Hi, I have create a universal app then did this: https://support.apple.com/en-vn/guide/apple-business-essentials/axm20c32e0c6/web But this doesn't produce a working package installer. productbuild --sign "3rd Party Mac Developer Installer: ****" --component /Applications/MyApp.app MyApp-universal.pkg Do I need to create a code signature with codesign, prior to call productbuild? regards, Joël

Following the description from https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app* I successfully managed to run my app sandboxed on my development system. Nevertheless the copied application refuses to call the external tool unless it is compiled with NO for the App Sandbox entitlement. My app can be downloaded from: https://github.com/mac-curver/Postscript-Playground The last commit is using the App Sandbox entitlement but the commit before is not using it like compiled and zipped app in the Application folder on Github. The attached picture shows, running the sandboxed app on my development machine. Why the sandboxed does not run on other MACs? How could I test this? *P.S. I could not exactly execute all tasks as written in *, for example I require OS 13.0 and I am using a non commercial dev account (not paying for it).

For some years I have developed and maintained a SwiftUI based app as GUI ontop of the command line tool rsync. The app is available on HomeBrew and works as expected, included using rsync command line tool from HomeBrew. I have now developed a new GUI, a downscale version of the original app, using SwiftData and using only the default rsync in /usr/bin/rsync. No access to remote servers by ssh-keys, only local attached disk on your Mac. SwiftData is used for storing data about synchronise tasks and log records from run. The app works, but as soon as I enable the App Sandbox, the app does not permit to executed default included command line tool from /usr/bin. The GUI app executes the command line tool by a Swift Process object.

I want to develop a very basic app for my wife. Since I'm into Windows and Android, I don't have any experience with MacOS. My wife is visually impaired and chose for an iPhone, and never switched since. I want to buy a cheap second hand MacBook Pro 2011 to be able to compile. Found this one online. Is it good enough? It doesn't matter if it's slow or has some weird glitches. Only thing I want is develop the app, install it, and then let the MacBook rest for the rest of its live (sorry for this sad story MacBook-lovers :)) [Image Edited by Moderator to Remove Serial Number]

We are using an iPhone app distributed as an AdHoc app, but an error message saying "App cannot be verified" was displayed. The error screen says, "Internet connection is required to verify the credibility of developer "Apple Distribution:●●●● CO.,LTD.(QQQ29B8GG2)"." When using this app, We are connected to the LAN, but not connected to the Internet. If you temporarily connect to the Internet and start the app when the error screen appears, the error screen will disappear. After that, when I switched from connecting to the Internet to connecting to LAN, it worked normally for a while, but after about 2 months, the same error screen appears again. Please tell me how to resolve this error.

My sandboxed macOS app requires the user to grant permission under Privacy & Security / Accessibility in order to support extra functionality. If no permission is granted the app can still be used albeit with very basic functionality. In order to allow the user NOT to have to immediately decide whether to grant this permission when first launching the app, a dialog allows them to say “I’ll do it later”. As such, the app uses a timer with a one second interval to ask the system if permission has been granted and if so, implements the extra functionality. By the way, I would rather have used a notification instead of a timer, but there does not seem to be one. // Schedule a timer to periodically check accessibility status accessibilityTimer = Timer.scheduledTimer(timeInterval: 1.0, target: self, selector: #selector(checkAccessibilityStatus), userInfo: nil, repeats: true) func isAccessibilityEnabled() -> Bool { let accessibilityEnabled = AXIsProcessTrusted() return accessibilityEnabled } @objc func checkAccessibilityStatus() { if isAccessibilityEnabled() { print("Accessibility is enabled.") accessibilityTimer?.invalidate() if gEventTap == nil { tapper()//as003 gTypeIt4MeMenu?.item(at: kPauseResumeItem)?.title = "Pause" gStatusItem?.button!.image = NSImage(named: "menubar_icon_16x16") NotificationCenter.default.post(name: NSNotification.Name(rawValue: "showGreenTick"), object: nil) } } else { print("Accessibility is disabled.") } } My problem is that when I build the app with my development certificate, it runs as expected. However, when I upload it to TextFlight and download from there, it no longer “notices” when I grant it permission.

