Hi,
We developed a app for iPhone and Apple Watch. The app has been tested and it worked well on iPhone SE and Apple Watch Series 6 running earlier OS. We recently upgraded the Apple Watches to Series 9 & watchOS 10.5, and the iOS on the same iPhone is upgraded to 17.4.1. The app can still be built on the iPhone but when I tried to install the app on the new Apple Watch, it won't work and shows "This app cannot be installed because its integrity could not be verified." To make sure it's not a OS issue, I also upgraded the watchOS on the old Apple Watch Series 6 to 10.5 and the app worked. I wonder what cause the app fail on the newer Apple Watch running the same watchOS.
Thank you
Demystify code signing and its importance in app development. Get help troubleshooting code signing issues and ensure your app is properly signed for distribution.
Post
Replies
Boosts
Views
Activity
I'm getting the following crash in my app
Incident Identifier: 5321CD04-430E-4B10-9467-F416E792F3D6
CrashReporter Key: 1414d117f3d2793f073dc033c9395dccac5f6020
Hardware Model: iPad12,1
Process: XxXxXx [591]
Path: /private/var/containers/Bundle/Application/8A296C9B-52EF-4288-B102-58868A7FD139/XxXxXx.app/XxXxXx
Identifier: co.XxXxXx.XxXxXx.J873G84M8Q
Version: 1.10 (1.10.6)
Code Type: ARM-64 (Native)
Role: Foreground
Parent Process: launchd [1]
Coalition: uk.co.XxXxXx.XxXxXx.J873G84M8Q [522]
Date/Time: 2024-07-22 14:37:00.3901 +0100
Launch Time: 2024-07-22 14:37:00.1082 +0100
OS Version: iPhone OS 17.2 (21C62)
Release Type: User
Report Version: 104
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Subtype: KERN_PROTECTION_FAILURE at 0x000000010c61c000
Exception Codes: 0x0000000000000002, 0x000000010c61c000
VM Region Info: 0x10c61c000 is in 0x10c61c000-0x10c620000; bytes after start: 0 bytes before end: 16383
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
MALLOC_LARGE 10c5e4000-10c61c000 [ 224K] rw-/rwx SM=PRV
---> JS JIT generated code 10c61c000-10c620000 [ 16K] r--/rw- SM=PRV
GAP OF 0x613cc000 BYTES
Stack Guard 16d9ec000-16d9f0000 [ 16K] ---/rwx SM=NUL
Termination Reason: SIGNAL 10 Bus error: 10
Terminating Process: exc handler [591]
Triggered by Thread: 0
I'm assuming that I need to add the following entitlement to Entitlements.plist
<key>com.apple.security.cs.allow-jit</key>
<true/>
From within XCode I can see how to do this, what I can't figure out is how to do the same thing on our CI server without manually managing the signing process of the application using codesign.
How can I add the above entitlement to my application using xcodebuild or is this even possible?
notarytool-2024-07-23-143951.ips
I
notarytool-2024-07-23-105410.ips
have two Mac machines and running the same Python script as a CGI script in an Apache webserver (httpd) installed via Homebrew.
The Python script calls the subprocess.run() method to call the notarytool via xcrun.
On one server the script runs as expected in the webserver environment and on the other machines it gets an exit code (-)4; SIGILL.
On the machines where it fails, the notarytool command works from console, as expected. Additionally, it works if I run the script directly with Python in the console.
I launch the same command in a Perl script in the webserver and the same exit code / issue occured.
I have the same installed version and setup on both servers for
Homebrew
Apache Webserver (httpd)
Python version (3.9.6)
xcrun --version: xcrun version 61.
xcrun notarytool --version: 1.0.0 (27)
the Mac machines are identical, both are bought and set up at the same time
The see similar topics at:
https://forums.developer.apple.com/forums/thread/724995 Notarytool was used on a machine as an agent via Jenkins job
https://github.com/moses-palmer/pynput/issues/366#issuecomment-1364470827 used Python, gets the same exit code, used in multi-thread environment (maybe like a webserver)
After my application was singed on the mac runner, I got an error when my application was uploaded from my Mac runner to the Notarization service.
