Can someone please describe what is necessary to perform signing using codesign in a system that runs as LaunchDaemon. All workarounds like placing the codesigning cert + private key a custom keychain and unlock it in the session of the LaunchDaemon doesn't work anymore on Sequoia. Or are there alternatives for signing MachO binaries without codesign?

Hi, I'm doing Java 22 experiments with open source package "wgpu-macos-aarch64-release" on my Mac M3. This library contains a .dylib file and a .a file. In Java you can load native dynamic libraries using JNI. I used that in the past. Now in MacOS 15 this stopped working. Currently, I compile my Java file and run the binary file on the command line, including the library directory. The application would load the library from that directory. This should normally works but the library is not loaded. After some investigation it seems the .dylib is rejected by MacOS. Calling spctl --assess --verbose=4 libwgpu_native.dylib gives libwgpu_native.dylib: rejected without any extra reason message. Using sudo xattr -rd com.apple.quarantine libwgpu_native.dylib doesn't solve the problem. I also can't "accept" it in "Privacy & Security" because it's run as a command line call. I know that code signing should be done for "complete" applications. But these are just experiments and working with single dynamic libraries. How should this be done, to be able to load those libraries in a Java command line program? Or in general, how can you load an unsigned dylib in an application (apart from using Java as a tool). Kr, J

Can you please revoke my developer id application and installer certs? So i may recreate. I deleted the private key by mistake before realizing i cannot recreate everything using the developer website portal. I dont have macos backup or did i backup my certs with attached pkey. I just did not realize this was important until now. Please help as Im now blocked. I opened a case too but i have not yet got a response. its been 3 days now. case id: 20000093632858

My app is a Safari extension. When trying to validate the app, I get the following error: App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "app.rango.Rango.pkg/Payload/Rango for Safari.app/Contents/MacOS/Rango for Safari" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. I don't know why this is happening. I have app sandbox enabled in both the app and the extension target. I have both entitlement files. When executing codesign -d --entitlements :- /path/to/binary I get the following: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.files.user-selected.read-only</key><true/><key>com.apple.security.get-task-allow</key><true/><key>com.apple.security.network.client</key><true/></dict></plist> If I check on Activity Monitor, on the sandbox column it shows true. I have no idea why I keep getting this error when all indicates that the app is actually sandboxed.

We have a MacOS application that we plan on distributing standalone (it'll be installed through MDM or directly, not through the app store). We utilize endpoint security and full disk access for this (enterprise) app. I have a makefile that uses codesign to sign the app inside-out. All that appears to work (i.e., when I try to run the app directly it functions as I expect it to). What's the recommended way to allow the developers in my team to also sign the app for local development so it functions as close as possible to production? My first thought is to distribute the developer identity to their machines using MDM. However, ideally i'd like to rule out the ability for a developer who has the MDM profile assigned to export the keys. That really only leaves a centralized solution in place or disabling SIP on their system (which I don't want to do). Alternatively, would creating a separate identity for production make more sense, so that in the case the developer certificate is revoked, the production releases continue to function as normal (however, I assume this would also require creating two different profiles for the endpoint security entitlement--one for each certificate). Thanks! Derek

Howdy, I thought this would be an easy question, but it turns out it's really not! In fact, it flies in the face of how the Apple ecosystem is set up. That said, I still need an answer to be able to inform our customers of what their app update options are. The question: Does app store provisioning ever expire? Based on the very limited information I can find, it either expires in one year, two years, or never. Anecdotal evidence seems to indicate that the answer could be never, but I need to confirm this. The use case: Some of our customers are very old school. They tend to find a technical solution and stick with it. As such, they do not update apps regularly on their field iPads. They generally only update when they are forced to. They use MDM to deploy the app, and would set the MDM not to pull updated apps from the app store when available, essentially keeping the same version of the app in use for as much as 3 years or more. If this were to happen, I need to know if the provisioning for the old version of the app will ever expire if they get it from the app store. I know with an enterprise deployment of .ipa files via MDM, the app provisioning/certificate will expire after 1 or 2 years (can't remember which atm), but I can't find an answer about app store provisioning. Hopefully someone can provide me with an answer on this forum. Thanks in advance, Mapguy

