I have a .NET 6 application that runs in the background. The installer is a .pkg file built using a third-party tool called "Packages". All .dylib and executable files are codesigned before packaging. The resulting .pkg file is notarized. The app uses these entitlements: com.apple.security.cs.allow-jit com.apple.security.cs.allow-unsigned-executable-memory com.apple.security.cs.allow-dyld-environment-variables com.apple.security.cs.disable-library-validation The app is built on a macbook Air 2015 running macOS 12.6 and it works without issues on that machine. On a macbook Pro M3 running macOS 14.6.1 the app fails to run even though the installation itself is successful. The only logs that I was able to find are related to syspolicyd (4 warnings): Unable to apply protection to app: 45, PST: (vuid: A78FF6C2-08D5-4DCC-B946-8836251AA0E7), (objid: 1873967), (team: (null)), (id: (null)), (bundle_id: (null)) Failed to register app bundle for protection: 45, PST: (vuid: A78FF6C2-08D5-4DCC-B946-8836251AA0E7), (objid: 1873967), (team: (null)), (id: (null)), (bundle_id: (null)) scan failed, finishing evaluation : PST: (vuid: A78FF6C2-08D5-4DCC-B946-8836251AA0E7), (objid: 1873967), (team: (null)), (id: (null)), (bundle_id: (null)) Terminating process due to Gatekeeper rejection: 95158, Unfortunately, verification commands such as sudo codesign --verify --deep --strict -vvv MyApplication.App spctl -a -vvv -t install MyApplicationInstaller.pkg do not indicate any issues. Are there any additional steps that need to be performed in order for my app to work properly on newer machines?

Hi, I have a project that integrates the Firebase SDK via SPM as a dependency of an internal Swift Package: My app ⟶ My Library ⟶ Firebase SDK The project builds successfully and can be archived locally ✅. The uploaded .ipa is valid and gets published 🚀. However, we are now trying to automate the release process using Xcode Cloud, but the iOS Archive action is failing ❌ on Xcode Cloud. The logs show the following error ⬇️: error: exportArchive codesign command failed (/Volumes/workspace/tmp/XcodeDistPipeline/XcodeDistPipeline.~~~oomCvM/Root/Payload/base-ios.app/Frameworks/FirebaseAnalytics.framework: replacing existing signature /Volumes/workspace/tmp/XcodeDistPipeline/XcodeDistPipeline.~~~oomCvM/Root/Payload/base-ios.app/Frameworks/FirebaseAnalytics.framework: invalid or corrupted code requirement(s) Requirement syntax error(s): line 1:178: unexpected token: <COMPANY_NAME> ) ** EXPORT FAILED ** I have been researching this issue for a while and have tried several solutions to fix it, but with no luck. Even though the error points to a specific library—the Firebase SDK—I don’t believe Firebase is the root cause. There were related issues in the past, but those were already fixed by the Firebase team, and as I mentioned, the project archives correctly when built locally. On the other hand, the error states: line 1:178: unexpected token: <COMPANY_ACRONYM> This makes me wonder if there’s an issue parsing our Team Name during the re-signing process, as it contains special characters ": "name": "Apple Distribution: Company Full Name "COMPANY_ACRONYM""

I am a new macOS developer, and the codesign issue is persistent. I've been trying to resolve it for days. There are two issues: 1.) When downloading and installing frameworks, they are not showing up in Xcode templates. 2.) Regarding codesigning, even though I've installed it on my external drive and placed it in various locations (Library, Templates, Frameworks, Application Contents, macOS Templates and Frameworks) and added through General Libraries in Xcode, persistently encountering issues. I'm experiencing a codesign problem. I've cleaned the build, cleared derived data, downloaded certificates, added them to the access key, and linked the binary. However, the issue persists. Please help me, as this is making the process much more difficult. I've been stuck on this for weeks.

I am using matlab to create an application (.app) using matlab application compiler. Along with that, I use matlab to create an installer for that. Unfortunately, the installer is in (.app) format. So do some custom things to install the dependencies and copying my application to Applications folder. I am able to sign the original application with Developer ID application certificate. But I am not able to sign the installer in .app format with Developer ID installer certificate. Is there any flag in any signing executable that allows me to use Developer ID installer certificate to sign .app file instead of typical (.pkg/.dmg)? Any help would be much appreciated.