Hi team We are facing following message "A timestamp was expected but was not found" during codesign for following .pkg file and it cause Jenkins NB process failed. We are facing this issue for last 3 days as it was working on last 18th January. Kindly let us know how to fix this problem. Rgds

Both the codesign tool and Xcode allow you to sign code with a hardware-based code-signing identity. However, setting that up can be a bit of a challenge. Recently a developer open a DTS tech support incident requesting help with this, and so I thought I’d post my instructions here for the benefit of all. If you have any questions or comments about this, please start a new thread, tagging it with Code Signing so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Signing code with a hardware-based code-signing identity Both the codesign tool and Xcode allow you to sign code with a hardware-based code-signing identity. This post explains how to set that up. I used macOS 14.2.1 with Xcode 15.2. For my hardware-based key I used a YubiKey 5 NFC that I reset to its defaults. I installed YubiKey Manager 1.2.5. IMPORTANT While I used a YubiKey, the code signing parts of this process should work with any token that has a functioning CryptoTokenKit driver. In the case of the YubiKey, it presents a PIV interface and thus it’s supported by macOS’s built-in PIV CryptoTokenKit driver. In this example I created an Apple Development certificate because those are dime a dozen. This process should work with any other type of code-signing certificate. Indeed, it make sense to store your most precious keys in a hardware token, including your Developer ID keys. For more on that topic, see The Care and Feeding of Developer ID. Generate a certificate signing request To generate a certificate signing request (CSR): Connect the YubiKey via USB. Dismiss any system alerts: If the “Allow this accessory to connect?” alert comes up, click Allow. If the Keyboard Setup Assistant comes up, quit that. If the ctkbind notification comes up, dismiss that. Coded signing does not require that you bind your login account to your hardware token. Launch YubiKey Manager. Choose Applications > PIV. Click Configure Certificates. Select Digital Signature (slot 9c). In the past I’ve run into situations where signing fails if you don’t use this slot, although I haven’t tested that in this particular case. Click Generate. Select Certificate Signing Request (CSR) and click Next. Select the RSA2048 algorithm and click Next. Enter a subject and click Next. The value you use here doesn’t matter because Apple ignores pretty much everything in the CSR except the public key. Click Generate. Choose a save location and name. Don’t include a file name extension. When prompted for the management key, enter that and click OK. When prompted for the PIN, enter that and click OK. The app will generate a .csr file at your chosen location. Quit YubiKey Manager. Note Apple typically uses the .certSigningRequest extension for CSRs, but this process works just fine with the .csr extension used by YubiKey Manager. Generate a certificate from your CSR To generate a certificate from that CSR: In Safari, go to Developer > Account and log in. If you’re a member of multiple teams, make sure you have the correct one selected at the top right. Click Certificates. Click the add (+) button to create a new certificate. Select Apple Development and click Continue. Click Choose File, select your CSR file, and click Upload. Click Continue to generate your certificate. That takes you to the Download Your Certificate page. Click Download. In Terminal, calculate a SHA-1 hash of your .cer file. % shasum "development.cer" 840f40ef6b10bedfb2315ac49e07f7e6508a1680 development.cer Import the certificate to form a code-signing identity To import this certificate into your YubiKey: Convert the certificate to PEM form: % openssl x509 -in "development.cer" -inform der -out "development.pem" Launch YubiKey Manager. Choose Applications > PIV. Click Configure Certificates. Select Digital Signature (slot 9c). Click Import. In the file dialog, select the PEM and click Import. When prompted for the management key, enter that and click OK. The UI updates to show the certificate issuer (Apple Worldwide Developer Relations Certificate Authority) and subject (Apple Development: UUU, where UUU identifies you). Quit YubiKey Manager. Unplug the YubiKey and then plug it back in. Sign a test program Before digging into Xcode, check that you can sign code with the codesign tool: Create a small program to test with. In my case I decided to re-sign the built-in true command-line tool: % cp "/usr/bin/true" "MyTool" % codesign -s - -f "MyTool" Run codesign to sign your program, passing in the SHA-1 hash of the certificate you imported into the YubiKey: % codesign -s 840f40ef6b10bedfb2315ac49e07f7e6508a1680 -f "MyTool" When prompted for the PIN, enter that and click OK. The codesign invocation completes like so: % codesign -s 840f40ef6b10bedfb2315ac49e07f7e6508a1680 -f "MyTool" MyTool: replacing existing signature Sign from Xcode To sign from Xcode: Open your project in Xcode. In my case I created a new project by choosing File > New then selecting macOS > Command Line tool. In Signing & Capabilities for the tool target, turn off “Automatically manage signing”. In Build Settings, find the Code Signing Identity build setting, choose Other, and then enter the SHA-1 hash of your certificate. Choose Product > Build. When prompted for the PIN, enter that and click OK. The build then completes. IMPORTANT This requires Xcode 13 or later. Earlier versions of Xcode only work with file-based code-signing identities.

