Hi support, Currently we are in a process of migrating our Qt application for MAC OS - ventura -v13.4. There is a specific feature in our application in which client tries to communicate with server (Socket communication) using Qt's QsslSocket Apis . To achieve this we are using self signed Ca certificate (.pem ) generated by using openSSl commands which uses IP address of the server. We are manually installing the certificate inside MAC OS - keychain and trusting it manually as well after installing . This is working fine in XCode environment in debug mode in MAC OS and client -server handshake is happening successfully. How ever after creating .dmg file (installer) the same handshake is not happening and we are getting error -Connection time out. Upon investigating this online, we got to know there has to be codesigning (both app bundle and the dmg file )along with notarization of the .dmg file in order to access keychain of MAC OS at runtime to access the self signed certificate installed. Now we have 2 queries here. Is code signing mandatory if we want to verify our app through keychain with .dmg file ? If yes, whats the best way to achieve this ? We have tried 2 options without any luck. option1 - Trying to build our specific target among 'ALL_BUILD' with signing key settings inside xcode where we are providing developer provisional certificate with apple team ID . After that we are trying to archive to generate dmg file which is code signed. We are failing here as the signed dmg is not getting installed due to other app related dependencies are missing . option 2- Code signing the dmg and the app bundle manually outside the environment of xcode with developer certificate and team ID. We are failing here as notarization needs to be done it seems to access keychain for certificate verification If Code signing is not mandatory then whats the best possible way to achieve this considering manually installation of certificate inside keychain with adding trust option is not working at the moment. Please specify the best solution if possible.

Hi All, Really weird one here... I have two bundle ids with the same reverse dns name... com.company.app1 com.company.app2 app1 was installed on the device a year ago. app2 was also installed on the device a year ago but I released a new updated version and pushed it to the device via Microsoft InTunes. A year ago the vendor Id's matched as the bundle id's were on the same domain of com.company. Now for some reason the new build of app2 or any new app I build isn't being recognised as on the same domain as app1 even though the bundle id should make it so and so the Vendor Id's do not match and it is causing me major problems as I rely on the Vendor Id to exchange data between the apps on a certain device. In an enterprise environment, does anyone know of any other reason or things that could affect the Vendor Id? According to Apple docs, it seems that only the bundle name affects the vendor id but it isn't following those rules in this instance.

I will post my app xyz.app uses XY swift package this swift package is a wrapper for XYSDK.xcframework XYSDK.xcframework written in c++ and app running on arm64 macos and iphones succesfully. I got this error when i want to distribute it. Currently i sign .framework for ios with Apple Distribution Certificate and same certificate for macos framework there is no other signing step for swift package or xcframework other than that when i want to archive it validates succesfully. Exporting step shows that app has signed, has provisining profile. but .framework is only signed has no provisioning profile. Also one point i see: i have one target named xyz and its Frameworks, Lİbraries and Embedded Context has only XY package but Embed part has no option like embed and sign etc. Blank. I need more info about what am i doing wrong in which step ? I am stuck and can not move any further like weeks Error Detail: Invalid Signature. The binary with bundle identifier XYSDK at path “xyz.app/Frameworks/XYSDK.framework” contains an invalid signature. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing. (90035)

Hey, So i am trying to setup OpenGL on my mac. Specs : M2 Pro, 15.5 (24F74) Now i have setup the entire project properly as far as i know. GLFW, GLAD and the OpenGL framework. the build libraries are also reference and everything. I have also included the glad.c file in the folder. i have also kept it to run locally in signing tab. its still giving me Command CodeSign failed with a nonzero exit code All the ss are provided