iPad(第10世代、iOS v18.1)でMDMを使用してWi-Fiを設定すると、「ネットワーク「SSID名」に接続できない」という問題が発生しています。 この件についてアドバイスをいただければ幸いです。 私が取った手順は次のとおりです。 1.iPadをWi-Fiに接続し、Wi-Fi情報(SSID、ユーザー名、パスワード)をカスタム属性値としてMDMに登録します。 2. MDMから、Wi-Fiプロファイルをデバイスに配布します。 3.Wi-Fiプロファイルがデバイスにインストールされ、その後、ネットワークは自動的に切断されます。 ネットワークに再接続 4.To、OS設定の「Wi-Fi > My Network」に表示されているSSIDをタップしてください。 5.次の証明書画面で、「信頼」ボタンをタップします。 ここで、「ネットワーク「SSID名」に接続できません」というエラーが発生しました。 Appleサポートの提案に基づいて、以下を確認しました。しかし、問題はありません。 1.ルーターの電源がオンになっており、デバイスが通信範囲内にあります。 他のデバイスはWi-Fiに接続できるので問題ありません。 2.Wi-Fiがオンになり、ネットワークが認識されていることを確認します。 Wi-Fiが「オン」で、ネットワークが認識されます。 3.入力画面が表示された場合は、Wi-Fiパスワードを入力します。 入力画面が表示されません。 4.Wi-Fiネットワークに問題がないことを確認します。 接続されているWi-Fiネットワークの名前の下にWi-Fi警告/エラーは表示されません。 5.ケーブルと接続状態を確認します。 他のデバイスはWi-Fiに接続できるので問題ありません。 6.iPadを再起動します。 iPadを再起動しました。しかし、問題は解決しませんでした。 OS:iPadOS18.1 デバイス:iPad第10世代

We are using SHC to compile on macOS to convert the .sh script to a binary file. This binary file is then digitally signed by the Apple developer account and then notarised. After that, it will work on the same system where we follow this process. But if we share this file to another system, then it gets quarantined (com.apple.quarantine) while downloading. Is there any way to prevent it by getting quarantine on another system or something I'm missing, any clues?

After I upgraded to macOS 15.3, all of my current Xcode project have the signing issue, I spent half day and I didn't make any progress, I tried two projects, one is Swift AppKit App calling one C++ dylib, another one is a pure Swift AppKit app, when I build, there will be error: Warning: unable to build chain to self-signed root for signer "Apple Development: Steven Tang (XXXXX)" /Volumes/TwoTSSD/steventang/Library/Developer/Xcode/DerivedData/ImageEnhancement-ddbilgyraofrdyfeljyuknusunza/Build/Products/Release/ImageEnhancement.app: errSecInternalComponent I tried remove account, add account back in Xcode, none of it worked, also tried ChatGPT's WWDR updating and it won't help.

I've noticed that NSTaks has this property as of macOS 14.4 @property (nullable, copy) NSData *launchRequirementData API_AVAILABLE(macos(14.4)) API_UNAVAILABLE(ios, watchos, tvos, visionos); It has no documentation whatsoever. Even google search has no clue. Does this have anything to do with code signature requirements validation? Any explanations and examples would be appreciated!

I am trying to code sign an application which relies on many python libraries to run. For background knowledge, the .app was created with a —onefile command on Visual Studio. I code signed my application itself using codesign --deep --force --verify --timestamp --sign "Developer ID Application: Issey Yohannes (GL5BCCW69X)" /Users/isseyyohannes/Desktop/Automated\ ALGORA.app However, when I try to run the application the error shows in terminal as follows [PYI-16345:ERROR] Failed to load Python shared library '/var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python': dlopen: dlopen(/var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python, 10): no suitable image found. Did find: /var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python: code signature in (/var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python) not valid for use in process using Library Validation: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?) /var/folders/g9/2zbc7y_97xxbq7bnc301nnyc0000gn/T/_MEI6keRcA/Python: stat() failed with errno=1 Through some external tools, I was able to narrow the issue as follows Hardened Runtime Restriction: Your application is attempting to load a shared library (Python) at runtime, but the library is either: Not properly signed with the same Team ID as your app. Not marked as a valid platform binary. macOS requires all loaded libraries to comply with its code-signing and runtime security policies. Any insight is much appreciated.

