We're seeing an issue where our app builds that previously were working suddenly started failing to install through TestFlight. When the user hits Update in TestFlight, they get an error message "The profile can't be installed. Try again.". Double checked the certificates and provisioning profiles, rebuilt and deployed the app, still same issue. We subsequently tried side loading the ipa file using XCode hoping for more detail. The install failed there as well, with the following error message: "Attempted to install a Beta profile without the proper entitlement." Seems like a good lead but haven't found much. Our provisioning profiles have the "beta-reports-active: true" entitlement and anyway haven't changed since it was working previously. Any idea what could be going on here? Here's the full error from XCode: Error installing 'APP.ipa', ERROR: Error Domain=com.apple.dt.CoreDeviceError Code=3002 "Failed to install the app on the device." UserInfo={NSLocalizedDescription=Failed to install the app on the device., NSURL=file:///APP.ipa, NSUnderlyingError=0x60000372ea00 {Error Domain=IXUserPresentableErrorDomain Code=14 "Unable to Install “APP”" UserInfo={NSUnderlyingError=0x60000372e5e0 {Error Domain=MIInstallerErrorDomain Code=13 "Failed to install embedded profile for com.domain.app : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.)" UserInfo={FunctionName=-[MIInstallableBundle _installEmbeddedProfilesWithError:], LegacyErrorString=ApplicationVerificationFailed, SourceFileLine=308, LibMISErrorNumber=-402620385, NSLocalizedDescription=Failed to install embedded profile for com.domain.app : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.)}}, NSLocalizedDescription=Unable to Install “APP”, NSLocalizedRecoverySuggestion=Failed to install embedded profile for com.domain.app : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.), NSLocalizedFailureReason=This app cannot be installed because its integrity could not be verified.}}} Domain: com.apple.dt.DVTCoreDevice Code: -1 User Info: { DVTErrorCreationDateKey = "2024-06-19 19:40:04 +0000"; } -- System Information macOS Version 14.2.1 (Build 23C71) Xcode 15.2 (22503) (Build 15C500b) Timestamp: 2024-06-19T14:40:04-05:00

Hello,I have released macOS version of my game before iOS Version, after releasing macOS version, cannot run & debug my game on Xcode getting error ; Provisioning profile "iOS Team Provisioning Profile: com.codepad.motorush" doesn't include the com.apple.application-identifier entitlement. please take a look to screenshot view.

