In xcode, the signing&capabilities TAB for ios says: Automatic signing failed Xcode failed to provision this target. Please file a bug report at https://feedbackassistant.apple.com and include the Update Signing report from the Report navigator. Provisioning profile "iOS Team Provisioning Profile: com.kikk.morsecode" doesn't include the com.apple.developer.in-app-purchase entitlement. Even though I've already configured the corresponding Certificates, Identifiers & Profiles in developer Does anyone have the same problem? My Version of xcode is Version 15.4 (15F31d), running on m2pro.

I'm trying to get an app notarized, which fails with this error: The signature of the binary is invalid. However, locally checking the signature does succeed: $ codesign -vvv --deep --strict TheApp.app […] TheApp.app: valid on disk TheApp.app: satisfies its Designated Requirement Performing this check on every single item in the app's MacOS folder also succeeds. Context: embedded prebuilt binaries Now, the app has something unusual about it: it embeds prebuilt binaries, arranged in various nested folders. So, the app bundle's MacOS folder actually contains another folder with a whole tree of executables and libraries: Removing these (before building) does fix the notarization issue, but obviously I'd like to keep them in. I did my best to properly sign these items: At build time, they're copied into the product by a Copy Files phase (but not signed), then signed by a script phase That signing uses the same signing identity as the running Xcode build, and enables the hardened runtime The app builds and runs correctly, even as a release build The app has runtime hardening and app sandbox enabled How should I go about diagnosing the notarization issue?

I submitted a mac app for Notarization. For the first few tries the Notarization failed with an error "Team is not yet configured for Notarization" but few days after my account started to show "ENROLL" option again even though my membership was set to expire on 2026. I am doubting my account has been suspended. I have not received any emails from apple regarding the suspension. I have contacted support but no help yet ! This was the second year, i was paying for the membership. Could you please help me to - Help me get the account unsuspended (if it is, as there is no notification or information regarding this) If the account is suspended due to my app being submitted for Notarization then help me identify the reason so that i can fix them. Mac App is Time Tracking application that runs in background and capture periodic screenshot(NOTE - I am doing this after taking user consent)

I’m having trouble with the notary step of our electron app. It sometimes says “In progress” for days on end, where other times, it only takes 15-20 minutes. For the last few weeks, I’ve noticed that it will take longer than the 20 minutes if our app was using a not latest version of the electron module -- https://www.npmjs.com/package/electron. I would then update our codebase to build using the latest version, and then try to sign and notarize the app again, and it would work till a new version was released. This was the first time that that process didn’t work. Everything is on latest, and we’re still getting stuck “in progress” for days on end. We have been signing and Notarizing this app for years now, so it's not the first time we're trying to do this process To make matters stranger, I have two branches of the same exact code base – same dependencies, same source code, same everything – there is no difference. One sign and notarize works 100% of the time where the other one hasn’t worked yet. Any ideas would be helpful. I'm not really sure where to begin to debug this. Thanks!

I submitted a mac app for Notarization. For the first few tries the Notarization failed with an error "Team is not yet configured for Notarization" but few days after my account started to show "ENROLL" option again even though my membership was set to expire on 2026. I am doubting my account has been suspended. I have not received any emails from apple regarding the suspension. I have contacted support but no help yet ! This was the second year, i was paying for the membership. Could you please help me to - Help me get the account unsuspended (if it is, as there is no notification or information regarding this) If the account is suspended due to my app being submitted for Notarization then help me identify the reason so that i can fix them. Mac App is Time Tracking application that runs in background and capture periodic screenshot backlsh.com (NOTE - I am doing this after taking user consent)

I will post my app xyz.app uses XY swift package this swift package is a wrapper for XYSDK.xcframework XYSDK.xcframework written in c++ and app running on arm64 macos and iphones succesfully. I got this error when i want to distribute it. Currently i sign .framework for ios with Apple Distribution Certificate and same certificate for macos framework there is no other signing step for swift package or xcframework other than that when i want to archive it validates succesfully. Exporting step shows that app has signed, has provisining profile. but .framework is only signed has no provisioning profile. Also one point i see: i have one target named xyz and its Frameworks, Lİbraries and Embedded Context has only XY package but Embed part has no option like embed and sign etc. Blank. I need more info about what am i doing wrong in which step ? I am stuck and can not move any further like weeks Error Detail: Invalid Signature. The binary with bundle identifier XYSDK at path “xyz.app/Frameworks/XYSDK.framework” contains an invalid signature. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing. (90035)