Short description of the issue/suggestion: After upgrading to MacOS Sequoia and being required to code sign and notarize my app, cannot launch app even though code sign and notarization pass Please tell us about your environment: MacBookPro Chip Apple M2 Max 32 GB JavaPackager version: 1.7.6 OS version: macOS Sequoia 15.0.1 JDK version: jdk-1.8 Build tool: Maven Steps to reproduce the issue: -DMG Maven Build of Spring Boot /Java (version 8) application with "fvarrui" JavaPackager plugin using default universalJavaApplicationStub. Code signing and Notarization / Stapling PASS and App installs in Application folder, however cannot launch App. Although code sign and notarization pass, it is interesting that in the build output, prior to it submitting to Apple, there is an error stating that the App code sign could not be replaced. What is the expected behavior? -App launches when double clicking the application icon What have you tried to resolve / workaround the issue? -Install via package rather than DMG - same result -Can launch App by opening up the app Content/MacOS folder and clicking directly on the universalJavaApplicationStub. Note requires that you allow it to run within the Security and Privacy settings. codesign --verify --deep --verbose force1.app force1.app: valid on disk force1.app: satisfies its Designated Requirement spctl -a -vvv force1.app Info.plist.txt pom.xml.txt f Build Output abridged.txt o SysConsoleOutput.txt r ce1.app: accepted source=Notarized Developer ID origin=Developer ID Application: Neal Hartmann (JPFYU53MK9)

Hi, For the purposes of iteration speed in development builds, on an iPhone in development mode, I am attempting to use hot reloaded dylibs. The goal is that the app is rarely fully restarted and small code changes can be applied quickly, drastically reducing iteration speed. For this purpose I have a socket server on my Mac that sends changed dylibs to my app on my iPhone. This works great on Mac, however on iOS i am running into codesigning problems. I am using the following to codesign the dylib: codesign -f -s XXX --timestamp=none testlibrary-ios.dylib I am placing the downloaded dylib in this folder: const char* cachedirectoryPath = [NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES)[0] UTF8String]; dlopen gives me the following error: dlopen(/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib, 0x000A): tried: '/usr/lib/system/introspection/testlibrary-ios.dylib' (no such file, not in dyld cache), '/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib' (code signature invalid in <78A101AD-D756-3526-8754-8B7F4925DE90> '/private/var/mobile/Containers/Data/Application/67A3D31B-6F72-4939-9E7F-665FC78CDC61/Library/Caches/testlibrary-ios.dylib' (errno=1) sliceOffset=0x00000000, codeBlobOffset=0x0000C2E0, codeBlobSize=0x00004990), .... Is loading a dylib like this on iPhones in development mode possible? Any idea what is going wrong with codesigning or installing the dylib? (Obviously this code is never deployed in an app that goes on the AppStore)

I'm having a problem with codesign for output from Pyinstaller The files are in ~/PycharmProjects/ALP_Document_Factory_II That folder contains the icon file, the entitlement file, and also contains a "dist" folder where Pyinstaller places the app file (ALP_Document_Factory_II.app) The generated app works and runs when I double click it. When I run codesign: codesign -s xxxxxxxx -f --entitlements entitlements.plist -o runtime dist/ALP_Document_Factory_II.app ("xxxxxxx" is where I place the hash of my credential) I get the following error message: No such file or directory Here is the Terminal copy... minus my Hash dickl45@Dicks-iMac3 ALP_Document_Factory_II % codesign -s xxxxxxxxxx -f --entitlements entitlements.plist -o runtime dist/ALP_Document_Factory_II.app dist/ALP_Document_Factory_II.app: No such file or directory Earlier I was able to use codesign and notarytool, but I must be doing something wrong that I can't see. Yours baffled MacOs 15.2

We are trying to get much more serious about our ability to audit signed code and trace it back to a signing event. We have a signing service that includes a bit of client code that provides a CryptoTokenKit extension to expose the signing certificate to codesign and Xcode. The private keys are held by the signing service and access is strictly controlled. The CTK extension is given a message/digest to sign, and from reading TN 3126, I believe this is representative of the code directory. For an audit trail, we can record some metadata about the signing request, such as Git repository, branch, commit SHA, etc., but the only value linked to the thing being signed is this blob. Later, if we have an app and want to link it back to the signing event, I can't figure out how to find this blob. It's not the CDHash or any other value I see in the output of codesign -d -vvvvvv. is there a way to recreate that blob given a signed artifact?

Hi at all, is there a way to count how many files have been marked with the codesign? Thanks in advance

Hi, I know my swiftui, but I'm completely new to macOS development. Using Xcode 16.2 I wrote a backup app that fits my needs. I got it to use iCloud Documents in its own container. It runs beautifully on my developing Mac. When I copy it over to my other Mac and try to open it, I just get a message that macOS can't open the app ("Das Programm kann nicht geöffnet werden") In terminal I get this message: "embedded provisioning profile not valid: file:///Users/niko/FlexBackup.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." I have "automatically manage signing" turned on and a Xcode Managed Profile. How can I run my app on all of y Macs?

ad hoc和enterprise都不行 Team "tao yang (Personal Team)" is not enrolled in the Apple Developer Program.

