at libsecinit_appsandbox.c, without any trace of my app name. What could possibly cause such a crash? Is this something related with app signing? The app has been on the App Store for a long time and this never happened to me.
Thread 0 Crashed:
0 libsystem_secinit.dylib 0x00000001941dcfcc _libsecinit_appsandbox.cold.12 + 60 (libsecinit_appsandbox.c:454)
1 libsystem_secinit.dylib 0x00000001941dbf94 _libsecinit_appsandbox + 1764 (libsecinit_appsandbox.c:454)
2 libsystem_trace.dylib 0x00000001872be598 _os_activity_initiate_impl + 64 (activity.c:131)
3 libsystem_secinit.dylib 0x00000001941db85c _libsecinit_initializer + 80 (libsecinit_initializer.c:17)
4 libSystem.B.dylib 0x00000001941f2664 libSystem_initializer + 280 (init.c:338)
5 dyld 0x00000001871fe608 invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const::$_0::operator()() const + 168 (Loader.cpp:2198)
6 dyld 0x000000018723cd6c invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 340 (MachOAnalyzer.cpp:2481)
7 dyld 0x0000000187230400 invocation function for block in dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 496 (MachOFile.cpp:1669)
8 dyld 0x00000001871df2fc dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 300 (MachOFile.cpp:1185)
9 dyld 0x000000018722f394 dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 192 (MachOFile.cpp:1628)
10 dyld 0x000000018723c880 dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 516 (MachOAnalyzer.cpp:2448)
11 dyld 0x00000001871fa53c dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 564 (Loader.cpp:2189)
12 dyld 0x00000001872042d4 dyld4::PrebuiltLoader::runInitializers(dyld4::RuntimeState&) const + 44 (PrebuiltLoader.cpp:818)
13 dyld 0x000000018721dcc0 dyld4::APIs::runAllInitializersForMain() + 84 (DyldAPIs.cpp:3889)
14 dyld 0x00000001871e4010 dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 3156 (dyldMain.cpp:891)
15 dyld 0x00000001871e2ef4 start + 1868 (dyldMain.cpp:1265)
Crash report
We have developed an electron app which we want to extend with an action extension. The action extension is written in swift in Xcode. Our plan was to build the .appex file and insert it into the PlugIns folder in our electron app, but I don't think this is the right way to do it?
If we insert the .appex file before notarization then we get an error that we are "replacing existing signature".
If we manually insert it after the notarization then we get an error with the app is damaged and can’t be opened.
Can anybody provide a procedure for this kind of merge I would imagine that it goes something like:
Sign app
Sign extension
Add extension to App
Notarize app
For signing the app we use electron-builder.
I'm working on an app that contains a USB Driver Kit extension for iPad (NOT MAC). The app contains two targets, the core app and the DriverKit extension target. I can run the app just fine using a dev cert and provisioning profile. ** What is the step-by-step process for signing the release build?** There seems to be no way to create a release profile for the Driver Kit target. I've tried multiple avenues, but come to a dead end on each. I have requested and received the correct entitlements.
Also, on a separate note, has anyone achieved this process using Fastlane? It seems particularly resistant to building the app with the driverkit extension, even for dev builds. It complains about the driverkit dev profile not being an iOS profile.
Thanks!
Hi,
I've developed an application which reside under /Applications.
Inside the main application bundle (/Applications/mainApp.app) there are sub-app that contain security extension. Here's the relevant path
/Applications/mainApp.app/Contents/Helpers/subApp.app/Contents/Library/SystemExtensions/com.myComp.type.systemextension/
So far I could load the extension by running the subApp and make sure it calls the extension activation API. but seems like starting from Sonoma (i'm using version 14.6.1 )it stopped working, and I get crash dump on signature failure which trying to open the subApp.app.
in the crash log I get reason of invalid code sign. I also get the following hints
Binary Images:
0x1050a0000 - 0x10512bfff dyld_path_missing (*) <f635824e-318b-3f0c-842c-c369737f2b68> /dyld_path_missing
0x104d9c000 - 0x104d9ffff main_executable_path_missing (*) <1df5f408-cb16-304f-8b38-226e29361161> /main_executable_path_missing
Is it possible that new OS version have new validation rule that enforce something about the location of the app that can start extensions ?
PLATFORM AND VERSION
macOS
Development environment: Other: Python
Run-time configuration: macOS 14.6.1
DESCRIPTION OF PROBLEM
We have created application using python and created .app using pyInstaller. We want to get the location access using python based application which we are trying to run on MacOS 14.6.1. Without including NSLocationUsageDescription in our info.plist, it is working fine but not getting location permission pop up. After including NSLocationUsageDescription in info.plist application got corrupted.