Summary We have a .net 8 application that consists of 2 components, a GUI app and a launch daemon. The .pkg file for the GUI app is created by Visual Studio, and this .pkg is then bundled with the launch daemon into one installer using the packagesbuild utility. The problem we're facing is that our customer's MDM system is refusing to install the app because of a missing lock icon in the installer, which makes it look as if the app was not signed even though it is (shown on the right in the image below). Installer package contents The .pkg file created by packagesbuild contains the GUI app .pkg file shown on the left in the image above, signing of this file is handled by the .net build process. It also contains two third party .dylib files (one for intel, the other for arm), which are re-signed with the following command: codesign --sign "Developer ID Application: [...]" \ --force --options runtime --no-strict \ "<file-path>" The launch daemon is build with .net and then signed using this command: codesign --sign "Developer ID Application: [...]" \ --force --options runtime --no-strict \ --entitlements "<entitlements-path>" \ "<file-path>" I don't know if it's relevant, but there are also several .plist and .json files. Final package signing The .pkg file created by packagesbuild is signed using: productsign --sign "Developer ID Installer: [...]" \ --cert "Developer ID Installer: [...]" \ "com.optimidoc.cloudclient.pkg" \ "com.optimidoc.cloudclientsigned.pkg" After signing, the package is notarised with xcrun notarytool. Both the signing and notarisation finish without error, which I've validated by running pkgutil --check-signature "<file-path>" Package "com.optimidoc.cloudclientsigned.pkg": Status: signed by a developer certificate issued by Apple for distribution Notarization: trusted by the Apple notary service Signed with a trusted timestamp on: 2024-06-13 11:41:57 +0000 Certificate Chain: 1. Developer ID Installer: OptimiDoc s.r.o. (2YMBVCM8TM) Expires: 2028-03-01 07:37:30 +0000 SHA256 Fingerprint: 02 E2 C1 A0 06 E1 C1 A2 FF 70 BD CD A5 47 43 B2 DB CF 62 BB 6D D4 90 69 3E 7C C8 A7 29 73 7D 69 ------------------------------------------------------------------------ 2. Developer ID Certification Authority Expires: 2031-09-17 00:00:00 +0000 SHA256 Fingerprint: F1 6C D3 C5 4C 7F 83 CE A4 BF 1A 3E 6A 08 19 C8 AA A8 E4 A1 52 8F D1 44 71 5F 35 06 43 D2 DF 3A ------------------------------------------------------------------------ 3. Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 68 C5 BE 91 B5 A1 10 01 F0 24 What I've tried I played around with the signing process for a few days but I was unable to figure out where the installer UI gets the certificate information from. I've tried limiting the files included in the final .pkg file. First I tried only including the GUI app .pkg with a known good signature. I also tried only including the launch daemon executables. All to no avail. In regard to the packagesbuild utility, I noticed the --identity option, but at the moment I'm stuck with an "unknown error" message: The command is: packagesbuild "com.optimidoc.cloudclient.pkgproj" -v \ --identity "Developer ID Installer: [...]" \ --keychain "/Library/Keychains/System.keychain" And the output I get is: Building Project (11:56:49) at path: [...] ------------------------------------------------------------------------------ Build Folder (done) Package "com.optimidoc.cloudclient" Payload Assemble file hierarchy (done) Split forks (done) Create bill of material (done) Create pax archive (done) Scripts Assemble file hierarchy (done) Split forks (done) Create pax archive (done) PackageInfo (done) Create xar archive ============================================================================== ERROR: Description: Unknow Error ============================================================================== Build Failed I think the --identity option is the way forward, but I don't know how to debug the "unknown error" message. I've sunk a few days into this problem already, so any help would be greatly appreciated. I'll update the post if I have any news.

Error code 1 "bundle format unrecognized, invalid, or unsuitable" Yea, I'm trying to codesign a python app which has been bundled with py2app, but without success. The codesign process logs a whole bunch of files with the above error. def sign_file(file_path, certificate_common_name, hardened_runtime=False): sign_command = [ "codesign", "-s", certificate_common_name, "--force", "--timestamp", "-v", file_path ] if hardened_runtime: sign_command.append("--options=runtime") success, message = run_command(sign_command) there are literally hundreds of files that fail, and the path may look something like this; code/dist/Impulse.app/Contents/Resources/lib/python3.10/plotly/validators/splom/marker: Needless to say that notorization returns "failed" Any help would be greatly appreciated. Steven

Hi, I'm getting the following error while uploading the iOS build from Xcode: Profile doesn't include the com.apple.CommCenter.fine-grained entitlement. when uploading my app to App Store Connect. The build is getting succeeded but I'm not able to upload it to app store connect.Any help or suggestions will mean a lot. Thanks!

Hello everyone, I'm encountering an issue with Xcode's automatic signing feature. I've enabled "Automatically manage signing" and selected my development team, but instead of displaying the team ID, Xcode shows a star (*) in its place. Here's a bit more context: "Automatically manage signing" is enabled in the project settings. The selected team works perfectly in other projects. I've double-checked that the team is properly set up and has valid signing certificates. Despite these steps, Xcode still displays a star (*) instead of the actual team ID. This issue is preventing me from proceeding with my project. Has anyone else experienced this problem or have any suggestions on how to fix it?