Hello I jump on my mac every 3-4 months to release new version of my apps. Process usually is "ok" some cmake/compile issues as 99% of dev is done on windows but other than that its all good. But now I'm stuck. My app can run locally/start etc just fine, but clients are panicking because they can't run them. They have undefined developer warning. I don't understand this. Its notarised and been working for 2 years. What am I doing wrong ?! How can I test it ? I tried creating new user-profile on my mac, but there is no issue, app starts. Do I need to buy ANOTHER mac to test my apps before release ?! Can any1 help how to debug this issue? I'm lost, I used finder-compress myapp.app & send it via slack to client to get him quickly going but that does not help either. - I though it was zip stripping down data or something. Anyway, very frustrated here, and lost. Can any1 help? hint? Is this good resource to check against? https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html I've run spctl --assess --type execute myApp and I'm getting rejected (bundle format is ambiguous (could be app or framework)) But then why does it notarize/sign/etc with no errors ?! I'm so lost :- (((( Any help would be greatly appreciated I've attached app content > Ok I've tested my older releases, they all have the same issue but they all work on client system. I'm so lost :- (((

I'm working on an app using entitlements. The entitlements are setup in its code signature and they are also applied in the corresponding provisioning profile. I embed said provisioning profile in the app, but when I launch the binary it gets rejected by taskgated-helper (as seen in console.app it says "profile not found"). However, if I install the same embedded provision profile it will work! So I can only assume taskgated-helper is not looking in the Contents/embedded.provisionprofile file when I try to run the binary? I can only imagine that the issue revolves around the binary not being the main bundle binary in the application, as that one works just fine without installing the profile. I would simply install the profile to fix the issue, but it brings other problems when trying to install the application in a headless environment (as opening the profile to install in system settings requires user interaction). Any ideas?

Hi, I've ran into an issue which only seems to affect one of my macs. It's currently running 14.2.1 but I first saw this issue in 13.6. If I download the macOS Sonoma 14.2.1 installer (via App store) onto this particular machine, it will never execute the installer. It always reports that the installer is "damaged". Of course I did reasearch this online and you get the usual unhelpful posts which just say "re download it" and of course, I wouldn't be posting here had I not tried that. This happens with any macOS installer I download using the softwareupdate --fetch-full-installer utility as well. The thing is, if I copy this .app to another (identical as far as I can tell) Mac - it will work. So far this also seems limited to macOS installers - other third party apps are fine. I'm convinced this is related to trusted execution and something has gone wrong in the environment. I've been looking at my router logs to see if any connections may have been blocked (I'm using OPNsense) and also looking to see what connections are being made via Little Snitch and so far it looks fine. Again, other machines on the network can run these just fine. I've read through eskimo's excellent guide here: https://forums.developer.apple.com/forums/thread/706442 but I was wondering if anyone can give me some pointers to narrow this down further. As it stands, I can't trust this machine for app development if I can't even get the official Apple installers to run sucessfully.