STEPS TO REPRODUCE
We are using below commands to sign the application
codesign --force -s "Developer ID Application: Pitney Bowes (72NX38Y9GF)" -v DeviceHub.app --deep --strict --options=runtime --entitlements ../info.plist DeviceHub.app
ditto -c -k --keepParent --rsrc --sequesterRsrc --arch 'x86_64' DeviceHub.app DeviceHub.zip
xcrun notarytool submit DeviceHub.zip --keychain-profile "DHAgentProfile" --wait
xcrun stapler staple DeviceHub.app
I first built WordPuzzleAids over 2 years ago. I built it on my MacBook Pro, using Xcode and Swift. The destination for the build was my iPhone. Two weeks ago, the app stopped working on the iPhone: I thought I might need to rebuild it on the on the MacBook and "re-deliver" it to the iPhone. The build failed with:
CodeSign /Users/paddy/Library/Developer/Xcode/DerivedData/WordPuzzleAids-dnwilitxxdvpzablseyseujsllag/Build/Products/Debug-iphoneos/WordPuzzleAids.app (in target 'WordPuzzleAids' from project 'WordPuzzleAids')
cd /Users/paddy/Projects/ThirdParty/WordPuzzleAids
Signing Identity: "Apple Development: John Patterson (G9M8AH9CTD)"
Provisioning Profile: "iOS Team Provisioning Profile: *"
(650d11d4-ecd2-4458-a146-3cb55438e9dc)
/usr/bin/codesign --force --sign 1FC4588FA2EAD7DCF9AAC9CDC823B567D76BCBE8 --entitlements /Users/paddy/Library/Developer/Xcode/DerivedData/WordPuzzleAids-dnwilitxxdvpzablseyseujsllag/Build/Intermediates.noindex/WordPuzzleAids.build/Debug-iphoneos/WordPuzzleAids.build/WordPuzzleAids.app.xcent --timestamp\=none --generate-entitlement-der /Users/paddy/Library/Developer/Xcode/DerivedData/WordPuzzleAids-dnwilitxxdvpzablseyseujsllag/Build/Products/Debug-iphoneos/WordPuzzleAids.app
/Users/paddy/Library/Developer/Xcode/DerivedData/WordPuzzleAids-dnwilitxxdvpzablseyseujsllag/Build/Products/Debug-iphoneos/WordPuzzleAids.app: errSecInternalComp
I have attached the build documentation file
Build WordPuzzleAids_2024-08-29T21-17-09.txt
I'm trying to sign an app to run locally because development provisioning does not work for unspecified reasons.
I'm adding NSAllowsLocalNetworking to the app transport security section of the entitlements and the result is that the selection to sign the app locally vanishes from the signing section in Xcode.
I need to access a local web application which does not provide HTTPS.
I'm not only very confused about this but actually pretty ******. Is this once again Apple playing games for absolutely no reason?
Why can't I build and run an application on my system that does not have to do anything with Apple, the app store, customers or anything?
This is just for me and I cannot make it work.
I have an app that runs on macOS Monterey.
For various reasons, I have to externally add a sandbox entitlement (externally, as in using codesign, rather than rebuilding it)
After adding the sandbox entitlement, and resigning appropriately, the app crashes on launch with the following error :
ERROR:process_singleton_posix.cc(1186)] Failed to bind() /var/folders/s2/j0z79krx321qg318das1r95_zc0000gn/T/com.funkyapp/S/SingletonSocket
So I assumed I needed to give access to this file.
So I added the following entitlements to the app, via codesign :
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> <array> <string>/var</string> <string>/var/folders/s2/j0z79krx321qg318das1r95_zc0000gn/T/com.funkyapp/S/SingletonSocket</string> </array>
and also
<key>com.apple.security.network.client</key> <true/>
<key>com.apple.security.network.server</key> <true/>
Unfortunately, it still crashes on load, with the same error.
Does anyone know why that is? From my perspective, I gave the appropriate entitlements to bind a socket at that path, what am I missing?
Thanks !
I have been working with a framework to add multiplayer support to my app. The app runs on test devices, simulators, and archives perfectly fine and the app is fine without the framework. But when I go to distribute the app, I see get this error related to the multiplayer framework I have added. I have tried updating the minimumOSVersion to 9.0, 10.0, 12.0, and 13.0 everywhere (info.plist, deployment info, build settings, etc) and they all match with each build/archive but no matter what I can't get fix this error. This error only shows up when I go to distribute the app to the store. Any ideas on what to try or how to fix this issue? I've attached a screenshot of the issue below.
I am having a peculiar issue with an app I am developing.
I am trying to upload it onto App Store Connect but I am getting one error, and a very odd behavior.
