I'm trying to setup a new build machine and I can't seem to get the signing certificates detected by the security tool with "0 valid identities found" My id is linked to a team but my role is "app manager". In my console I can see the certificates but cant download the developerID installer cert. In Xcode no ceritifcates show up for that team ID in the list. The certs were generated by the developer console. I had to get the client to insecurely send me the certs because of this restriction. I imported them into the keychain but the tool still won't show anything. Is this another problem not having the correct root certificate installed ? I had all this setup in a VMWAre which was working before I lost all data due to a crash so setting it up fresh on a mac mini. I should be able to have just synced the certs through xcode and start signing installers. I researched hundreds of pages and no answer for my problem.

Electron app builded successfully with electron forge and @electron/osx-sign. But it crash when startup and get crash log below: Time Awake Since Boot: 320000 seconds Time Since Wake: 9200 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000002, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Trace/BPT trap: 5 Termination Reason: Namespace SIGNAL, Code 0x5 Terminating Process: exc handler [95916] Thread 0 Crashed:: Dispatch queue: com.apple.main-thread if I use custom entitlements, it shows: Time Awake Since Boot: 310000 seconds Time Since Wake: 8600 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Illegal instruction: 4 Termination Reason: Namespace SIGNAL, Code 0x4 Terminating Process: exc handler [93221] Application Specific Information: dyld: launch, running initializers /usr/lib/libSystem.B.dylib Could not set sandbox profile data: Operation not permitted (1) Application Specific Signatures: SYSCALL_SET_PROFILE here is entitlement: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.network.client</key> <true/> </dict> </plist> inherit entitlement: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.inherit</key> <true/> </dict> </plist> what can I do to resolve it?

Hey everyone, I have translated my app using the newest String Catalog feature but im wondering how can I translate the strings from the Target -> Info tab. I have read the string catalog documentation and searched on the internet but I can't find a recent post talking about it. I have found methods related to the info.plist file but afaik that would be legacy documentation as I can't even find a info.plist file in my project anymore. Also tried to look for posts talking about it here, but maybe I'm not using the right words as I couldn't find anything. I only found this article that mentions translating the strings from info but still couldn't see how to do it: https://developer.apple.com/documentation/bundleresources/information_property_list/managing_your_app_s_information_property_list#3375316 So if someone could help me out, it would be very appreciated, thanks. EDIT: I just followed the "creating a infoplist.strings" way and it worked, but im still wondering if there is a newer way to do it. I tried to just add a manual string in the string catalog using "NSContactsUsageDescription" as key but it didn't work

I know I have to be doing something wrong. I've been trying notarize my app for a few days. I've bundled my app and am able to sign with hardened runtime. When I submit for notary with this command /Applications/Xcode.app/Contents/Developer/usr/bin/notarytool submit /path/to/your/file.zip --wait --key "/path/to/your/AuthKey_ABCD1234.p8" --key-id "ABCD1234" --issuer "uuid-issuer-id" it just eventually times out with no feedback or error report.

What is the proper process for notarizing an installer package? I have tried every permutation I can find and it always returns "The signature of the binary is invalid". It's a Qt6 app if that is relevant. I've bundled and signed the app using: macdeployqt myapp.app \ -always-overwrite -verbose=1 \ -hardened-runtime \ -sign-for-notarization=\"$${sign_name}\" \ It verifies OK codesign -v --verify --deep myapp.app myapp.app: valid on disk myapp.app: satisfies its Designated Requirement I have successfully notarized and stapled it: ... The staple and validate action worked! This is where I'm not sure of the proper process. I've used pkgbuild to put the app into .pkg file and successfully signed that using an Installer ID. pkgutil --check-signature myapp-signed.pkg Package "myapp-signed.pkg": Status: signed by a developer certificate issued by Apple for distribution ... On attempting to notarise this packge I get The signature of the binary is invalid for every shared library and the executable in the package. That error message is not very useful so how do I diagnose the issue? So far I've tried a few things I've found on the forum but the error is always the same unhelpful one.

questions about Apple's notarization standards I've found that notarization seems to be based on the team ID, with a shared history. Is my understanding correct? If an app named ABC is initially notarized under team A, and then later updates are notarized under team B, will there be any issues? In my tests, notarizing the same app under teams A and B didn't cause any problems, but I'm curious about potential issues if there's a change in team IDs in the future. Is it possible to delete the notarization history or transfer it to a different team ID?