Here is my error:
Notarization ended with response: {"uuid":"my_uid","notarizationStatus":{"status":"ERROR","message":"Error happened while uploading file to Apple notarization service","moreInfo":"net.jodah.failsafe.FailsafeException: java.util.concurrent.ExecutionException: Error while parsing the output after the upload of the file to be notarized"}}
Does anyone know how to fix it?
Thank you very much!
Is CertificateSigningRequest.certSigningRequest needed by Transporter for a very plain Mac application like the default Xcode Application App (from new Project) ?
I use launch constraints in a project. If I archive the project and save a copy of the app locally, everything works as expected but if I choose "Direct Distribution" and submit the app to Apple for notarization, the notarized app does not contain any launch constraints. What are I am doing wrong? Thanks.
In my account, there is already a driver kit usb transport vendor id(4070) in the Identifiers capability . I posted a new request for new usb vendor id(14203) , and there are now 2 driver kit usb transport vendor id entitlement in the account's identifiers, one is for old id (4070), another is not for new id(14203).
so how can I add a new usb vendor id ? or change the old one?
Hi
I have an error message from running an iOS emulator, and it seems there's a problem because Xcode wants to sign something.
I have noticed that when running my code for testing, that it is being run in ios-release mode. I have thought that maybe Xcode would not want to sign if the code was being run in ios-debug mode - because Xcode didn't have this interest in signing problem before.
Confirmed: "Building com.example.appName for device (ios-release)..."
Error confirmation: "No valid code signing certificates were found. You can connect to your Apple Developer account by signing in with your Apple ID in Xcode and create an iOS Development Certificate ..."
My preference is to test/develop at this point without Apple Developer. This was possible for a long time before.
Advice: "Or run on an iOS simulator without code signing"
It seems that if Xcode were not interested in code signing that I wouldn't have this error preventing me.
How can I configure Xcode so that code signing is skipped and the code testing occurs without a reference to my Apple Developer account please?
If you can assist to resolve with these queries, that would be cool and greatly appreciated.
With thanks.
App.xcodeproj: error: Revoke certificate: Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain.
App.xcodeproj: error: No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "T....." with a private key was found.
From the above error during build, I do not know what I am supposed to do to fix this issue. The build was working few days back and today it is giving this error.
Hi,
python "import foundation" crushes without error message (but with a macos crush report) if the app is codesigned with Developer ID Application Certificate.(Without codesign, it works fine.)
1-test_simple_foundation.py(already attached):
import socket
import Foundation
print("hallo")
2-Install Nuitka:
pip install Nuitka
3-Generate App File via Nuitka:
echo *** | sudo -S python3.9 -m nuitka --run --standalone --macos-create-app-bundle --macos-app-mode=ui-element --macos-app-icon=icons/app_icon.png --include-data-dir=icons=icons test_simple_foundation.py
4-Copy app file under /applications
5-Execute test_simple_foundation.app file from terminal ./Applications/test_simple_foundation.app/Contents/MacOS/test_simple_foundation and observer that "hallo" is printed out
6-Codesign with following sh file(already attached):
7-Execute test_simple_foundation.app file from terminal ./Applications/test_simple_foundation.app/Contents/MacOS/test_simple_foundation and observer that code freezes with a macos crush report(already attached), after import Foundation nothing printed out.
MacOS_crush_report.txt
build-app_no_sand-sh.txt
test_simple_foundation-py.txt
pip list freeze.txt
app.entitlements.txt
Requirement:
python3.9 -m nuitka --version
1.9rc5
Commercial: None
Python: 3.9.12 (v3.9.12:b28265d7e6, Mar 23 2022, 18:22:40)
Flavor: CPython Official
Executable: /Library/Frameworks/Python.framework/Versions/3.9/bin/python3.9
OS: Darwin
Arch: x86_64
Version C compiler: /usr/bin/clang (clang).