The error message I am getting is:
/Users/user/Documents/GitHub/MyApp/MyApp/DerivedData/MyApp.pub/Build/Intermediates.noindex/ArchiveIntermediates/MyApp.pub/InstallationBuildProductsLocation/Applications/MyApp.pub.app: resource fork, Finder information, or similar detritus not allowed
Command CodeSign failed with a nonzero exit code
I have cleaned built the directory, I have removed the Derived Data, but this always gets thrown.
It was working fine a few months ago, I have only just got back to working on it.
The other issue I am havving, when I set to archive the app, I set the target as Any iOS Arm Device (arm64), but when it is archiving it switches to my iPhone as the target. I don't prompt it to do this, it just does it.
This is very frustrating.
I'm using a MacBook Air M1, with a macOS Sonoma.
I updated my Xcode the other day, that's Version 15.4 (15F31d).
My App has a minimum target of iOS 15 and a project target of Xcode 13.
Any help is appreciated.
multiprocessing.Queue() method of python getting "PermissionError: [Errno 1] Operation not permitted" error if it is sandboxed:
CODE:
import multiprocessing
tensorflow_coordinates_queue = multiprocessing.Queue()
ERROR:
./test_temp9
Traceback (most recent call last):
File "/Applications/test_temp9.app/Contents/MacOS/test_temp9.py", line 4, in <module>
File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/context.py", line 103, in Queue
File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/queues.py", line 43, in __init__
File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/context.py", line 68, in Lock
File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/synchronize.py", line 162, in __init__
File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/synchronize.py", line 57, in __init__
PermissionError: [Errno 1] Operation not permitted
BUNDELED WITH NUITKA:
echo *** | sudo -S python3.9 -m nuitka --run --standalone --macos-disable-console --macos-create-app-bundle --macos-app-mode=ui-element --enable-plugin=pyside6 --macos-app-icon=icons/app_icon.png --include-data-dir=icons=icons test_temp9.py
SIGNED WITH FOLLOWING SH:
sign.txt
sign2.txt
ENTITLEMENTS:
app.entitlements.txt
Hi,
When postinstall tries to run another binary inside the ./scripts folder I package with pkgbuild, it gets killed by taskgated when the postinstall script tries to run it.
└── Contents
├── Helpers
├── Info.plist
├── MacOS
│ ├── UI
│ └──Worker
├── PkgInfo
├── Resources
│ ├── com.ui.plist
│ ├── com.worker.plist
│ └── icon.icns
├── _CodeSignature
│ └── CodeResources
└── embedded.provisionprofile
scripts:
├── token_installer
├── postinstall
├── token_installer
├── postinstall
How I am signing:
codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force out/myapp.app/Contents/MacOS/UI
codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force out/myapp.app/Contents/MacOS/Worker
codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force ./scripts/token_installer
codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force ./scripts/postinstall
codesign --entitlements entitlements.plist --timestamp --options=runtime --sign "$DEVELOPER_ID" --force out/myapp.app
echo "pkgbuilding..."
pkgbuild --root ./out/myapp.app --sign "$DEVELOPER_ID" --identifier com.myapp.app --version 1.0 --install-location /Applications/myapp.app --scripts ./scripts ./out/myapp.pkg
echo "productbuilding..."
# productbuild --distribution ./Distribution.xml --package-path ./out/myapp.pkg --resources . ./out/MyAppInstaller.pkg
productbuild --product requirements.plist --distribution ./Distribution.xml --package-path ./out/myapp.pkg --resources . ./out/MyAppInstaller.pkg
productsign --sign "Developer ID Installer: My Company Inc (***)" --force ./out/MyAppInstaller.pkg ./out/MyAppInstallerSigned.pkg
Sidenote: all binaries that are not the main executable, UI, get killed by taskgated, but I figured I will wrap the Worker in its own app Inside Helpers. I just do not see the point in doing that for the token_installer, since it should only be called once ever, during postinstall.
Is there a way to make it run without having to include it in the app bundle itself?
I am having an issue when archiving in Jenkins. The log says:
SignatureCollection /Users/***/Library/Developer/Xcode/DerivedData/***/Build/Intermediates.noindex/ArchiveIntermediates/***/BuildProductsPath/Release-iphoneos/Some.xcframework-ios.signature
error: signature-collection failed: The operation couldn't be completed. (XCBUtil.CodeSignatureInfo.Error error 0.)
I am able to build and archive without any issue locally.
I have embedded Python in my iOS project in XCODE according to Beewares Usage guide https://github.com/beeware/Python-Apple-support/blob/main/USAGE.md
when running, I get the error that pythonKit can't find cv2, imported by ultralytics. When I add OpenCV-python to my app_packages folder (just like ultralytics) I get the following error:
Code signing identifier (libtheoraenc.1) does not match bundle identifier (com.iubh-lea.Meye.cv2.) for /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.s2Bujt/extracted/Meye.app/Frameworks/cv2..framework
any way to add cv2 Framework accessible by python kit without signing mismatch?