Hi, I am a newbie to this, I am trying to build my own ios phone app. I am using my own phone as the developers phone so its set to debug. Using Flutter I do flutter run. it get so far and always stops on : Could not build the precompiled application for the device. Error (Xcode): Unknown platform: "ios". /Users/admin/group2/ios/Runner/Assets.xcassets Error launching application on iPhone XS Max. I have tried everything, so I thought someone on here might have the answer. I am happy to share any files or anything that you might need to recreate the issue.

如果你的 App 执行设备端收据验证，请确保你的 App 支持 SHA-256 算法。 我的APP接入了apple内购，我需要如何验证我的app支持 SHA-256 算法呢？

from; tkinter; import * from; tkinter; import ttk import random import time import sqlite3 #Connect; to; the; database (create, if it doesnot exist) conn = sqlite3.connect("quiz_database.db") c = conn.cursor() Create the table if it doesnot exist c.execute(""'CREATE TABLE IF NOT EXISTS questions (id INTEGER PRIMARY KEY AUTOINCREMENT, question TEXT, answer1 TEXT, answer2 TEXT, correct_answer INTEGER)""') conn.commit() Sample data (replace with your own questions) sample_questions = [ ("Is the Earth flat?", "True", "False", 2), ("Do birds fly?", "True", "False", 1), ("Is water wet?", "True", "False", 1), ("Can humans breathe underwater?", "True", "False", 2), ] c.executemany("INSERT OR IGNORE INTO questions (question, answer1, answer2, correct_answer) VALUES (?, ?, ?, ?)", sample_questions) conn.commit() class QuizApp: def init(self, master): self.master = master master.title("True/False Quiz") # Initialize variables self.questions = [] self.current_question = 0 self.score = 0 self.start_time = 0 self.time_limit = 60 # Time limit in seconds # Get questions from the database self.load_questions() # Create GUI elements self.question_label = Label(master, text="", font=("Arial", 16)) self.question_label.pack(pady=20) self.true_button = Button(master, text="True", command=lambda: self.check_answer(1), width=15) self.true_button.pack(side=LEFT, padx=10) self.false_button = Button(master, text="False", command=lambda: self.check_answer(2), width=15) self.false_button.pack(side=RIGHT, padx=10) self.feedback_label = Label(master, text="", font=("Arial", 12)) self.feedback_label.pack(pady=10) self.timer_label = Label(master, text="Time Left: 60s", font=("Arial", 12)) self.timer_label.pack() self.progress_bar = ttk.Progressbar(master, orient=HORIZONTAL, length=200, mode="determinate") self.progress_bar.pack(pady=10) self.start_quiz() def load_questions(self): c.execute("SELECT * FROM questions") self.questions = c.fetchall() random.shuffle(self.questions) def start_quiz(self): self.start_time = time.time() self.display_question() self.update_timer() def display_question(self): if self.current_question < len(self.questions): question = self.questions[self.current_question] self.question_label.config(text=question[1]) # Display the question self.progress_bar["maximum"] = len(self.questions) self.progress_bar["value"] = self.current_question + 1 # Update progress bar def check_answer(self, selected_answer): correct_answer = self.questions[self.current_question][4] if selected_answer == correct_answer: self.feedback_label.config(text="Correct!", fg="green") self.score += 1 else: self.feedback_label.config(text="Incorrect!", fg="red") self.current_question += 1 if self.current_question < len(self.questions): self.display_question() else: self.end_quiz() def update_timer(self): elapsed_time = time.time() - self.start_time remaining_time = self.time_limit - elapsed_time if remaining_time > 0: self.timer_label.config(text=f"Time Left: {int(remaining_time)}s") self.master.after(1000, self.update_timer) else: self.end_quiz() def end_quiz(self): self.true_button.config(state=DISABLED) self.false_button.config(state=DISABLED) self.feedback_label.config(text=f"Quiz Over! Your score: {self.score}/{len(self.questions)}") Run the application root = Tk() app = QuizApp(root) root.mainloop() Close the database connection conn.close()

I exported an app from an Xcode project using the "Archive" feature. After signing and notarizing it, the app runs normally on my local machine. However, after packaging it with create-dmg or ditto and distributing it to another Mac, I get an error saying the application cannot run. When I execute the command open xxx.app in Terminal, it shows _LSOpenURLsWithCompletionHandler() failed for the application /Applications/Maxi PC Suite.app with error -10810. Does anyone know why this is happening? codesign and notarization info： codesign -vvv Maxi\ PC\ Suite.app ...... Maxi PC Suite.app: valid on disk Maxi PC Suite.app: satisfies its Designated Requirement syspolicy_check distribution Maxi\ PC\ Suite.app App passed all pre-distribution checks and is ready for distribution.