I am facing this error on every flutter project build. Although it runs ok. The error happens on the codesign command What do I need to fix ? I have validated that every *.plist file is ok using plutil -lint ERROR MESSAGE /usr/bin/codesign --force --sign MY_SHA_CODE --verbose /Users/macbookair/workspace/flutter_application_1/build/ios/Release-iphoneos/Runner.app/Frameworks/libswiftCore.dylib)` exited with status 0. The command's output was: /Users/macbookair/workspace/flutter_application_1/build/ios/Release-iphoneos/Runner.app/Frameworks/libswiftCore.dylib: a required plist file or resource is malformed Info.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CFBundleDevelopmentRegion</key> <string>$(DEVELOPMENT_LANGUAGE)</string> <key>CFBundleDisplayName</key> <string>Flutter Application 1</string> <key>CFBundleExecutable</key> <string>$(EXECUTABLE_NAME)</string> <key>CFBundleIdentifier</key> <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>flutter_application_1</string> <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> <string>$(FLUTTER_BUILD_NAME)</string> <key>CFBundleSignature</key> <string>????</string> <key>CFBundleVersion</key> <string>$(FLUTTER_BUILD_NUMBER)</string> <key>LSRequiresIPhoneOS</key> <true/> <key>UILaunchStoryboardName</key> <string>LaunchScreen</string> <key>UIMainStoryboardFile</key> <string>Main</string> <key>UISupportedInterfaceOrientations</key> <array> <string>UIInterfaceOrientationPortrait</string> <string>UIInterfaceOrientationLandscapeLeft</string> <string>UIInterfaceOrientationLandscapeRight</string> </array> <key>UISupportedInterfaceOrientations~ipad</key> <array> <string>UIInterfaceOrientationPortrait</string> <string>UIInterfaceOrientationPortraitUpsideDown</string> <string>UIInterfaceOrientationLandscapeLeft</string> <string>UIInterfaceOrientationLandscapeRight</string> </array> <key>CADisableMinimumFrameDurationOnPhone</key> <true/> <key>UIApplicationSupportsIndirectInputEvents</key> <true/></dict> </plist> Please help.

Hi everyone, Native Instruments is encountering a critical issue with the notarization process. The xcrun notary submit command appears to be stuck and is not completing, preventing us from notarizing our apps. Specifically, the command hangs indefinitely. This issue started today. We've already tried the following troubleshooting steps: Cancelling and re-running the command Checking my internet connection Checking the Apple System Status page Cleaning the build folder using a different machine This is a major blocker for our company, as it's preventing from from us from testing and releasing some of our products. It seems to be a similar issue as reported in https://developer.apple.com/forums/thread/772542?page=2. Has anyone else experienced xcrun notary submit getting stuck like this? Any insights or suggestions would be greatly appreciated. I'm particularly interested in knowing if there are any known issues with the notarization service currently. Details about my setup: Xcode Version: 16.1 macOS Version: 14.7.1 App Type: macOS app Thanks in advance for your help!

Successfully received submission history. history ...... -------------------------------------------------- createdDate: 2025-10-19T18:34:47.472Z id: d3248896-7841-421e-9470-101df9d0da21 name: ... status: In Progress -------------------------------------------------- createdDate: 2025-10-19T18:12:45.325Z id: e5822fa0-5bcf-4610-81fc-9f541e8ad189 name: ... status: In Progress

I encountered code signing issue with Apple Distribution certificate for both iOS and MacCatalyst. The app crashes with "Beta Profile". I followed this instruction to manually re-sign my ipa to confirm that I use the Apple Distribution and the correct Provisioning Profile. https://gist.github.com/WDUK/4239548f76bd77b2c4b0 When I double click on the Apple Distribution certificate in KeyChain Access, it shows "Extension: Apple Mac App Signing (Development)" and "Extension: Apple Developer Certificate (Submission)" I have been stuck in this issue for more than a month. I really need help because I do not know how to proceed further. Thank you.

Can you please revoke my developer id application and installer certs? So i may recreate. I deleted the private key by mistake before realizing i cannot recreate everything using the developer website portal. I dont have macos backup or did i backup my certs with attached pkey. I just did not realize this was important until now. Please help as Im now blocked. I opened a case too but i have not yet got a response. its been 3 days now. case id: 20000093632858

Hi everyone! I've send my .dmg file for notarization, it has been accepted on March 5. Since then there weren't any updates, it hasn't changed its status. What might be the problem? Info about submission: createdDate: 2025-03-05T12:13:18.802Z id: 202d877d-d0c4-4211-bba4-6ebdb169a843 status: Accepted

My app is a Safari extension. When trying to validate the app, I get the following error: App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "app.rango.Rango.pkg/Payload/Rango for Safari.app/Contents/MacOS/Rango for Safari" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. I don't know why this is happening. I have app sandbox enabled in both the app and the extension target. I have both entitlement files. When executing codesign -d --entitlements :- /path/to/binary I get the following: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.files.user-selected.read-only</key><true/><key>com.apple.security.get-task-allow</key><true/><key>com.apple.security.network.client</key><true/></dict></plist> If I check on Activity Monitor, on the sandbox column it shows true. I have no idea why I keep getting this error when all indicates that the app is actually sandboxed.