I am looking for any help regarding an errSecInternalComponent error I am seeing when trying to archive my iOS app via my CI process. Specifically, this CI process is a GitHub Action running on a self-hosted M2 Pro Mini machine to which we have Screen Share access. I have followed the very helpful seminal post and have confirmed that I can run the necessary command in the local terminal via Screen Share, and I don't get any Keychain Access dialogs to pop up. When I try to run the same command via an SSH terminal from my local machine on that same machine, I get the following error: /Users/{username}/Library/Developer/Xcode/DerivedData/{projectID}/Build/Intermediates.noindex/ArchiveIntermediates/{projectname}/IntermediateBuildFilesPath/UninstalledProducts/iphoneos/{some name}NotificationServiceExtension.appex: errSecInternalComponent I only get the error for that one service extension target. The project is only a couple years old, created with Xcode 14 or maybe 13. The signing has always been managed automatically with the provisioning profiles for all our targets being managed by Xcode. Thanks in advance for any advice or suggestions as to what I may be missing or how to address this problem. I am more than happy to provide any more information I can to diagnose and solve the issue.

I help a lot of developers with macOS trusted execution problems. For example, they might have an app being blocked by Gatekeeper, or an app that crashes on launch with a code signing error. If you encounter a problem that’s not explained here, start a new thread with the details. Make sure to add relevant tags — like Gatekeeper, Code Signing, and Notarization — so that I see your post. IMPORTANT macOS 14 has a new tool, syspolicy_check, that was specifically designed to help diagnose problems like this. I plan to update this post once I have more experience with it. In the meantime, however, if you hit a trusted execution problem and it reproduces on macOS 14, please try out syspolicy_check and let us know how that pans out. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Resolving Trusted Execution Problems macOS supports three software distribution channels: The user downloads an app from the App Store. The user gets a Developer ID-signed program directly from its developer. The user builds programs locally using Apple or third-party developer tools. The trusted execution system aims to protect users from malicious code. It’s comprised of a number of different subsystems. For example, Gatekeeper strives to ensure that only trusted software runs on a user’s Mac, while XProtect is the platform’s built-in anti-malware technology. Note To learn more about these technologies, see Apple Platform Security. If you’re developing software for macOS your goal is to avoid trusted execution entanglements. You want users to install and use your product without taking any special steps. If, for example, you ship an app that’s blocked by Gatekeeper, you’re likely to lose a lot of customers, and your users’ hard-won trust. Trusted execution problems are rare with Mac App Store apps because the Mac App Store validation process tends to catch things early. This post is primarily focused on Developer ID-signed programs. Developers who use Xcode encounter fewer trusted execution problems because Xcode takes care of many code signing and packaging chores. If you’re not using Xcode, consider making the switch. If you can’t, consult the following for information on how to structure, sign, and package your code: Placing Content in a Bundle Embedding Nonstandard Code Structures in a Bundle Embedding a Command-Line Tool in a Sandboxed App Creating Distribution-Signed Code for Mac DevForums post Packaging Mac Software for Distribution DevForums post Gatekeeper Basics User-level apps on macOS implement a quarantine system for new downloads. For example, if Safari downloads a zip archive, it quarantines that archive. This involves setting