MacOS: Sonoma 14.2.1
1,6 GHz Dual-Core Intel Core i5
8 GB 2133 MHz LPDDR3
I'm new to iOS development so forgive me if this question sounds naive. I have an iPhone 15 Pro currently registered to a coworker but I would like to test my apps on that iPhone when he is not working on it. In order for me to test on that phone, do I need to wipe that iPhone and re-register under my name? Is there anyway to switch between accounts on the iPhone?
Im using a git actions CI/CD pipeline for my automated deployment and I'd like to include notarisation in this process. Right now when I'm submitting for notarisation manually/locally it's taking around 24 hours and then is eventually successfully accepted. \
Using a git actions server to do this has a cost per minute (and an even higher cost at 10x per minute for a Mac-OS machine), so notarising with a 24hr turn around time is not feasible.
Ive submitted my application many times and it's been the same experience each time taking around 24 hours and then being accepted. How can I shorten the time frame on this or even find out what I might be doing wrong to cause such a long time for a response?
here my log:
{
"logFormatVersion": 1,
"jobId": "3ccf4652-60dc-4fd1-b281-23d49b2b7bb1",
"status": "Accepted",
"statusSummary": "Ready for distribution",
"statusCode": 0,
"archiveFilename": "AudioMap.dmg",
"uploadDate": "2024-07-14T16:51:02.848Z",
"sha256": "614c5992133d61094b39b6a5d00a225d2fc7efe78ab0e59cd47c78275602cb59",
"ticketContents": [
{
"path": "AudioMap.dmg",
"digestAlgorithm": "SHA-256",
"cdhash": "9d4f500a2fd49769b99f921d3fbe8ef753604abe"
},
{
"path": "AudioMap.dmg/AudioMap.app",
"digestAlgorithm": "SHA-256",
"cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77",
"arch": "arm64"
},
{
"path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib",
"digestAlgorithm": "SHA-256",
"cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938",
"arch": "arm64"
},
{
"path": "AudioMap.dmg/AudioMap.app/Contents/MacOS/AudioMap",
"digestAlgorithm": "SHA-256",
"cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77",
"arch": "arm64"
},
{
"path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib",
"digestAlgorithm": "SHA-256",
"cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938",
"arch": "arm64"
}
],
"issues": null
}
Due to changes in macOS 15 Sequoia with respect to container privacy/privileges, I have observed warnings with one of my apps (non-sandboxed) when its subsidiary crash reporter process tries to access the host app's data folder.
I THINK I've worked around this issue by granting the crash reporter and the host app access to the same application group. I'm not 100% sure how all this works except that the problem went away :)
The problem is, once the problem goes away on a given system, it goes away for good! Even with subsequent attempts to open a version of the app before the fix was in place, the system warning is not presented. I've tried to reset SystemPolicyAppBundles on the app via tccutil, but it makes no difference.
Using the wisdom from one of Quinn's posts (https://developer.apple.com/forums/thread/706442) I set up a log stream invocation to try to gather clues, and I notice that when I launch my app now, I see messages like:
Found provenance data on process: TA(82542d1beaf132a6, 2), 51084
Process was already in provenance sandbox, skipping: 51084, TA(82542d1beaf132a6, 2)
I suspect this "provenance" may reflect the change in how the system treats my application.
First: I wonder if it's a bug that any change in "provenance" should retroactively apply to versions of the app before the change was made. Second, I wonder if there's some way to RESET this provenance so that I can reproduce the bug again? I might be able to reproduce it by changing the bundle ID for the app but for purposes of testing against existing, shipped versions of the app, I'd love to be able to reset things for sanity-checking.
I need signingkey, signingkeyId, TeamIdentifier and BundleIdentifier for a project (aws sns) but i want to have these in free apple developer account how can i do this, any help will be appreciated
when I trying to run my App in mac or iPhone, Xcode alert "Revoke certificate", and when I click "Revoke Certificate", it begin loading ,then become"Certificate installation failed". and if I click try again, it become "Revoke certificate" again, how to I resolve this problem.