We have a MacOS application that we plan on distributing standalone (it'll be installed through MDM or directly, not through the app store). We utilize endpoint security and full disk access for this (enterprise) app. I have a makefile that uses codesign to sign the app inside-out. All that appears to work (i.e., when I try to run the app directly it functions as I expect it to). What's the recommended way to allow the developers in my team to also sign the app for local development so it functions as close as possible to production? My first thought is to distribute the developer identity to their machines using MDM. However, ideally i'd like to rule out the ability for a developer who has the MDM profile assigned to export the keys. That really only leaves a centralized solution in place or disabling SIP on their system (which I don't want to do). Alternatively, would creating a separate identity for production make more sense, so that in the case the developer certificate is revoked, the production releases continue to function as normal (however, I assume this would also require creating two different profiles for the endpoint security entitlement--one for each certificate). Thanks! Derek

I created an MadOS app with xcode 16.5 with a developer id certificate. I've been trying to install a distribution certificate for over a week with several co-workers. I can add a distribution certificate to my key chain, and created a provisioning profile. I've tried every combination but none work. I put xcode in automatic signing but can only see my developer id, if I put it in manual with and without a provisioning profile but if I give the app binary, other users can't run the app because the certificate isn't working. I need support to work with me to look the developer portal and my system to figure this out.

Hi, I'm having a really hard time figuring out why I cannot perform cloud signing via Developer ID with xcodebuild. I have a macOS application, which I can perfectly cloud sign the following way: Sign into Xcode with my Admin + Account Holder Apple ID. Delete my Developer ID Application certificate from Keychain Access. In Xcode, click Archive. When archived, click "Distribute App" in Xcode Organizer. The app is cloud signed. I prove this by extracting the certificate codesign --extract-certificates -- /path/to/app.app then locate the 1.2.840.113635.100.6.1.32 bit mentioned by Quinn in this post. I however do it by simply opening the certifiacte with Keychain Access, where I can investigate the content of the certificate, rather than use that tool he does. Then, I do the following to attempt to cloud sign via xcodebuild: Create an API Key for the whole team in Users and Access > Integrations > App Store Connect with the "Admin" role selected. Download the private key .p8 file to ~/Downloads. Sign out of my Apple ID in Xcode by removing the account in Settings > Accounts. Create an archive: xcodebuild archive -scheme "<redacted scheme name>" -archivePath ~/Downloads/archive.xcarchive -authenticationKeyIssuerID <redacted issuer id> -authenticationKeyID <redacted key id> -authenticationKeyPath ~/Downloads/AuthKey_<redacted key id>.p8 -allowProvisioningUpdates The archive is successfully created, with a new "Apple Development: Created via API (TEAM ID)" naming. Export the archive: xcodebuild -exportArchive -archivePath ~/Downloads/archive.xcarchive -authenticationKeyIssuerID <redacted issuer id> -authenticationKeyID <redacted key id> -authenticationKeyPath ~/Downloads/AuthKey_<redacted key id>.p8 -allowProvisioningUpdates -exportOptionsPlist ~/Downloads/exportOptions.plist -exportPath ~/Downloads which then fails: 2025-03-07 10:27:58.706 xcodebuild[2152:40704] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/tn/yy7ynz3d0yb4p3sd_5q_wl0h0000gn/T/<redacted app name> macOS_2025-03-07_10-27-58.706.xcdistributionlogs". error: exportArchive Cloud signing permission error error: exportArchive No signing certificate "Developer ID Application" found ** EXPORT FAILED ** Opening the distribution logs, I find this in the Provisioning Log: 2025-03-07 09:09:58 +0000 2025-03-07 09:09:58 +0000 IDEProvisioningRepair(<redacted app name>.app): 2025-03-07 09:09:58 +0000 IDEProvisioningRepair(<redacted app name>.app): Sending request 84E57539-BC1D-407A-8402-7BCE9F2FD100 to <https://appstoreconnect.apple.com/xcbuild/v1/certificates> for session DVTServicesTeamBasedSession <issuer: <redacted issuer id>; key identifier: <redacted key id>>. Method: POST Headers: { Accept = "application/vnd.api+json"; "Accept-Encoding" = "gzip, deflate"; Authorization = "Bearer <redacted bearer token>"; "Content-Length" = 116; "Content-Type" = "application/vnd.api+json"; "User-Agent" = Xcode; "X-HTTP-Method-Override" = GET; "X-Xcode-Version" = "16.2 (16C5032a)"; } Payload: {"urlEncodedQueryParams":"teamId=<redacted team id>&filter%5BcertificateType%5D=DEVELOPER_ID_APPLICATION_MANAGED&limit=200"} 2025-03-07 09:09:59 +0000 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): Received response for 84E57539-BC1D-407A-8402-7BCE9F2FD100 @ <https://appstoreconnect.apple.com/xcbuild/v1/certificates>. Code = 0 2025-03-07 09:09:59 +0000 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): Response payload: { "errors" : [ { "id" : "3d09690a-e26f-497f-b576-25104064387e", "status" : "403", "code" : "FORBIDDEN_ERROR", "title" : "This request is forbidden for security reasons", "resultCode" : 7495, "detail" : "You haven't been given access to cloud-managed distribution certificates. Please contact your team's Account Holder or an Admin to give you access. If you need further assistance, contact Apple Developer Program Support at https://developer.apple.com/contact/." } ] } Which is really weird, since I am using an API key with Admin rights. If I create a new key, and use it only for this command, App Store Connect does show the "Last Used" date as today after running the command. I thought some time might need to pass, but the issue has been persisting since yesterday. What could be wrong here? I do have a managed Developer ID Application certificate showing in my account but I still can't retrieve it with an Admin right imbued API key.