the com.apple.quarantine extended attribute on the file. Note The com.apple.quarantine extended attribute is not documented as API. If you need to add, check, or remove quarantine from a file programmatically, use the quarantinePropertiesKey property. User-level unarchiving tools preserve quarantine. To continue the above example, if you double click the quarantined zip archive in the Finder, Archive Utility will unpack the archive and quarantine the resulting files. If you launch a quarantined app, the system invokes Gatekeeper. Gatekeeper checks the app for problems. If it finds no problems, it asks the user to confirm the launch, just to be sure. If it finds a problem, it displays an alert to the user and prevents them from launching it. The exact wording of this alert varies depending on the specific problem, and from release to release of macOS, but it generally looks like the ones shown in Apple > Support > Safely open apps on your Mac. The system may run Gatekeeper at other times as well. The exact circumstances under which it runs Gatekeeper is not documented and changes over time. However, running a quarantined app always invokes Gatekeeper. Unix-y networking tools, like curl and scp, don’t quarantine the files they download. Unix-y unarchiving tools, like tar and unzip, don’t propagate quarantine to the unarchived files. Confirm the Problem Trusted execution problems can be tricky to reproduce: You may encounter false negatives, that is, you have a trusted execution problem but you don’t see it during development. You may also encounter false positives, that is, things fail on one specific Mac but otherwise work. To avoid chasing your own tail, test your product on a fresh Mac, one that’s never seen your product before. The best way to do this is using a VM, restoring to a snapshot between runs. For a concrete example of this, see Testing a Notarised Product. The most common cause of problems is a Gatekeeper alert saying that it’s blocked your product from running. However, that’s not the only possibility. Before going further, confirm that Gatekeeper is the problem by running your product without quarantine. That is, repeat the steps in Testing a Notarised Product except, in step 2, download your product in a way that doesn’t set quarantine. Then try launching your app. If that launch fails then Gatekeeper is not the problem, or it’s not the only problem! Note The easiest way to download your app to your test environment without setting quarantine is curl or scp. Alternatively, use xattr to remove the com.apple.quarantine extended attribute from the download before you unpack it. For more information about the xattr tool, see the xattr man page. Trusted execution problems come in all shapes and sizes. The remaining sections address the most common ones. App Blocked by Gatekeeper If your product is an app and it works correctly when not quarantined but is blocked by Gatekeeper when it is, you have a Gatekeeper problem. For advice on how to investigate such issues, see Resolving Gatekeeper Problems. App Can’t Be Opened Not all failures to launch are Gatekeeper errors. In some cases the app is just broken. For example: The app’s executable might be missing the x bit set in its file permissions. The app’s executable might be subtly incompatible with the current system. A classic example of this is trying to run a third-party app that contains arm64e code. macOS requires that third-party kernel extensions use the arm64e architecture. In other circumstances, stick to arm64 for your shipping products. If you want to test arm64e code locally, see Preparing Your App to Work with Pointer Authentication. The app’s executable might claim restricted entitlements that aren’t authorised by a provisioning profile. Or the app might have some other code signing problem. Note For more information about provisioning profiles, see TN3125 Inside Code Signing: Provisioning Profiles. In such cases the system