I'm about at my wit's end trying to figure out why I can sign and notarize code, but am unable to staple the notarization, no matter what I do. I've reinstalled Xcode, reinstalled certificates, and tried about every suggestion that I can find, but still no luck. 2023 M3 MacBook Pro, OS X 15.3.1, Xcode 16.2. I have created a very basic Xcode app to test this with. I am building the project: codegen generate && xcodebuild -project SimpleNotarizationTest.xcodeproj -scheme SimpleNotarizationTest -configuration Release clean build (see attached file for build log) build-log.txt The signature and entitlements verify: codesign -d --entitlements :- ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app Output: Executable=/Users/minter/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-ecqihdiubptfnldimmjgnqpjr xun/Build/Products/Release/SimpleNotarizationTest.app/Contents/MacOS/SimpleNotarizationTest warning: Specifying ':' in the path is deprecated and will not work in a future release <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple .com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><k ey>com.apple.security.files.user-selected.read-only</key><true/></dict></plist> I created a zip file: ditto -c -k --keepParent ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app SimpleNotarizationTest.zip I submitted the app for notarization and it was approved: xcrun notarytool submit SimpleNotarizationTest.zip --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait Output: Conducting pre-submission checks for SimpleNotarizationTest.zip and initiating connection to the Apple notary service... Submission ID received id: d2c0d6b0-cd55-4fa6-b958-09767d562a33 Upload progress: 100.00% (23.6 KB of 23.6 KB) Successfully uploaded file id: d2c0d6b0-cd55-4fa6-b958-09767d562a33 path: /Users/minter/tmp/simple-app-stapling/SimpleNotarizationTest.zip Waiting for processing to complete. Current status: Accepted......... Processing complete id: d2c0d6b0-cd55-4fa6-b958-09767d562a33 status: Accepted I attempt to staple the app: xcrun stapler staple -v ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app And it fails. See verbose stapling log. verbose-stapling-log.txt The top line is that it finds and downloads the ticket, but can't/won't staple. Downloaded ticket has been stored at file:///var/folders/dd/cgm9_v3n399_zqqsphgzs5jh0000gn/T/1b7cb7d8-9a9e-462c-831b-09de1b896d9e.ticket. Could not validate ticket for /Users/minter/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-ecqihdiubptfnldimmjgnqpjrxun/Build/Products/Release/SimpleNotarizationTest.app The staple and validate action failed! Error 65. Wade-Minter~/tmp/simple-app-stapling(:|✔) % From my debugging, I can say: The code signature appears valid and includes a secure timestamp from Feb 23, 2025 The app is properly signed with Developer ID Application The notarization ticket is being successfully retrieved from Apple's servers (as shown in the verbose output) The ticket is being downloaded to a temporary location, but the stapler is failing to validate it with error 65 The app bundle structure appears complete with all required components The CDHash matches between the code signature and the notarization ticket: 604544b32d7074dd77e2e6f2070f6e2d41f6368d If I run: spctl -a -vv ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app The output is: Wade-Minter~/tmp/simple-app-stapling(:|✔) % spctl -a -vv ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotaspctlionTest.app /Users/minter/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-ecqihdiubptfnldimmjgnqpjrxun/Build/Products/Release/SimpleNotarizationTest.app: rejected source=Unnotarized Developer ID origin=Developer ID Application: Fourth Line LLC (6U2KJ5KDT4) To summarize: The app is being recognized as "Unnotarized Developer ID" despite successful notarization The stapler is able to retrieve the ticket but fails during validation The error code 65 consistently appears during stapling attempts All code signing and bundle integrity checks pass The notarization ticket is being successfully downloaded but not successfully attached Any insight will be appreciated, since I've exhausted every option that I can find.

I am trying to get a PKG installer through the Apple codesign and notarytool process. When I submit the PKG installer I get a status message of "Invalid" and when I review the log file it has 2 errors. For "status summary" it says: "Archive contains critical validation errors", and for "message" it says" "The binary is not signed". The installer contains a flat file that is installed in the "Users/Shared" folder via the PKG installer. Here are the steps I've taken to get the installer through the codesign and notarytool process. codesign the file that's placed in the "Users/Shared" folder: codesign --options=runtime --sign 'Developer ID Application: XYZ' -v /Users/.../Documents/folder/"flat file" which I get a message saying "signed generic". Create the PKG installer with the signed "flat file". Sign the PKG installer containing the signed "flat file": codesign --options=runtime --sign 'Developer ID Application: XYZ' -v /Users/.../Documents/folder/"flat file" which I get a message saying "signed generic". Submit the PKG file with notarytool: xcrun notarytool submit /Users/.../Documents/folder/"flat file" --verbose --apple-id username --password password --team-id ID# --progress It completes and provides the submission ID. I check the status and get the error message that it's invalid. When I check the full details via the log I get the error messages mentioned above. What am I missing or failing to do?