I keep getting this error when trying to install Audio app extension. Everything is reviewed from certificates to profiles, for some reason CreatingCustomAudioEffects sample is deployed correctly but when Creating new Project (Audio Extension App) from new project Option, it doesn't work at all. If I remove Extension from Frameworks and deploy app, then no problem but then App crashes as extension is missing. Something wrong with Xcode? I am pretty sure it used to build new projects but not anymore. Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.0k1RXy/extracted/AudioUnitsAppExtensionTest.app : 0xe8008015 (A valid provisioning profile for this executable was not found.) Please ensure sure that your app is signed by a valid provisioning profile. If this issue persists, please attach the following when sending a report to Apple: A sysdiagnose from this Mac A sysdiagnose from the device failing installation An IPA of the app failing installation

Hello, We are currently using Apple Notarization (notarytool) for distributing a macOS app, and we are experiencing very long notarization times for large app bundles. [Issue] For apps with large binary sizes, notarization consistently takes around 3.5 to 4.5 hours from submission to completion. This delay is causing practical issues in our release pipeline, especially when: A hotfix or urgent update is required Multiple builds must be notarized in a short time CI/CD-based distribution is expected to complete within a predictable timeframe [Environment] Platform: macOS Notarization method: notarytool Distribution: Outside Mac App Store App size: 100 GB~ (compressed ZIP) Signing: Hardened Runtime enabled, codesigned correctly Submission status: Successfully accepted, but processing time is very long [What we have confirmed] The notarization eventually succeeds (no failures) Re-submitting the same build shows similar processing times Network upload itself completes normally; the delay is in Apple-side processing Smaller apps complete notarization much faster [Questions] Is a 3–4+ hour notarization time expected behavior for large macOS apps? Are there recommended best practices to reduce notarization processing time for large binaries? For example, splitting components, adjusting packaging, or specific signing strategies Is there any official guidance or limitation regarding notarization queueing or processing based on app size? Are there known service-side delays or regional differences that could affect processing time? Any insight or confirmation would be greatly appreciated, as this directly impacts our production release workflow. Thank you.

Hi folks, I'm trying to generate a provisioning profile that includes both Healthkit and MusicKit entitlements. The healthKit pieces if fine, and included in the profile. However, despite selecting Musickit under services in the ID setup, the entitlement doesn't seem to be included in the profile. Other steps taken: Setup the app in App Store Connect, generated a media ID and Key. Tried both automatic and manual signing. Are there specifics tricks to getting this one to work?

Displaying attribute for a private key I see a number of applications that are allowed to access it without needing a password e.g. racoon; Keychain Access.app; Certificate Assitant.app etc.. I want to add /usr/bin/codesign to the list but the gui window that pops up when I click on + doesn't seem to allow me to do that :( How do I do it please

I am able to sign my application when logged in to the machine, however when build is running in CI (Jenkins), I get this: "Warning: unable to build chain to self-signed root for signer.." We just renewed or certificates, so I am not sure about previous procedure, but it used to work without temporary keychain and stuff, I believe. What should be the recommended way to sign an application on CI? What keychain should we use? system? temporary? other method? Thanks, Itay

I am a complete novice and I find that I cannot restore or delete the “Apple Development” certificate (I only use it for signing). From what I understand, you need to be in a program to manage certificates, but I have no intention of distributing any applications and, from my point of view, it makes no sense to pay. Am I wrong or am I doing something wrong? Notes: This happened after I installed Tahoe on a new installation. I was able to restore it using a copy of the keychains folder I had from Sequoia. Xcode (Apple Accounts - Manage Certificates) now shows me two certificates, indicating that one is not in the keychain and cannot be deleted.