General: Forums topic: Code Signing Forums subtopic: Code Signing > Notarization Forums tag: Notarization WWDC 2018 Session 702 Your Apps and the Future of macOS Security WWDC 2019 Session 703 All About Notarization WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps WWDC 2022 Session 10109 What’s new in notarization for Mac apps — Amongst other things, this introduced the Notary REST API Notarizing macOS Software Before Distribution documentation Customizing the Notarization Workflow documentation Resolving Common Notarization Issues documentation Notary REST API documentation TN3147 Migrating to the latest notarization tool technote Fetching the Notary Log forums post Q&A with the Mac notary service team Developer > News post Apple notary service update Developer > News post Notarisation and the macOS 10.9 SDK forums post Testing a Notarised Product forums post Notarisation Fundamentals forums post The Pros and Cons of Stapling forums post Resolving Error 65 When Stapling forums post Many notarisation issues are actually code signing or trusted execution issue. For more on those topics, see Code Signing Resources and Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

The Codesign command adds extended attributes to files that previously had no extended attributes. In my case codesign add following extended attributes to text file in Frrameworks folder: com.apple.cs.CodeDirectory com.apple.cs.CodeRequirements com.apple.cs.CodeRequirements-1 com.apple.cs.CodeSignature Can I somehow prevent this behavior? Thank you.

Hello Apple Developer Community, I'm experiencing a persistent issue with App Groups configuration for an iOS app extension that I can't resolve despite trying multiple approaches. I hope someone can help identify what I'm missing. Problem Description I'm getting this error when trying to build my iOS App Extension: Provisioning profile "iOS Team Provisioning Profile: com.idlrapp.Spleeft.SpleeftDataSaver" doesn't include the com.apple.developer.app-groups entitlement. My Setup Main App Bundle ID: com.idlrapp.Spleeft Extension Bundle ID: com.idlrapp.Spleeft.SpleeftDataSaver App Group ID: group.com.idlrapp.spleeft.shared Extension Type: Action Extension (Share Sheet) What I've Verified App Group Creation ✅ Created App Group group.com.idlrapp.spleeft.shared in Apple Developer Portal ✅ App Group shows as "Active" in the portal App ID Configuration ✅ Both App IDs (com.idlrapp.Spleeft and com.idlrapp.Spleeft.SpleeftDataSaver) have "App Groups" capability enabled ✅ Both App IDs are configured with the same App Group: group.com.idlrapp.spleeft.shared Entitlements Files Main App (Spleeft.entitlements): <key>com.apple.developer.app-groups</key> <array> <string>group.com.idlrapp.spleeft.shared</string> </array> Extension (SpleeftDataSaver.entitlements): <key>com.apple.developer.app-groups</key> <array> <string>group.com.idlrapp.spleeft.shared</string> </array> Xcode Configuration ✅ Both targets use "Automatically manage signing" ✅ Same Apple Developer Team selected for both ✅ App Groups capability shows correctly in Signing & Capabilities for both targets The Issue When I examine the downloaded .mobileprovision file, I can see it contains: <dict> <key>com.apple.security.application-groups</key> <array> <string>group.com.idlrapp.spleeft.shared</string> </array> <!-- Other entitlements... --> </dict> However, Xcode expects to find: <array> <string>group.com.idlrapp.spleeft.shared</string> </array> What I've Tried Multiple regenerations of provisioning profiles: Deleted all local provisioning profiles Toggled "Automatically manage signing" off/on Downloaded manual profiles from Developer Portal Verified App Group configuration: Double-checked App Group exists and is active Confirmed both App IDs have App Groups capability enabled Verified App Group assignment in both App IDs Entitlements cleanup: Ensured consistent App Group IDs across all files Removed duplicate/conflicting entries Clean builds and cache clearing: Product → Clean Build Folder Derived Data deletion Xcode restart Key Observation The provisioning profile contains com.apple.security.application-groups (which appears to be macOS-style) but Xcode expects com.apple.developer.app-groups (iOS-style) for the App Extension. Questions Is there a known issue with App Groups entitlement generation for iOS App Extensions? Should the provisioning profile contain com.apple.developer.app-groups instead of com.apple.security.application-groups? Is there a way to force regeneration of provisioning profiles with the correct entitlements? Are there additional steps required for App Extensions that differ from main apps? Any guidance would be greatly appreciated. This is blocking our App Extension development and we've exhausted our troubleshooting options. Thank you for your time and assistance.