displays an alert saying: The application “NoExec” can’t be opened. [[OK]] Note In macOS 11 this alert was: You do not have permission to open the application “NoExec”. Contact your computer or network administrator for assistance. [[OK]] which was much more confusing. A good diagnostic here is to run the app’s executable from Terminal. For example, an app with a missing x bit will fail to run like so: % NoExec.app/Contents/MacOS/NoExec zsh: permission denied: NoExec.app/Contents/MacOS/NoExec And an app with unauthorised entitlements will be killed by the trusted execution system: % OverClaim.app/Contents/MacOS/OverClaim zsh: killed OverClaim.app/Contents/MacOS/OverClaim In some cases running the executable from Terminal will reveal useful diagnostics. For example, if the app references a library that’s not available, the dynamic linker will print a helpful diagnostic: % MissingLibrary.app/Contents/MacOS/MissingLibrary dyld[88394]: Library not loaded: @rpath/CoreWaffleVarnishing.framework/Versions/A/CoreWaffleVarnishing … zsh: abort MissingLibrary.app/Contents/MacOS/MissingLibrary Code Signing Crashes on Launch A code signing crash has the following exception information: Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid)) The most common such crash is a crash on launch. To confirm that, look at the thread backtraces: Backtrace not available For steps to debug this, see Resolving Code Signing Crashes on Launch. One common cause of this problem is running distribution-signed code. Don’t do that! For details on why that’s a bad idea, see Don’t Run App Store Distribution-Signed Code. Code Signing Crashes After Launch If your program crashes due to a code signing problem after launch, you might have encountered the issue discussed in Updating Mac Software. Non-Code Signing Failures After Launch The hardened runtime enables a number of security checks within a process. Some coding techniques are incompatible with the hardened runtime. If you suspect that your code is incompatible with the hardened runtime, see Resolving Hardened Runtime Incompatibilities. App Sandbox Inheritance If you’re creating a product with the App Sandbox enabled and it crashes with a trap within _libsecinit_appsandbox, it’s likely that you’re having App Sandbox inheritance problems. For the details, see Resolving App Sandbox Inheritance Problems. Library Loading Problem Most library loading problems have an obvious cause. For example, the library might not be where you expect it, or it might be built with the wrong platform or architecture. However, some library loading problems are caused by the trusted execution system. For the details, see Resolving Library Loading Problems. Explore the System Log If none of the above resolves your issue, look in the system log for clues as to what’s gone wrong. Some good keywords to search for include: gk, for Gatekeeper xprotect syspolicy, per the syspolicyd man page cmd, for Mach-O load command oddities amfi, for Apple mobile file integrity, per the amfid man page taskgated, see its taskgated man page yara, discussed in Apple Platform Security ProvisioningProfiles Here’s a log command that I often use when I’m investigating a trusted execution problem and I don’t know here to start: % log stream --predicate "sender == 'AppleMobileFileIntegrity' or sender == 'AppleSystemPolicy' or process == 'amfid' or process == 'taskgated-helper' or process == 'syspolicyd'" For general information the system log, see Your Friend the System Log. Revision History 2024-01-12 Added a specific command to the Explore the System Log section. Change the syspolicy_check callout to reflect that macOS 14 is no longer in beta. Made minor editorial changes. 2023-06-14 Added a quick call-out to the new syspolicy_check tool. 2022-06-09 Added the Non-Code Signing Failures After Launch section. 2022-06-03 Added a link to Don’t Run App Store Distribution-Signed Code. Fixed the link to TN3125. 2022-05-20 First posted.