Error: { “logFormatVersion”: 1, “jobId”: “1654af2a-ff0e-46ff-8839-5c374e63228b”, “status”: “Invalid”, “statusSummary”: “Archive contains critical validation errors”, “statusCode”: 4000, “archiveFilename”: “LocalApp-macosx.zip”, “uploadDate”: “2024-06-12T05:33:53.719Z”, “sha256”: “28ffff0e2c33b2f57a9f1c25677e84232bfa04b1ef5341130afbbf18093ba0ab”, “ticketContents”: null, “issues”: [ { “severity”: “error”, “code”: null, “path”: “LocalApp-macosx.zip/LocalApp-macosx.app/Contents/Resources/Java/Disk1/InstData/Resource1.zip/$BUILD_ROOT$/Desktop/collaborator.app_zg_ia_sf.jar/Contents/MacOS/applet”, “message”: “The signature of the binary is invalid.”, “docUrl”: "“Resolving common notarization issues | Apple Developer Documentation ", “architecture”: “i386” }, { “severity”: “error”, “code”: null, “path”: “LocalApp-macosx.zip/LocalApp-macosx.app/Contents/Resources/Java/Disk1/InstData/Resource1.zip/$BUILD_ROOT$/Desktop/collaborator.app_zg_ia_sf.jar/Contents/MacOS/applet”, “message”: “The signature of the binary is invalid.”, “docUrl”: ““Resolving common notarization issues | Apple Developer Documentation”, “architecture”: “x86_64” } ] } Why is the binary regarded as invalid and what remedy is recommended?

Hi, I want to resign my app with a different certificate. Is it possible to keep the entitlements (including com.apple.application-identifier)? I want to resign the whole app including the plugins and frameworks, but I saw --deep was considered harmful. Sorry, I'm a bit confused. Any help would be appreciated.

When I build with Flutter, XCODE returns an error:error: exportArchive: "Runner.app" requires a provisioning profile with the Associated Domains and Push Notifications features. I use the automatic management signing, and the provisioning profiles include related features. What should I do?

A few months ago I requested access to the com.apple.developer.contacts.notes entitlement, which I now have access to. While running on 'Debug' build configuration, everything works as expected. When creating a 'Release' build, however, the entitlement does not appear to be included with the app, as the console reports that fetching the note for each contact fails. When I try to add the "Contact Notes" capability in Xcode, under the 'Release' tab in the project settings, the capability appears for a few seconds, then disappears when I move to a different tab and return. This does not happen for the 'Debug' configuration. Attempted Resolutions: Changing the signing configuraiton from 'Automatic' to 'Manual', using a manually generated provisioning profile. I manually inspected the provisioning profile using the terminal to ensure it included the entitlement. Creating a separate entitlement file with com.apple.developer.contacts.notes, adding it to the root of the project. Ensuring that the path to this file is correct on the 'Release' configuration. Ensuring 'Contacts Notes Field Access' is enabled under 'Additional Capabilities' in the Developer portal. Adding the capability on Xcode. Below is the inspector displaying the provisioning profile for the 'Debug' Configuration: And the following image below shows the inspector details for the 'Release' Configuration provisioning profile: When I use a manual provisioning profile and an entitlements file at the root of the project, Xcode displays this strange error:

We have a MacOS app that we distribute outside of the App Store. The App has an embedded provisioning profile that is still valid. We would like to add the Associated Domains capability to the app ID. Does that require regenerating a new provisioning profile and embedding it into a new version of App? If we do that, does that mean that the old provisioning profile will become invalid and the old Apps that are still running with it will stop working? Is there a way to make the transition to the new provisioning profile smooth without any downtime?