I regularly see questions from folks who’ve run into code-signing problems with their third-party IDE. There’s a limit to how much I can help you with such problems. This post explains a simple test you can run to determine what side of that limit you’re on. If you have any questions or comments, please put them in a new thread here on DevForums. Put it in Code Signing > General topic area and apply whatever tags make sense for your specific situation. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Investigating Third-Party IDE Code-Signing Problems DTS doesn’t support third-party tools. If you’re using third-party tooling and encounter a code-signing problem, run this test to determine whether you should seek help from Apple or from your tool’s vendor. IMPORTANT Some third-party tools create Xcode projects that you then build and run in Xcode. While that approach is understandable, it’s not something that DTS supports. So, the steps below make sense even if you’re already using Xcode. To check that code-signing is working in general: Launch Xcode. In Xcode > Settings > Accounts, make sure you’re signed in with your developer account. Create a new project from the app project template for your target platform. For example, if you’re targeting iOS, use the iOS > App project template. When creating the project: Select the appropriate team in the Team popup. Choose a bundle ID that’s not the same as your main app’s bundle ID. Choose whatever language and interface you want. Your language and interface choices are irrelevant to code signing. Choose None for your testing system and storage model. This simplifies your project setup. In the Signing & Capabilities editor, make sure that: "Automatically manage signing” is checked. The Team popup and Bundle Identifier fields match the value you chose in the previous step. Select a simulator as the run destination. Choose Product > Build. This should always work because the simulator doesn’t use code signing [1]. However, doing this step is important because it confirms that your project is working general. Select your target device as the run destination. Choose Product > Build. Then Product > Run. If you continue to have problems, that’s something that Apple folks can help you with. If this works, there’s a second diagnostic test: Repeat steps 1 through 10 above, except this time, in step 4, choose a bundle ID that is the same as your main app’s bundle ID. If this works then your issue is not on the Apple side of the fence, and you should escalate it via the support channel for the third-party tools you’re using. On the other hand, if this fails, that’s something we can help you with. I recommend that you first try to fix the issue yourself. For links to relevant resources, see Code Signing Resources. You should also search the forums, because we’ve helped a lot of folks with a lot of code-signing issues over the years. If you’re unable to resolve the issue yourself, feel free to start a thread here in the forums. Put it in Code Signing > General topic area and apply whatever tags make sense for your specific situation.

I was working in Xcode with a free personal Team ID. I upgraded to the Dev Program and now have a paid Team ID. I used the same Apple ID for both. The paid Team ID shows up in developer.apple.com as associated with my Apple ID. However, Xcode is not using the paid Team ID in signing, it's stuck on my old personal Team ID. In addition, I'm getting provisioning errors (0xe8008015) when we try to run our app on an iPhone. Anyone have any thoughts? I've scoured the forums and ChatGPT'd, Cursor'd, etc...all of the suggested fixes do not work. This almost seems like Apple needs to make my Apple ID associated with the paid Team ID or something, to start. Thanks all.

Can you please help us with the scenario below, including details and Apple’s recommendations? I've already read through the Notarization and Gatekeeper documentation. The installed version of our application is 1.2.3, located in /Applications/XYZSecurity.app. We created an upgrade package for version 1.2.4. As part of the pre-install script in the 1.2.4 installer, we explicitly deleted some obsolete .dylib files from /Applications/XYZSecurity.app/Contents/Frameworks and some executable files from /Applications/XYZSecurity.app/Contents/MacOS that were no longer needed in version 1.2.4. The installation of version 1.2.4 completed successfully, but we see the below error logs in installer.log: PackageKit: Failed to unlinkat file reference /Applications/XYZSecurity.app/Contents/Frameworks/libhelper.dylib PackageKit: Failed to unlinkat file reference /Applications/XYZSecurity.app/Contents/MacOS/helper-tool Our Key Questions: Is it the right practice to remove obsolete files in the pre-install script during an upgrade? Is this approach recommended by Apple? Can this cause any issues with Apple Gatekeeper? Is there a possibility of my application getting blocked by Gatekeeper as a result?

Hi, This is my first time developing for iPhone, and I believe I have encountered an unusual edge case related to user management. Background: I work at a very small company currently in the proof-of-concept stage of building an iOS app. We created an Apple account under the company name: Green Vibe, using our corporate email. Initially, I developed the app under the free account on my local iPhone, and everything worked smoothly. When NFC functionality became necessary, we upgraded to a paid Apple Developer account. At that point, I enrolled as a developer under my personal name (Or Itach) while logged in with the Green Vibe Apple account. I want to emphasize that only one Apple account was created — the Green Vibe account. The Issue: When attempting to add NFC, I was able to create the required certificate under the name Or Itach. However, when compiling the project, Xcode prompts me to enter the login password for the user Or Itach. This is problematic because there is no Apple ID associated with that name — only the Apple Developer enrollment under Green Vibe exists. Request: Could you please advise on the proper way to resolve this situation? Specifically: Should the developer enrollment be tied directly to the Green Vibe account rather than to an individual name? How can I correctly configure the account so that Xcode no longer requires a nonexistent Apple ID password? Thank you very much for your support and clarification.