Hello, I am trying without luck to create a .dmg or .pkg for my electron app that can be opened by any user on a mac. Every time I fail. All is happening by the same pattern. Here is the last try with creating a .pkg instead of .dmg. The app is built and it is signed correctly (I suppose) codesign --verify --verbose=1 dist/mac-universal/VIVIDTIME.app dist/mac-universal/VIVIDTIME.app: valid on disk dist/mac-universal/VIVIDTIME.app: satisfies its Designated Requirement I created a .pkg pkgbuild --root "dist/mac-universal/VIVIDTIME.app" \ --install-location "/Applications/VIVIDTIME.app" \ --identifier "app.vividtime.mac" \ --version "1.1.0" \ --sign "Developer ID Installer: Pavel Bochkov-Rastopchin (2QKDCTR5Y3)" \ dist/VIVIDTIME.pkg pkgbuild: Inferring bundle components from contents of dist/mac-universal/VIVIDTIME.app pkgbuild: Adding component at Contents/Frameworks/Mantle.framework pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper.app pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper (GPU).app pkgbuild: Adding component at Contents/Frameworks/Electron Framework.framework pkgbuild: Adding component at Contents/Frameworks/Squirrel.framework pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper (Renderer).app pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper (Plugin).app pkgbuild: Adding component at Contents/Frameworks/ReactiveObjC.framework pkgbuild: Using timestamp authority for signature pkgbuild: Signing package with identity "Developer ID Installer: Pavel Bochkov-Rastopchin (2QKDCTR5Y3)" from keychain /Users/innrvoice/Library/Keychains/login.keychain-db pkgbuild: Adding certificate "Developer ID Certification Authority" pkgbuild: Adding certificate "Apple Root CA" pkgbuild: Wrote package to dist/VIVIDTIME.pkg

Hi guys, I got an error about mac notarization result return 132. here is the stack trace on the logs: 2025-02-25 02:53:55,503 ERROR [org.ecl.cbi.ws.mac.not.xcr.not.NotarytoolNotarizer] (macos-notarization-service-pool-thread-13) Error while parsing the output after the upload of '/tmp/macos-notarization-service/pending-files/myapplication.dmg' to the Apple notarization service: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file. at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204) at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1465) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:1013) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:326) at java.xml/javax.xml.parsers.SAXParser.parse(SAXParser.java:197) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.PListDict.fromXML(PListDict.java:134) at org.eclipse.cbi.ws.macos.notarization.xcrun.notarytool.NotarytoolNotarizer.analyzeSubmissionResult(NotarytoolNotarizer.java:39) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.NotarizationTool.upload(NotarizationTool.java:50) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.lambda$uploadFailsafe$3(Notarizer.java:65) at net.jodah.failsafe.Functions.lambda$get$0(Functions.java:48) at net.jodah.failsafe.RetryPolicyExecutor.lambda$supply$0(RetryPolicyExecutor.java:66) at net.jodah.failsafe.Execution.executeSync(Execution.java:128) at net.jodah.failsafe.FailsafeExecutor.call(FailsafeExecutor.java:379) at net.jodah.failsafe.FailsafeExecutor.get(FailsafeExecutor.java:68) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.uploadFailsafe(Notarizer.java:65) at org.eclipse.cbi.ws.macos.notarization.NotarizationService.lambda$notarize$0(NotarizationService.java:192) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) Do you know why? If you have any thread or documents telling about the details of return values of the command: 'xcrun notarytool submit'

Hi, I had an issue when I notarized myapplication.dmg with Process 'xcrun notarytool submit' exited with value '132'. Do you know how to solve it? Do you have any explanation about the response value when we execute 'xcrun notarytool submit'? Thank you very much! 2025-02-25 09:36:18,182 ERROR [org.ecl.cbi.ws.mac.not.xcr.not.NotarytoolNotarizer] (macos-notarization-service-pool-thread-14) Error while parsing the output after the upload of '/tmp/macos-notarization-service/pending-files/myapplication.dmg' to the Apple notarization service: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file. at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204) at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1465) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:1013) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:326) at java.xml/javax.xml.parsers.SAXParser.parse(SAXParser.java:197) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.PListDict.fromXML(PListDict.java:134) at org.eclipse.cbi.ws.macos.notarization.xcrun.notarytool.NotarytoolNotarizer.analyzeSubmissionResult(NotarytoolNotarizer.java:39) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.NotarizationTool.upload(NotarizationTool.java:50) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.lambda$uploadFailsafe$3(Notarizer.java:65) at net.jodah.failsafe.Functions.lambda$get$0(Functions.java:48) at net.jodah.failsafe.RetryPolicyExecutor.lambda$supply$0(RetryPolicyExecutor.java:66) at net.jodah.failsafe.Execution.executeSync(Execution.java:128) at net.jodah.failsafe.FailsafeExecutor.call(FailsafeExecutor.java:379) at net.jodah.failsafe.FailsafeExecutor.get(FailsafeExecutor.java:68) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.uploadFailsafe(Notarizer.java:65) at org.eclipse.cbi.ws.macos.notarization.NotarizationService.lambda$notarize$0(NotarizationService.java:192) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840)

I have some questions regarding App Group Id's and use of the FileManager during an Appstore iOS transfer. I've read a lot of the topics here that cover app groups and iOS, but it's still unclear exactly what is going to happen during transfer when we try to release an updated version of the app from the new account. We're using this method FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: "group.com.foo.bar") to store files on the device that are important for app launch and user experience. Once we transfer the app and begin the process of creating a new version under the new account will we be able to read the files that are stored using this app group id under the new account? What steps do we need to take in order to handle this and continue being able to access these files? It seems like the app group is not transferred in the process? I've seen some users mention they removed the app group from the original account and created it again under the receiving account (with notes mentioning this is undocumented behavior). These conversations we're centered around Shared user defaults, and that applies as well but I'm more concerned with reading the values from the file system. Thanks!