My command line tool with a JIT entitlement is failing to run on Sequoia. 2025-05-26 14:17:09.758 E taskgated-helper[91764:3ab7036] [com.apple.ManagedClient:ProvisioningProfiles] Disallowing DecisionRuleTool because no eligible provisioning profiles found 2025-05-26 14:17:09.758 Df amfid[576:3ab6d6b] /Users/jim/DecisionRuleTool not valid: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=file:///Users/jim/DecisionRuleTool, NSLocalizedDescription=No matching profile found} 2025-05-26 14:17:09.759 Df kernel[0:3ab7031] (AppleMobileFileIntegrity) AMFI: When validating /Users/jim/DecisionRuleTool: 2025-05-26 14:17:09.759 Df kernel[0:3ab7031] mac_vnode_check_signature: /Users/jim/DecisionRuleTool: code signature validation failed fatally: When validating /Users/jim/DecisionRuleTool: 2025-05-26 14:17:09.759 Df kernel[0:3ab7031] proc 91763: load code signature error 4 for file "DecisionRuleTool" 2025-05-26 14:17:09.759 Df kernel[0:3ab7032] (AppleSystemPolicy) ASP: Security policy would not allow process: 91763, /Users/jim/DecisionRuleTool Codesign isn't giving me any clues as to why. It validates. Asking it what the entitlements are on the binary: % codesign --display --entitlements - /Users/joconnor/MACEP-9852-2/tools/detection/DecisionRuleTool Executable=/Users/jim/DecisionRuleTool [Dict] [Key] com.apple.application-identifier [Value] [String] XXXXXXXXX.com.mycompany.drt [Key] com.apple.developer.team-identifier [Value] [String] XXXXXXXXX [Key] com.apple.security.cs.allow-jit [Value] [Bool] true https://developer.apple.com/documentation/Xcode/signing-a-daemon-with-a-restricted-entitlement This makes it look like this may be hopeless, that I can't create a command line took with proper entitlements.