"My .dmg notarization has taken more than 12 hours. Who should I contact for assistance?"
Successfully received submission info
createdDate: 2024-07-09T13:01:15.078Z
id: 62b98f94-e554-4194-a84c-3ec621311d47
name: SecuCompRSA.dmg
status: In Progress
Xcode:15.3.
macOS:14.3(23D56)
Hi,
I am getting following error from following command, although I am 100% sure that I am entering the right credentials:
Command:
xcrun notarytool store-credentials "MY_PROFILE" --apple-id “***” --team-id "yyy" --password "zzz"
Error:
Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct.
***->https://appleid.apple.com/account/manage/email and phone number -> apple id email (email address used for developer account)
yyy->https://developer.apple.com/account#MembershipDetailsCard/Team ID -> 10 digit nummer
zzz->https://appleid.apple.com/account/manage/App-Specific Passwords created and used
I just copy pasted every single item from the defined locations above.
I would appreciate for an answer.
Best Regards
My company is developing internal security software to deploy exclusively on corporate Mac endpoints. We are using the Endpoint Security framework, which requires the restricted com.apple.developer.endpoint-security.client entitlement. We were granted development access to this entitlement, but we have been denied distribution access. It's not practical to use ad-hoc provisioning for distributing the app internally to our users. Unfortunately the brief denial message did not provide any advice for a path forward.
If my company signed up for the Apple Developer Enterprise Program (https://developer.apple.com/programs/enterprise/), is it possible to grant the Endpoint Security entitlement for internal enterprise distribution? Otherwise, we appear to be stuck and unable to use Endpoint Security for our internal applications.
I received an app from 3rd party and need to sign it with my cert, but after following the work flow I get errors in iResign.
Create a Distribution Certificate
Create an Apple Developer Application Identifier
Create and Install a Push SSL Certificate
Create App Distribution Certificate (1 for all Ramco Apps)
Create an Apple Developer Provisioning Profile
Sign the App with iResign
Upload to Workspace One environment
I get this error when I run iResign;
/var/folders/qd/z7m3dzs52rddmlvcpm_ghyl00000gn/T/com.appulize.iresign/Payload/RamcoEFBiOS.app: replacing existing signature
Warning: unable to build chain to self-signed root for signer "iPhone Distribution: PHI, INC."
/var/folders/qd/z7m3dzs52rddmlvcpm_ghyl00000gn/T/com.appulize.iresign/Payload/RamcoEFBiOS.app: errSecInternalComponent
/var/folders/qd/z7m3dzs52rddmlvcpm_ghyl00000gn/T/com.appulize.iresign/Payload/RamcoEFBiOS.app: invalid Info.plist (plist or signature have been modified)
In architecture: arm64
I've tried to find answers on these forms but could not find anything to help me. If anyone has some insight on this please let me know.
Been using Xcode for a while with C++ set to sign locally (and objC before that). All worked ok. Looking to learn swift. Created a new, blank MacOS project, which starts compiling the template project (no code added yet by me) and fails with error "Command CodeSign failed with a nonzero exit code". It's set to automatically manage signing. I have valid development certificates. I've read lots of forum articles etc but unable to resolve.
Error description "resource fork, Finder information, or similar detritus not allowed" but it's exclusively apple code at this stage so would not expect any non-compliant files to be involved.
Any suggestions as currently I've fallen at the first hurdle on my Swift journey?
Full codesign command line below:
Signing Identity: "Apple Development: Steve Proctor (XXXXXXX)"
/usr/bin/codesign --force --sign xxxxxx -o runtime --entitlements /Users/steve/Documents/dev/t1/Build/Intermediates.noindex/Previews/macos/t1/Intermediates.noindex/t1.build/Debug/t1.build/t1.app.xcent --timestamp\=none --generate-entitlement-der /Users/steve/Documents/dev/t1/Build/Intermediates.noindex/Previews/macos/t1/Products/Debug/t1.app
/***/t1.app resource fork, Finder information, or similar detritus not allowed
Command CodeSign failed with a nonzero exit code