Two days ago everything was working fine. Then I decided to step on with the OneSignal Sdk and the problems starts to come. Now I have two big problem but I want to go with order and begin from the first and maybe the second will follow. When I try the app on emulator, it builds fine but stopped immediately with The parent bundle has the same identifier (com.domain.bundlename) as sub-bundle at /Users/myname/Library/Developer/CoreSimulator/Devices/F2D73A5F-1B86-4D2D-9989-518387D0FB24/data/Library/Caches/com.apple.mobile.installd.staging/temp.O4MORK/extracted/Runner.app/Frameworks/App.framework (com.domain.bundlename is for obscuring the real ones) Then I tried creating a new emulator device, but I got the same error. No clues on my internet search.

Is setting "Enable App Sandbox : Yes" required for distributing an app to the App Store? I'm building my first app, a game, and can only test on my physical device with the Sandbox set to No. I can run it on the emulators with Sandboxing enabled. I'm still using the free developer account and will be enrolling in the paid account once 2024 arrives.

We have started creating third-party applications and for that we required to apple certificate and initially created multiple certificate (application and installer), later on realises that one can be enough to approve multiple application. Now we are not seeing any option to remove or revoke the certificates so that we can create new certificate. Support team also not able to help on this. What should we do to create new certificate?

Hi, after many hours looking for a solution I hope to find one here :) I am creating an ios application using flutter. Since updating my macbook to MacOs Sonoma it is impossible for me to launch an archive of the application on Xcode (the error below is displayed). By searching I thought I understood that it could come from Icloud but even if I put my App in the Application folder, I got this error. I can launch my application on Simulator but not on a physical phone either. error: Target release_unpack_ios failed: Exception: Failed to codesign /Users/etiennemary/Library/Developer/Xcode/DerivedData/Runner-hcgaysxersoeaugykishvsewlgps/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter with identity ...... /Users/etiennemary/Library/Developer/Xcode/DerivedData/Runner-hcgaysxersoeaugykishvsewlgps/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter: replacing existing signature Warning: unable to build chain to self-signed root for signer "Apple Development: Etienne Mary (. )" /Users/etiennemary/Library/Developer/Xcode/DerivedData/Runner-hcgaysxersoeaugykishvsewlgps/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter: errSecInternalComponent Failed to package /Applications/aa/evento.

I want to distribute my app with my developer ID. This works fine in a dmg or zip container if I download it on another Mac by FTP. But if I download it by HTTPS macOS brings a Popup: “Rocrail.app” is damaged and can’t be opened. You should move it to the Bin. I don't understand the diff between FTP and HTTPS download... How can I fix this?

Searching for insight on the best and most compliant way to essentially merge two apps. They have the same functionality but one is much more advanced than the other, although the legacy app has a higher user count. Instead of letting both run, we want to push the legacy app an update with the code from the new app and ultimately kill the newer one. What is the best way to do this? Is it allowed to simply push the source code from new app to legacy and update the identifier? We do not wan't to break any app store rules and want to limit the potential of losing users by forcing them to download a new app.

I’m trying to implement XPC Rendezvous like Quinn described in many awesome posts on here but I’m now at a stuck point were I just have no idea. I want to communicate with a Safari extension via XPC and also a helper application which led me to XPC Rendezvous (https://developer.apple.com/forums/thread/715338) because a XPC Service in the Extension is scoped to the container. I then made a Command Line Target and added it like its described here (https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app ) and also took the xpc test code and inspiration to set up my launch agent from here (https://developer.apple.com/documentation/servicemanagement/updating_your_app_package_installer_to_use_the_new_service_management_api). This command line tool should do the management for the XPC connections because it’s not in the sandboxed container. The tool sets up the xpc connection like in the sample code directly and not in a XPC Service added via a Target template. It exposes the Mach Service. And that looks like its building fine after some fighting but the service just wont start - I saw it trying in console and after running it in Xcode and finally finding the crash report - it brought me there (https://developer.apple.com/forums/thread/706390) I have Process is not in an inherited sandbox. - and thinking about it, it makes sense because I first thought its just because it ran through Xcode, but its crashing this way also as a LaunchAgent. I mean it does make sense - there is nothing to inherit because it’s spawned by launchd - and that’s what I want isn’t it - to make the Rendezvous? Okay I thought now removing com.apple.security.inherit brings it in its own Sandbox (its needs sandboxing) but this also crashes the process because of the sandbox. Also after adding it to the App Group. What am I missing here or what do I want to accomplish? Do I want to inherit the sandbox? I guess not the helper should have its own. The only difference I see in comparison to SMAppServiceSampleCode is it moves the product in Copy Bundle Resources, and I have a Copy Files Phase with Destination: Executables (Like the other sample code said - and that’s looks “more correct” - and well SMAppServiceSampleCode isn’t sandboxed. I then tried making a new Command Line Target and just added App Sandbox Capability and tried to run this fresh one - and that also crashes. This makes me think I’m just ****** somewhere but I have read now everything I could find. I’m happy to provide any Code or crash logs but I dont know what part is really relevant here, It looks like the LaunchAgent gets installed correctly and wants to run but the sandbox is preventing me. The Bundle Identifier and XPC device name of the helper starts with my teamID (I got that from here https://developer.apple.com/forums/thread/703702) What could I be doing wrong? Thanks a lot! Benjamin