I have developed a process monitoring software for internal use in my company using the endpointsecurity API. When I tried to package and distribute it to my colleagues, I found out that I need to apply for the com.apple.developer.endpoint-security.client entitlement from Apple. It has been almost 2 months since I submitted the application, but it hasn't been approved yet. I sought help from customer service, but they haven't provided any useful feedback. I'm hoping to get help from the developer community. How can I expedite the approval of the com.apple.developer.endpoint-security.client entitlement? thanks~

Problem I am trying to send out a broadcast using NWConnection and then listen for responses using NWListener on port 50913. Although the broadcast is sent out correctly (= no error is thrown upon sending), I only get responses to my broadcast from what I suppose are the network interfaces of my own MacBook. In other words, it seems like the broadcast is never really submitted to the network. Context I don't have in-depth knowledge about the behavior of UDP which is why I am confused about this behavior. I've been reading online about this and couldn't find anything really related to the behavior I am experiencing. I've also looked at this developer forums entry and implemented the broadcast accordingly. The response from @meaton does not suggest that broadcasts are not supported by NWConnection (which is what I thought to be the culprit initially), and I am not getting the error they are talking about in their post, but a behavior that is entirely different. Does anyone know what is wrong with my implementation? Code final public class BroadcastDiscoveryEngine { private let logger: Logger = Logger.init(for: BroadcastDiscoveryEngine.self) private let broadcastConnection: NWConnection private let broadcastResponseListener: NWListener private let responseParser: BroadcastResponseParser = BroadcastResponseParser() private var discoveryContinuation: AsyncStream&lt;Discovery&gt;.Continuation? = nil init() throws { let parameters = NWParameters.udp parameters.allowLocalEndpointReuse = true parameters.allowFastOpen = true parameters.includePeerToPeer = true broadcastConnection = NWConnection(host: .ipv4(.broadcast), port: .init(integerLiteral: 50913), using: parameters) broadcastResponseListener = try NWListener(using: parameters, on: 50913) } func startBroadcast(continuation: AsyncStream&lt;Discovery&gt;.Continuation) { discoveryContinuation = continuation broadcastConnection.stateUpdateHandler = handleBroadcastConnectionStateUpdate(state:) broadcastConnection.start(queue: .global(qos: .default)) startBroadcastListener() } func stopBroadcast() { broadcastConnection.cancel() broadcastResponseListener.cancel() } private func sendBroadcastMessage() { broadcastConnection.send(content: "my_broadcast_message".data(using: .utf8), completion: .contentProcessed({ error in if let error = error { self.logger.error("Sending broadcast message failed with error: \(error.debugDescription, privacy: .public)") self.broadcastConnection.cancel() self.broadcastResponseListener.cancel() } self.logger.info("Broadcast message sent.") })) } private func handleBroadcastConnectionStateUpdate(state: NWConnection.State) { switch state { // shortened other cases since only logging occurs case .ready: logger.info("Broadcast connection established, ready to send and receive data.") sendBroadcastMessage() } } } extension BroadcastDiscoveryEngine { private func startBroadcastListener() { broadcastResponseListener.stateUpdateHandler = handleBroadcastResponseListenerStateUpdate(state:) broadcastResponseListener.newConnectionHandler = handleIncomingConnection(connection:) broadcastResponseListener.start(queue: .global(qos: .default)) } private func handleBroadcastResponseListenerStateUpdate(state: NWListener.State) { switch state { // shortened cases since only logging occurs } } private func handleIncomingConnection(connection: NWConnection) { connection.stateUpdateHandler = { state in self.handleIncomingConnectionStateUpdate(connection: connection, state: state) } connection.start(queue: .global(qos: .default)) } private func handleIncomingConnectionStateUpdate(connection: NWConnection, state: NWConnection.State) { switch state { // shortened other cases since only logging occurs case .ready: logger.info("Incoming connection (\(connection.debugDescription, privacy: .public) established, ready to send and receive data.") connection.receiveMessage { content, contentContext, isComplete, error in self.receiveBroadcastResponse(connection: connection, content: content, contentContext: contentContext, isComplete: isComplete, error: error) } } } private func receiveBroadcastResponse(connection: NWConnection, content: Data?, contentContext: NWConnection.ContentContext?, isComplete: Bool, error: NWError?) { // shortened: handles parsing accordingly and then cancels connection connection.cancel() } }

Greetings, everyone! In case it proves helpful, I've crafted a Bash script to streamline the notarization process. Here's a breakdown of its features: Prompts you to select the app for notarization Offers optional codesigning before notarization Generates a ZIP file for notarization Requests your credentials (Apple ID, Team ID, and app-specific password) Submits the ZIP file for notarization Cleans up by deleting the ZIP file used for notarization Staples the app after notarization Creates a new ZIP file for distribution You can check it out on GitHub: Notarization Assistant

We've got 3 MacOS apps on TestFlight that all suddenly became unusable to our testers who upgraded the OS to 14.2. The error message says: "The application can't be opened. -10673" But also there was another window that opened up stating "The beta app, , is no longer available. The provisioning profile is invalid" The provisioning profile doesn't specify OS versions - it's signed with distribution and installation certificates for AppStore. These apps have been used that's been successfully provisioned, uploaded, downloaded and tested by various testers prior to now. Each app has an explicit Apple ID and provisioning profile - all still valid. What would cause this? How can I fix this?