Hi guys, I got an error about mac notarization result return 132. here is the stack trace on the logs: 2025-02-25 02:53:55,503 ERROR [org.ecl.cbi.ws.mac.not.xcr.not.NotarytoolNotarizer] (macos-notarization-service-pool-thread-13) Error while parsing the output after the upload of '/tmp/macos-notarization-service/pending-files/myapplication.dmg' to the Apple notarization service: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file. at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204) at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1465) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:1013) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:326) at java.xml/javax.xml.parsers.SAXParser.parse(SAXParser.java:197) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.PListDict.fromXML(PListDict.java:134) at org.eclipse.cbi.ws.macos.notarization.xcrun.notarytool.NotarytoolNotarizer.analyzeSubmissionResult(NotarytoolNotarizer.java:39) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.NotarizationTool.upload(NotarizationTool.java:50) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.lambda$uploadFailsafe$3(Notarizer.java:65) at net.jodah.failsafe.Functions.lambda$get$0(Functions.java:48) at net.jodah.failsafe.RetryPolicyExecutor.lambda$supply$0(RetryPolicyExecutor.java:66) at net.jodah.failsafe.Execution.executeSync(Execution.java:128) at net.jodah.failsafe.FailsafeExecutor.call(FailsafeExecutor.java:379) at net.jodah.failsafe.FailsafeExecutor.get(FailsafeExecutor.java:68) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.uploadFailsafe(Notarizer.java:65) at org.eclipse.cbi.ws.macos.notarization.NotarizationService.lambda$notarize$0(NotarizationService.java:192) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) Do you know why? If you have any thread or documents telling about the details of return values of the command: 'xcrun notarytool submit'

Hi, I'm running into a weird notarization issue and wanted to see if anyone else has seen something similar. I have one main macOS app that keeps doing the following: The notarization sits in "In Progress" for a few days Then it flips to "Rejected" with error code 7000 The notarytool log shows no issues and no ticket info At the same time, smaller test apps on the same Apple Developer account notarize. They do take around 2-3 days though. So it doesn't seem like an account or certificate problem. It looks like something about this specific app causes it to go into a long review and then fail with that vague 7000 error. The app is fairly large (Python + Qt, lots of bundled libraries), so I'm wondering if that triggers deeper scanning or some kind of policy check. Has anyone else seen: Multi day notarization jobs? Error 7000 that only affects one particular app? Rejections with no "issues" listed? If so, did you find a way around it? Also for context, my Apple Developer account was created recently I have contacted Apple Support already but no response yet and it's been 6 days. Thanks!

I was trying to put my game to test flight. I would test features like ads and in-app-purchases, then put on the Appstore(release). The game already works on Ipad. For test flight, the "automatically manage signing" option was enabled. Then I pressed the "archive" button. Built succeeded. Then I clicked the distribute button. That time, I had an error. "Upload failed, Invalid signature, App is not properly signed". I researched, and found special characters in name, team name and address can make errors. My name, address and team name have special characters(turkish). If it will be resolved, I want to re-write(fix) my name, team name and address. I already tried to change my name, team name and address from apple developer website but failed. They are asking a document of my identity of my new name but I didn't changed my name and address. Overall, there aren't any other facts that cause this issue as I know. If I send my current, unchanged identity and home address, could they allow to change(fix) them? On Console Log: DangerNo.app/DangerNo: ID : 6cfa13a9-685c-4df9-86dd-7506d67be8c5 DangerNo.app/Frameworks/UnityFramework.framework/UnityFramework: ID : 2b63aacc-9caf-453c-913f-bae0db14d363 My App ID : 6744022885 Error : Invalid Binary rejection email indicating a corrupted code signature was detected. Explanation : Invalid Signature - Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose "Clean All" in Xcode, delete the "build" directory in the Finder, and rebuild your release target.

I have built my application for arm and x64 so I have two files called DeepSkyStacker.app in different directories. I have followed the instructions to notarise the arm version of the app, but an concerned about what I should do to notarise the other one - do I just zip that up and then run: xcrun notarytool submit "DeepSkyStacker.zip" --keychain-profile "Notary Profile for DeepSkyStacker" --wait xcrun stapler staple DeepSkyStacker.app again or will that mess everything up? Related to that can I use the Notary Profile I created for DeepSkyStacker to notarise other apps that are part of the same product (DeepSkyStackerLive and DeepSkyStackerCL)?? Thanks David