App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.xx.pkg/Payload/xx.app//Contents/Resources/ss-local", "ccom.xx.pkg/Payload/xx.app//Contents/Resources/v2ray-plugin" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. (ID: ca7d4fde-0f0d-4a71-9eee-a01692797549)

I encountered a signature issue, codesign -f -s "Developer ID Application: ***" /Users/leagsoft/Desktop/uninstall /Users/leagsoft/Desktop/uninstall: replacing existing signature Warning: unable to build chain to self-signed root for signer "Developer ID Application:***" /Users/uninstall: errSecInternalComponent but using Sodu can sign normally

We have requested an additional capability called "User Assigned Device Name" for my application to Apple and got approved the same on for debug/adhoc/release environments . Since then we are facing issues on code signing. We are always getting the compiler error "* Provisioning profile "xxxxxxxxxxx" doesn't support the User Assigned Device Name capability." on both Debug and Release environment. There is another capability "contacts notes entitlements" that we got approved long back when it was not apart of Apple ID(additional capabilities) rather we got approved as a part of our provisioning profile. Suppose we removed "contacts notes entitlements" from the profile and deleted it from the entitlement folder the project compiled without any error. So we are strongly believes the conflicts on the "contacts notes entitlements" is the root cause. We are about to release the version and which is blocked due to this error. So kindly look in to this issue and do the needful asap. STEPS TO REPRODUCE Added user assigned device name capability from Signing & Capability Tab in project in settings. Added the team, valid provisioning profiles and try to sign in manually. Getting the error “Provisioning profile xxxxxxxxxxxx" doesn't support the User Assigned Device Name capability." Note: Already got approval for the “user assigned device name” . Which is listed under the app id.

I developed it as Unity. Originally, I updated Unity to the latest version to fix the problem of not being able to log in to Apple. That's when I found out my team ID had changed. The current Apple membership team ID is HBEMGSUAQ3, When I check "Automatically manage sing" in Xcode Selected with the team ID "ESB392LR64". Where did this team come from all of a sudden? I've only used "HVEMGSUAQ3" for a very long time. The change in ID was a test build while developing another project yesterday, but it changed then. If I manually select the provisioning profile of my project "Failed to install embedded profile for : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.)" This error appears and the test installation is not possible.. So I created a new certificate, identifier, and profile. However, it continues to be created with the ID of "ESB392LR64". Keychain registration is also naturally registered with "ESB392LR64" status. Again, my team ID is "HVEMGSUAQ3" and there is no way to check "ESB392LR64" on my dev page... This situation suddenly appeared when my certificates were updated with the ID of "ESB392LR64" on June 12, and What I suspect is that I updated my MacBook to the latest version of OS on the day of the issue. Please let me know what's going on. I'm hoping it's not a big deal....

Hello, I've developed an application using ElectronNET with C# and Blazor Server. I have managed to deploy to both Windows and the web but having trouble deploying the application to my Mac users. It's my first time deploying an application for Mac but feel like I'm stuck at the last hurdle and out of ideas so I'm reaching out for help. My application is successfully signing but during the build and when my Notarize.js is running it seems to get stuck indefinitely. I can check and see the status of the Notarize attempts but they seem to be stuck "In Progress". Here are the logs. Successfully received submission history. history -------------------------------------------------- createdDate: 2024-06-12T22:16:35.362Z id: 26192605-001b-46ae-b622-9a79c20e1e93 name: CustomerSupportDashboard.zip status: In Progress -------------------------------------------------- createdDate: 2024-06-12T18:51:21.772Z id: 6a34501c-8f48-4986-ae5e-82a99320dcbc name: CustomerSupportDashboard.zip status: In Progress -------------------------------------------------- createdDate: 2024-06-12T15:13:44.722Z id: ea5cd928-8207-4d25-b74a-45b04960dbe0 name: CustomerSupportDashboard.zip status: In Progress -------------------------------------------------- createdDate: 2024-06-12T14:24:48.776Z id: 00ccd1f9-daa4-4bba-9a86-9f577c51f26b name: CustomerSupportDashboard.zip status: In Progress -------------------------------------------------- createdDate: 2024-06-12T14:07:43.116Z id: bf5dfa9c-9702-413b-8fbb-94017e930bcf name: CustomerSupportDashboard.zip status: In Progress These have been running for over 6hours now and it's my understanding it should take minutes, correct me if I'm wrong? Here is my Notarize script if it helps diagnose what might be happening. Although the requests seem to be going through ok so it doesn't seem likely. const { join } = require('path'); const fs = require('fs-extra'); exports.default = async function notarizing(context) { const { electronPlatformName, appOutDir } = context; if (electronPlatformName !== 'darwin') { console.log("Not a macOS platform, skipping notarization."); return; } const appName = context.packager.appInfo.productFilename; const appPath = `${appOutDir}/${appName}.app`; const zipPath = `${appOutDir}/${appName}.zip`; console.log(`Zipping the app at path: ${appPath} to: ${zipPath}`); // Zip the app await new Promise((resolve, reject) => { execFile('zip', ['-r', zipPath, appPath], (error, stdout, stderr) => { if (error) { console.error(`Failed to zip app: ${stderr || stdout}`); reject(new Error(`Failed to zip app: ${stderr || stdout}`)); } else { console.log(`Successfully zipped app: ${stdout}`); resolve(); } }); }); console.log(`Notarizing the app with Apple ID: *************.*****@*******.****`); await new Promise((resolve, reject) => { execFile('xcrun', [ 'notarytool', 'submit', zipPath, '--apple-id', '*************.*****@*******.****', '--password', '****-****-****-****', '--team-id', '**********', '--wait', '--output-format', 'json' ], (error, stdout, stderr) => { if (error) { console.error(`Notarization failed: ${stderr || stdout}`); reject(new Error(`Notarization failed: ${stderr || stdout}`)); } else { console.log(`Successfully notarized: ${stdout}`); resolve(); } }); }); }; ```