Hello Apple Developer Community, I'm experiencing a persistent issue with App Groups configuration for an iOS app extension that I can't resolve despite trying multiple approaches. I hope someone can help identify what I'm missing. Problem Description I'm getting this error when trying to build my iOS App Extension: Provisioning profile "iOS Team Provisioning Profile: com.idlrapp.Spleeft.SpleeftDataSaver" doesn't include the com.apple.developer.app-groups entitlement. My Setup Main App Bundle ID: com.idlrapp.Spleeft Extension Bundle ID: com.idlrapp.Spleeft.SpleeftDataSaver App Group ID: group.com.idlrapp.spleeft.shared Extension Type: Action Extension (Share Sheet) What I've Verified App Group Creation ✅ Created App Group group.com.idlrapp.spleeft.shared in Apple Developer Portal ✅ App Group shows as "Active" in the portal App ID Configuration ✅ Both App IDs (com.idlrapp.Spleeft and com.idlrapp.Spleeft.SpleeftDataSaver) have "App Groups" capability enabled ✅ Both App IDs are configured with the same App Group: group.com.idlrapp.spleeft.shared Entitlements Files Main App (Spleeft.entitlements): Extension (SpleeftDataSaver.entitlements): Xcode Configuration ✅ Both targets use "Automatically manage signing" ✅ Same Apple Developer Team selected for both ✅ App Groups capability shows correctly in Signing & Capabilities for both targets The Issue When I examine the downloaded .mobileprovision file, I can see it contains: However, Xcode expects to find: What I've Tried Multiple regenerations of provisioning profiles: Deleted all local provisioning profiles Toggled "Automatically manage signing" off/on Downloaded manual profiles from Developer Portal Verified App Group configuration: Double-checked App Group exists and is active Confirmed both App IDs have App Groups capability enabled Verified App Group assignment in both App IDs Entitlements cleanup: Ensured consistent App Group IDs across all files Removed duplicate/conflicting entries Clean builds and cache clearing: Product → Clean Build Folder Derived Data deletion Xcode restart Key Observation The provisioning profile contains com.apple.security.application-groups (which appears to be macOS-style) but Xcode expects com.apple.developer.app-groups (iOS-style) for the App Extension. The main app builds fine, but the extension consistently fails with this entitlement mismatch. Questions Is there a known issue with App Groups entitlement generation for iOS App Extensions? Should the provisioning profile contain com.apple.developer.app-groups instead of com.apple.security.application-groups? Is there a way to force regeneration of provisioning profiles with the correct entitlements? Are there additional steps required for App Extensions that differ from main apps? Any guidance would be greatly appreciated. This is blocking our App Extension development and we've exhausted our troubleshooting options. Environment: Xcode: [Tu versión de Xcode] iOS Deployment Target: [Tu target] Developer Account: [Paid/Individual/Team] Thank you for your time and assistance.

Hi everyone, I applied for CarPlay Entitlements on [Date 4. 26, 2025] using. (*CarPlay Entitlements Case-ID : 13045151) I haven't received any updates or responses regarding my application yet. It's been 7 days since the application. My service requires CarPlay integration with a Black Box device. The primary purpose of this integration is to allow users to configure device settings through CarPlay. Furthermore, we plan to utilize the "Communication" category of Entitlements to notify users of parking incidents detected by the Black Box device while parked. This functionality is crucial for alerting drivers to potential issues affecting their vehicles. Could anyone share their experience with the typical turnaround time for CarPlay Entitlements, especially for applications involving device integration and the "Communication" category? Is this delay normal? Is there any way to check the application status or contact the appropriate team to inquire about its progress? Thank you for any insights or advice you can provide! Sincerely,

Hey, So i am trying to setup OpenGL on my mac. Specs : M2 Pro, 15.5 (24F74) Now i have setup the entire project properly as far as i know. GLFW, GLAD and the OpenGL framework. the build libraries are also reference and everything. I have also included the glad.c file in the folder. i have also kept it to run locally in signing tab. its still giving me Command CodeSign failed with a nonzero exit code All the ss are provided

Hi Developers, I'm encountering persistent validation errors in Xcode 16.3 (16E140) on macOS 15.4.1 (24E263) with M1 when archiving and distributing a macOS app (Developer ID signing + notarization). App Structure: A native Swift/Obj-C wrapper app that launches a nested .app inside its Resources. The nested app is built with PyInstaller and includes: A Python core Custom C++ binaries Many bundled .so libraries (e.g., from OpenCV, PyQt/PySide) Issues During Validation: App Sandbox Not Enabled Error: App Sandbox missing for NestedApp.app/Contents/MacOS/NestedExecutable. Question: For Developer ID (not App Store), is sandboxing strictly required for nested PyInstaller apps? If the wrapper is sandboxed, must the nested app be as well? Given the PyInstaller app's nature (requiring broad system access), how should entitlements be managed? Upload Symbols Failed Errors for missing .dSYM files for: The nested app’s executable Custom C++ binaries .so files (OpenCV, PyQt, etc.) These are either third-party or built without DWARF data, making .dSYM generation impractical post-build. Question: Are these symbol errors critical for Developer ID notarization (not App Store)? Can notarization succeed despite them? Is lack of symbol upload a known limitation with PyInstaller apps? Any best practices?