General: Forums topic: Code Signing Forums subtopics: Code Signing > General, Code Signing > Certificates, Identifiers & Profiles, Code Signing > Notarization, Code Signing > Entitlements Forums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Bundle Resources > Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to the other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained forums post --deep Considered Harmful forums post Don’t Run App Store Distribution-Signed Code forums post Resolving errSecInternalComponent errors during code signing forums post Finding a Capability’s Distribution Restrictions forums post Signing code with a hardware-based code-signing identity forums post New Capabilities Request Tab in Certificates, Identifiers & Profiles forums post Isolating Code Signing Problems from Build Problems forums post Investigating Third-Party IDE Code-Signing Problems forums post Determining if an entitlement is real forums post Mac code signing: Forums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding nonstandard code structures in a bundle documentation Embedding a command-line tool in a sandboxed app documentation Signing a daemon with a restricted entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example forums post The Care and Feeding of Developer ID forums post TestFlight, Provisioning Profiles, and the Mac App Store forums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I'm currently befuddled by the entire signing and certificate process. I don't understand what I need, what the team admin needs to do, or how to go about doing it so that I can build the project. We've managed to have this working in the past but I guess the system has changed somewhat. Here's what we have going: A Unity project which hasn't changed from a few years ago. I build the project in unity, open the Xcode project and this: There's an issue with the Signing and Capabilities. If I choose automatic setup it shows an error saying that it requires a development team. I had the account admin add my Apple ID to the team so I'm not sure why that's an issue still. Do I need to pay the 99$ to be able to building Xcode? If I try to do it manually I select the provisioning profile that the account admin sent me and it auto selects the team associated with the provisioning profile I guess but then there's no singing certificate. The error says: There is no signing certificate "iOS Development" found. No "iOS Development" signing certificate matching team ID "V7D5YBZRMV" with a private key was found. So, if someone could explain to me like I'm 5 the entire signing and certificate process is and let me know what we're doing wrong with the team/provisioning profile/certificate setup I would be very much appreciative.

Hi, I am a long time programmer in C#, and newer to Rust, and a rookie to MacOS 15.1. Over the past few days I have made numerous attempts to run a Rust GUI binary that I compiled on Mac. Here are some examples of things I have tried using. Executable compiled in M1 mac not running on Apple Silicon Mac - help - The Rust Programming Language Forum And here.... How to run unsigned apps in macOS 15.1 Also here... "sudo spctl --master-disable" There are many more that I have tried. I also tried moving the binary from my developer folder to the Application folder and running.... xattr -r -d com.apple.quarantine /Applications/csv Note that "csv" is the name of my binary. You have probably seen this 100 times, so can you point me to me to something that allows my Rust binaries to run under MacOS? PS The Rust program code works just fine under Linux. I can either type Cargo Run and run the binary from the Terminal or go directly to the executable and double click on it to open the GUI application. The only thing that MacOS lets me do it open the GUI from the Terminal. Commander One says that I do not have the proper credentials to open the file directly. Finder also does not allow me to open the binary directly. Thanks, Jim