I registered a Mac as a device in apple-developer using a third-party UID for collaboration, but the Mac cannot be selected when creating a provisioning profile. And they say udid and uuid are the same. Why is that? The third party's Mac has been updated to Ventura OS using Open Core patcher.

Hello fellow developers, I've come across a bit of a challenge and would appreciate some insights. I successfully backed up my Developer ID Application certificate as a .p12 file and smoothly imported it into my login keychain. However, when attempting to import it into my iCloud keychain for an added layer of backup security, I encountered two error messages: "One object could not be imported." "The selected keychain could not be found." Any thoughts or suggestions on resolving this hiccup would be greatly appreciated! Thanks in advance for your expertise!

We asked for and received confirmation that we have received the Critical alert entitlement. I have also tested it in development build with a development profile and it worked. However when we try to send an update to test flight to test in release mode on our device, we get the following error: The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.usernotifications.critical-alerts' NSLocalizedFailureReason = "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.usernotifications.critical-alerts' in our app. SUnderlyingError = "Error Domain=IrisAPI Code=-19241 "Asset validation failed" UserInfo={status=409, detail=Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.usernotifications.critical-alerts in our app code=STATE_ERROR.VALIDATION_ERROR.90163, title=Asset validation failed we added the following entitlement to the entitlements.plist file: com.apple.developer.usernotifications.critical-alerts

Hello, I am rather new at publishing apps for Iphone and I am facing some difficulties. Maybe someone could point me what I am not understanding. I am having some issues handling the usage of the Development Certificate . I have created a CSR, supplied it at apple.developer system to get a development certificate. I downloaded such a certificate and installed it. When I try to use it I get this status saying it is not trusted : The result is this when trying to use it: " /Users/eao/build/dev/aquila_companion.xcodeproj: error: Missing private key for signing certificate. Failed to locate the private key matching certificate "Apple Development: Tiago DAagostini (GDH9UYDL8A)" in the keychain. To sign with this signing certificate, install its private key in your keychain. If you don't have the private key, select a different signing certificate for CODE_SIGN_IDENTITY in the build settings editor. (in target 'appaquila_companion' from project 'aquila_companion') " What am I missing? Where this p12 key should be? And is that related to that image where the Certificate is deemed not trusted?

Hi, We have an app that installs a number of system extensions. According to this documentation the app must be located in the Applications folder to be activated so when the app launches we check that it is running from /Applications (or a subfolder) and if it isn't we inform the user and exit. This has been working fine until a recent submission whereupon installing the app via TestFlight casuses it to be translocated when run and our check to fail. So, a couple of questions: Is it expected that an app installed via TestFlight (or indeed the AppStore) can be translocated when it is run? If yes to the above, how can we ensure that out app is running from Applications and can therefore activate its extensions? Thanks Alan

I have a driving task app and am trying to show a CPActionSheetTemplate or a CPAlertTemplate. Both of these are crashing showing: Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: 'Unsupported object <CPActionSheetTemplate: 0x6000030319e0> <identifier: C744031B-99F6-4999-AF19-6ED43140502B, userInfo: (null), tabTitle: (null), tabImage: (null), showsTabBadge: 0> passed to pushTemplate:animated:completion:. Allowed classes: {( CPSearchTemplate, CPNowPlayingTemplate, CPPointOfInterestTemplate, CPListTemplate, CPInformationTemplate, CPContactTemplate, CPGridTemplate, CPMapTemplate )}' This is very strange, because in the docs all app types are allowed to show ActionSheets and Alerts. Why is this crashing?

I want to distribute my app with my developer ID. This works fine in a dmg or zip container if I download it on another Mac by FTP. But if I download it by HTTPS macOS brings a Popup: “Rocrail.app” is damaged and can’t be opened. You should move it to the Bin. I don't understand the diff between FTP and HTTPS download... How can I fix this?

Hello all! I'm having problems with capacitor built to iOS. The audio plays correctly (.wav files/ sound effect triggered in a game), but the debugger pops the error: Error acquiring assertion: <Error Domain=RBSServiceErrorDomain Code=1 "(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)" UserInfo={NSLocalizedFailureReason=(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)}> I've added the entitlements for: Audio, AirPlay, and Picture in Picture Background fetch Remote notifications Background processing Help is appreciated!

We have started creating third-party applications and for that we required to apple certificate and initially created multiple certificate (application and installer), later on realises that one can be enough to approve multiple application. Now we are not seeing any option to remove or revoke the certificates so that we can create new certificate. Support team also not able to help on this. What should we do to create new certificate?

Searching for insight on the best and most compliant way to essentially merge two apps. They have the same functionality but one is much more advanced than the other, although the legacy app has a higher user count. Instead of letting both run, we want to push the legacy app an update with the code from the new app and ultimately kill the newer one. What is the best way to do this? Is it allowed to simply push the source code from new app to legacy and update the identifier? We do not wan't to break any app store rules and want to limit the potential of losing users by forcing them to download a new app.