This is a Math+CS Educational app written in Java. I have been able to distribute the Intel-Mac version downloaded as a .dmg (code-signed, notarized and stapled). I also need to support Apple silicon hw. I re-created the entire sw manufacturing structure on my M2 Macbook. I'm using the exact same command scripts that work on the older hardware. I am expecting the jpackage script to run the same way on the M2....but no. The first sign of trouble is I'm not getting an authentication password dialog , which I believe is thrown up by the MacOS when codesign asks to access my Keychain certificates. My keychain is setup the default way. Here is the error msg: [07:38:08.719] Running /usr/bin/codesign [07:38:08.749] java.io.IOException: Command [/usr/bin/codesign, -s, Developer ID Application: Pierre Bierre (SL7L4YU8GT), -vvvv, --timestamp, --options, runtime, --prefix, ST_DFG2D_ARM, /var/folders/v7/06pp2_5d6gz9593k96n2z0v40000gn/T/jdk.jpackage11705714069544945060/images/image-2753484488940359178/DataflowGeom2D.app/Contents/runtime/Contents/Home/lib/libnet.dylib] exited with 1 code at jdk.jpackage/jdk.jpackage.internal.Executor.executeExpectSuccess(Executor.java:90) at jdk.jpackage/jdk.jpackage.internal.IOUtils.exec(IOUtils.java:215) If I build the .dmg installer WITHOUT code-signing it, it produces a good .dmg, but I can't distribute it to my students with M2-M3-M4 rigs. The error feedback from "codesign" is nonspecific and inactionable. As a developer, I need specific, actionable error messages. I expect that from the wealthiest computer company in the world. Need the info.

Hi everyone, I applied for CarPlay Entitlements on [Date 04. 26, 2024] using CarPlay is Case ID "13045151". I haven't received any updates or responses regarding my application yet. It's been 7 days since the application. My service requires CarPlay integration with a Black Box device. The primary purpose of this integration is to allow users to configure device settings through CarPlay. Furthermore, we plan to utilize the "Communication" category of Entitlements to notify users of parking incidents detected by the Black Box device while parked. This functionality is crucial for alerting drivers to potential issues affecting their vehicles. Could anyone share their experience with the typical turnaround time for CarPlay Entitlements, especially for applications involving device integration and the "Communication" category? Is this delay normal? Is there any way to check the application status or contact the appropriate team to inquire about its progress? Thank you for any insights or advice you can provide! Sincerely,

Hello Everyone, I am currently building an app using React Native with Swift bridging, integrating VoIP functionality using Twilio, PushKit, and CallKit. I am encountering the following issue during development: "The current provisioning profile doesn't include the com.apple.developer.voip-push-notification entitlement." What I’ve Done So Far: VoIP Certificate: I have created a valid VoIP Services certificate in the Apple Developer portal. Bundle Identifier and Provisioning Profile: A new Bundle ID was created specifically for this app. I created a provisioning profile for this Bundle ID and downloaded it for use in Xcode. Xcode Capabilities Push Notifications: Enabled Background Modes: Voice over IP: Enabled, Remote notifications: Enabled Entitlements File I have an entitlements file named VoiceCallDemoProjectRelease.entitlements with the following content: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>aps-environment</key> <string>development</string> <key>com.apple.developer.voip-push-notification</key> <true/> </dict> </plist> This entitlements file is properly linked in the project’s build settings. Project Setup I have integrated PushKit for VoIP push handling and CallKit for incoming call UI and control. Problem: In the Apple Developer portal under my App ID settings, I only see an option to enable Push Notifications. There is no option available to enable Voice over IP, and therefore the provisioning profile generated does not include the com.apple.developer.voip-push-notification entitlement. Despite enabling VoIP background mode in Xcode, adding the entitlement in my project, and using a valid VoIP certificate, the profile does not include the required entitlement. Additional Information: I am using an Individual Apple Developer Account, not an Organization account. I have already attempted re-downloading the provisioning profile, restarting Xcode, and cleaning the build folder. Question: What steps should I take to resolve this and ensure that the com.apple.developer.voip-push-notification entitlement is included in my provisioning profile? Is this limitation due to the type of developer account (individual vs. organization), and do I need to upgrade to an Organization account to access this entitlement? Is there any way to request for 'com.appple.developer.voip-push-notification' entitlement to Apple Team ? Any clarification would be appreciated. Thank you.