from; tkinter; import * from; tkinter; import ttk import random import time import sqlite3 #Connect; to; the; database (create, if it doesnot exist) conn = sqlite3.connect("quiz_database.db") c = conn.cursor() Create the table if it doesnot exist c.execute(""'CREATE TABLE IF NOT EXISTS questions (id INTEGER PRIMARY KEY AUTOINCREMENT, question TEXT, answer1 TEXT, answer2 TEXT, correct_answer INTEGER)""') conn.commit() Sample data (replace with your own questions) sample_questions = [ ("Is the Earth flat?", "True", "False", 2), ("Do birds fly?", "True", "False", 1), ("Is water wet?", "True", "False", 1), ("Can humans breathe underwater?", "True", "False", 2), ] c.executemany("INSERT OR IGNORE INTO questions (question, answer1, answer2, correct_answer) VALUES (?, ?, ?, ?)", sample_questions) conn.commit() class QuizApp: def init(self, master): self.master = master master.title("True/False Quiz") # Initialize variables self.questions = [] self.current_question = 0 self.score = 0 self.start_time = 0 self.time_limit = 60 # Time limit in seconds # Get questions from the database self.load_questions() # Create GUI elements self.question_label = Label(master, text="", font=("Arial", 16)) self.question_label.pack(pady=20) self.true_button = Button(master, text="True", command=lambda: self.check_answer(1), width=15) self.true_button.pack(side=LEFT, padx=10) self.false_button = Button(master, text="False", command=lambda: self.check_answer(2), width=15) self.false_button.pack(side=RIGHT, padx=10) self.feedback_label = Label(master, text="", font=("Arial", 12)) self.feedback_label.pack(pady=10) self.timer_label = Label(master, text="Time Left: 60s", font=("Arial", 12)) self.timer_label.pack() self.progress_bar = ttk.Progressbar(master, orient=HORIZONTAL, length=200, mode="determinate") self.progress_bar.pack(pady=10) self.start_quiz() def load_questions(self): c.execute("SELECT * FROM questions") self.questions = c.fetchall() random.shuffle(self.questions) def start_quiz(self): self.start_time = time.time() self.display_question() self.update_timer() def display_question(self): if self.current_question < len(self.questions): question = self.questions[self.current_question] self.question_label.config(text=question[1]) # Display the question self.progress_bar["maximum"] = len(self.questions) self.progress_bar["value"] = self.current_question + 1 # Update progress bar def check_answer(self, selected_answer): correct_answer = self.questions[self.current_question][4] if selected_answer == correct_answer: self.feedback_label.config(text="Correct!", fg="green") self.score += 1 else: self.feedback_label.config(text="Incorrect!", fg="red") self.current_question += 1 if self.current_question < len(self.questions): self.display_question() else: self.end_quiz() def update_timer(self): elapsed_time = time.time() - self.start_time remaining_time = self.time_limit - elapsed_time if remaining_time > 0: self.timer_label.config(text=f"Time Left: {int(remaining_time)}s") self.master.after(1000, self.update_timer) else: self.end_quiz() def end_quiz(self): self.true_button.config(state=DISABLED) self.false_button.config(state=DISABLED) self.feedback_label.config(text=f"Quiz Over! Your score: {self.score}/{len(self.questions)}") Run the application root = Tk() app = QuizApp(root) root.mainloop() Close the database connection conn.close()

Hi, I know my swiftui, but I'm completely new to macOS development. Using Xcode 16.2 I wrote a backup app that fits my needs. I got it to use iCloud Documents in its own container. It runs beautifully on my developing Mac. When I copy it over to my other Mac and try to open it, I just get a message that macOS can't open the app ("Das Programm kann nicht geöffnet werden") In terminal I get this message: "embedded provisioning profile not valid: file:///Users/niko/FlexBackup.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." I have "automatically manage signing" turned on and a Xcode Managed Profile. How can I run my app on all of y Macs?

Hi at all, is there a way to count how many files have been marked with the codesign? Thanks in advance

I'm having a problem with codesign for output from Pyinstaller The files are in ~/PycharmProjects/ALP_Document_Factory_II That folder contains the icon file, the entitlement file, and also contains a "dist" folder where Pyinstaller places the app file (ALP_Document_Factory_II.app) The generated app works and runs when I double click it. When I run codesign: codesign -s xxxxxxxx -f --entitlements entitlements.plist -o runtime dist/ALP_Document_Factory_II.app ("xxxxxxx" is where I place the hash of my credential) I get the following error message: No such file or directory Here is the Terminal copy... minus my Hash dickl45@Dicks-iMac3 ALP_Document_Factory_II % codesign -s xxxxxxxxxx -f --entitlements entitlements.plist -o runtime dist/ALP_Document_Factory_II.app dist/ALP_Document_Factory_II.app: No such file or directory Earlier I was able to use codesign and notarytool, but I must be doing something wrong that I can't see. Yours baffled MacOs 15.2