I am trying out the new xcode 16, and am trying to sign some existing apps. I have a .developerprofile from xcode 15. But I cannot find a way to import it (I think I need the private certs, in order to sign an app). There is no "import" button at the bottom of the Accounts tab, within the xcode Accounts Settings.... Is there any other way (e.g: Terminal) to import an existing .developerprofile into xcode? Or am I missing something?

I developed an iOS app for a customer and would like to upload it to his store page. I was given admin permissions , however I failed to upload the iOS build to his AppStore page. My account isn't being recognized as part of his developer team. After some googling, it appears that in order to upload an iOS build for someone else, that someone must enroll as an organisation to give me the proper certificates. My customer tried to enroll as an organisation, however he was rejected by Apple due to "Your legal structure is a Proprietorship. Apple states “If you are a Sole Proprietorship/Single Person Company, enroll as an individual.” Is there a way for me to upload the app to his Appstore page?

Errors building with manual provisioning profile and packages with PrivacyInfo.xcprivacy added. When I look at the changes in the package, the only difference is adding this .xcprivacy file. The error looks like this: PLCrashReporter_CrashReporter does not support provisioning profiles, but provisioning profile *** has been manually specified. Set the provisioning profile value to "Automatic" in the build settings editor. Using an Enterprise certificate with manually created provisioning profile, I don't have the option to choose automatic. And I can't change build settings for the swift packages. Does anyone know how I can work around this issue?

I have a pretty simply macOS application which I've just been trying to fix since a long time ago. It's origin is really old, using the apple 802.11 framework located in /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Apple80211 and it's supposed to just scan the area and display information about the local networks nearby. For some reason when I run the application and press the button to scan for local networks (wifi scan) It errors out and in the Xcode console I get Process WiFiInfo is missing entitlement required for Wi-Fi user-client access: &amp;lt;key&amp;gt;com.apple.private.driverkit.driver-access&amp;lt;/key&amp;gt; &amp;lt;string&amp;gt;com.apple.private.wifi.driverkit&amp;lt;/string&amp;gt; If I add those two lines to the entitlements, Xcode fails to sign my application and fails to build and run Provisioning profile "Mac Team Provisioning Profile: com.troger.WiFiInfo" doesn't include the com.apple.private.driverkit.driver-access entitlement. Any way I can fix this? I would really like to get this application back up to its running state as it once was before but am completely lost on how to fix this