I'm working on a build system similar to Bazel where each build action runs in a sandbox. The sandbox contains only the files that the user defined as input to ensure that the build action doesn't have any implicit dependencies. Bazel achieves this by creating a "symlink forest" to the original source files. This works, but I have observed fseventsd using significant CPU during a Bazel build, presumably because of all the symlinks that get created. Is there a way to disable file events for a directory or a volume? The "File System Events Programming Guide" in the Documentation Archive mentions placing an empty file named no_log in the .fseventsd directory at the root of the volume, but when testing on macOS 15.5 with APFS that appears to no longer work. Related, is a "symlink forest" the best way to create a sandbox like this? Or is there a different method one can use to provide a view of a subset of the files in a directory tree? I read up on the App Sandbox but that seems too coarse grained. Something like Linux's overlayfs would work well, and maybe one can achieve a similar functionality with firmlinks? Curious about folks thoughts here. Thanks in advance!

I'm building a custom macOS installer for my software, primarily using the builtin tools of codesign, pkgbuild, productbuild and xcrun. My product consist of a list of plugins and a CEP extension for the Adobe After Effect app. All of my bundles and binaries are properly signed using a trusted Apple Developer certificate I've generated, of type Developer ID Application. My installer is a "distribution" pkg, and has this structure(expanding it using pkgutil --expand): SceneTools-3.4.4-osx-installer ├── Distribution ├── miscellaneous.pkg ├── plugins.aftereffects2022.pkg ├── plugins.aftereffects2023.pkg ├── plugins.aftereffects2024.pkg ├── plugins.aftereffects2025.pkg ├── preinstall.pkg ├── Resources ├── scenebuilder.pkg └── uninstaller.pkg Each "child" pkg would install parts of my product in different locations in the target macOS disk(this is why I'm using that kind of style of building the custom installer). Signing each and every bundle or binary of my product, signing the "child" pkg's, then notarizing them works well with no issues, in addition signing the "final" "distribution" using productbuild --sign option also works well, but when trying to notarize the "final" pkg, the notary service fails with this error: { "logFormatVersion": 1, "jobId": "5fb38df9-ef97-4bd3-955e-7783c37ac4a8", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "SceneTools-3.4.4-osx-installer.pkg", "uploadDate": "2025-06-26T14:14:41.507Z", "sha256": "621de5d887b06ad11214255c6e91ebd9eeffb18ad8f940365f4539bd1902fe9a", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "SceneTools-3.4.4-osx-installer.pkg", "message": "Package SceneTools-3.4.4-osx-installer.pkg has no signed executables or bundles. No tickets can be generated.", "docUrl": null, "architecture": null }, { "severity": "warning", "code": null, "path": "SceneTools-3.4.4-osx-installer.pkg", "message": "The contents of the package at SceneTools-3.4.4-osx-installer.pkg could not be extracted.", "docUrl": null, "architecture": null } ] } My final pkg indeed doesn't contain any bundles or binaries directly, but that's how it should be - a container of "child" pkg. I tried various ways of working-around this issue, like: Notarizing the dmg that contains this final pkg - worked, but when opening the pkg, GateKeeper blocks the users from opening it. Wrapping the pkg inside an .app and notarizing the .app - same as above. What am I doing wrong? Does those kind of pkg like my "final" pkg aren't meant to be notarized? if so - how can I solve this GateKeeper blocks? Should I build my final pkg in a different way?

I am trying to notarize a simple app I made, but keep getting stuck on "In Progress". The app is a MacOS app, and I'm using XCode. I've tried all the steps listed in the links below: https://developer.apple.com/documentation/security/notarizing-macos-software-before-distribution https://developer.apple.com/documentation/security/resolving-common-notarization-issues I've had the same issue with another app, which got rejected after multiple hours. Never got to resolve this.