Hi, For the purposes of iteration speed in development builds, on an iPhone in development mode, I am attempting to use hot reloaded dylibs. The goal is that the app is rarely fully restarted and small code changes can be applied quickly, drastically reducing iteration speed. For this purpose I have a socket server on my Mac that sends changed dylibs to my app on my iPhone. This works great on Mac, however on iOS i am running into codesigning problems. I am using the following to codesign the dylib: codesign -f -s XXX --timestamp=none testlibrary-ios.dylib I am placing the downloaded dylib in this folder: const char* cachedirectoryPath = [NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES)[0] UTF8String]; dlopen gives me the following error: dlopen(/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib, 0x000A): tried: '/usr/lib/system/introspection/testlibrary-ios.dylib' (no such file, not in dyld cache), '/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib' (code signature invalid in <78A101AD-D756-3526-8754-8B7F4925DE90> '/private/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib' (errno=1) sliceOffset=0x00000000, codeBlobOffset=0x0000C2E0, codeBlobSize=0x00004990), .... Is loading a dylib like this on iPhones in development mode possible? Any idea what is going wrong with codesigning or installing the dylib? (Obviously this code is never deployed in an app that goes on the AppStore)

I am trying to code sign an application which relies on many python libraries to run. For background knowledge, the .app was created with a —onefile command on Visual Studio. I code signed my application itself using codesign --deep --force --verify --timestamp --sign "Developer ID Application: Issey Yohannes (GL5BCCW69X)" /Users/isseyyohannes/Desktop/Automated\ ALGORA.app However, when I try to run the application the error shows in terminal as follows [PYI-16345:ERROR] Failed to load Python shared library '/var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python': dlopen: dlopen(/var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python, 10): no suitable image found. Did find: /var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python: code signature in (/var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python) not valid for use in process using Library Validation: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?) /var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python: stat() failed with errno=1 Through some external tools, I was able to narrow the issue as follows Hardened Runtime Restriction: Your application is attempting to load a shared library (Python) at runtime, but the library is either: Not properly signed with the same Team ID as your app. Not marked as a valid platform binary. macOS requires all loaded libraries to comply with its code-signing and runtime security policies. Any insight is much appreciated.

I've noticed that NSTaks has this property as of macOS 14.4 @property (nullable, copy) NSData *launchRequirementData API_AVAILABLE(macos(14.4)) API_UNAVAILABLE(ios, watchos, tvos, visionos); It has no documentation whatsoever. Even google search has no clue. Does this have anything to do with code signature requirements validation? Any explanations and examples would be appreciated!

I am using matlab to create an application (.app) using matlab application compiler. Along with that, I use matlab to create an installer for that. Unfortunately, the installer is in (.app) format. So do some custom things to install the dependencies and copying my application to Applications folder. I am able to sign the original application with Developer ID application certificate. But I am not able to sign the installer in .app format with Developer ID installer certificate. Is there any flag in any signing executable that allows me to use Developer ID installer certificate to sign .app file instead of typical (.pkg/.dmg)? Any help would be much appreciated.

Hi, I have a project that integrates the Firebase SDK via SPM as a dependency of an internal Swift Package: My app ⟶ My Library ⟶ Firebase SDK The project builds successfully and can be archived locally ✅. The uploaded .ipa is valid and gets published 🚀. However, we are now trying to automate the release process using Xcode Cloud, but the iOS Archive action is failing ❌ on Xcode Cloud. The logs show the following error ⬇️: error: exportArchive codesign command failed (/Volumes/workspace/tmp/XcodeDistPipeline/XcodeDistPipeline.~~~oomCvM/Root/Payload/base-ios.app/Frameworks/FirebaseAnalytics.framework: replacing existing signature /Volumes/workspace/tmp/XcodeDistPipeline/XcodeDistPipeline.~~~oomCvM/Root/Payload/base-ios.app/Frameworks/FirebaseAnalytics.framework: invalid or corrupted code requirement(s) Requirement syntax error(s): line 1:178: unexpected token: <COMPANY_NAME> ) ** EXPORT FAILED ** I have been researching this issue for a while and have tried several solutions to fix it, but with no luck. Even though the error points to a specific library—the Firebase SDK—I don’t believe Firebase is the root cause. There were related issues in the past, but those were already fixed by the Firebase team, and as I mentioned, the project archives correctly when built locally. On the other hand, the error states: line 1:178: unexpected token: <COMPANY_ACRONYM> This makes me wonder if there’s an issue parsing our Team Name during the re-signing process, as it contains special characters ": "name": "Apple Distribution: Company Full Name "COMPANY_ACRONYM""