I have read the posted solution threads and am still stuck with solving this issue. I have created a python app that works perfect on my machine and I would like to distribute externally via .zip file. I have created a certificate and downloaded it (G2 Sub-CA (Xcode 11.4.1 or later)) Next i have installed the Çert into the login keychain along with the Matching G2 Intermediate Cert (in system) and the proper Root Cert. However I am still not getting a proper chain when evaluating the developer certificate and I am at a loss at this point. I would love to pay someone to simply walk me through it if anyone has some time to solve this problem with me so I can run the notarytool and then distribute my application. Thanks!

I am managing provisioning profiles manually, including the one for my Notification Service Extension. I am wondering what happens if the provisioning profile for the Notification Service Extension expires. I have two types of apps: An App Store-distributed app An Enterprise-distributed app Can someone clarify how the expiration of the Notification Service Extension's provisioning profile affects both cases? Will the extension stop functioning, or will it continue to work normally?

I am trying to build/deploy app to my phone however I get this message: "provisioning profile doesn't include the currently selected device" My developer account is pretty old one and used to be one the paid-version one. My understanding is that I should be able to deploy apps using free account but I don't see where I can add or delete devices....stuck in the loop over here! :-) I've created support request via email but I don't know if that is being worked or not...four days since I put it in. I suppose my other options are new apple-id or pay $99 and hope apple pays attention then? Any other suggestions?

Hello, I have this simulator made in Unity that I want to distribute as Standalone. It consists of launcher which, when users download it, downloads the game. I've built the launcher, got Developer ID Application certificate, added entitlements from: https://docs.unity3d.com/Manual/macoscodesigning.html#signing-identity I've signed the .app of the launcher and 2 dlls chatgpt recommended to sign, zipped it, notarized .zip successfully, stapled to .app and put it on Google Drive to test. I got my other MacBook Pro, downloaded the zip, tried to open it. It did open, but there is a black loading screen saying "0% progress, 0B/0B" indicating that it isn't downloading anything - no network calling. When checked using command xattr -l path/to/file.app I get the following output: com.apple.macl: @?????I???|???? com.apple.quarantine: 0083;67bf1a22;Safari;69764595-CA94-44D2-B679-A69DC4669382 There are some specifics I think are also important to mention. I tried to code-sign it, notarize it and staple it using only Terminal and I'd like to keep it that way because I am very unfamiliar with Mac so I've avoided using Xcode as much as possible I really want to avoid putting the simulator up on the App Store, so I must have Standalone solution and Standalone solution only I believe that there might be problem with needing right entitlements, but I don't know how to check which one's are needed for users to avoid using "xattr" command in terminal to allow the launcher to run because of GateKeeper I've been banging my head against the wall with this problem for over a month and I don't see the light at the end of the tunnel.

I have a pass type id that expired. I created a CSR in keychain access on my Mac. I uploaded the CSR and generated a new cert. I downloaded the new cert and imported into keychain access. I don't see the associated private key and I cannot export a .p12 certificate. It's possible I started with the wrong key to generate the CSR or maybe I inadvertently deleted key while trying to locate the cert after importing. I'm not sure how to determine which. I do still have the private key from the cert that expired. But, I cannot figure out how to sign a cert again, my only option now is download. I've been searching the forum and while there may be an answer, I may just be looking for the wrong thing. I could use some help if anybody would be so kind.

Hey everyone, I’m wondering if anyone has run into any issues with this. Before I uploaded, I guess maybe 20 assets of 1080 x 720, my notarization was taking around 2-3 minutes almost instant. Now I’m looking at 30 minutes. I have no idea when the notarization is going to end. I’m wondering if asset size has any impact on notarization speed, and if so, is this going to be a one-time thing or is this going to happen with all my following builds? Let me know if anyone has run into anything similar or if the notarization service is just down right now. ⁠

I can't upload my macOS app to app store connect. Each time i try to upload, i see this message: Provisioning profile failed qualification Profile doesn't support App Groups. An empty app without an app group uploads fine, but if i add an app group to it, it does not upload.

Hello everyone, I’m currently developing an Electron application, and I’m trying to properly sign and notarize it for macOS. The notarization process itself seems to complete successfully—the file is accepted without issues. However, when I attempt to staple the notarization ticket to the executable, I consistently get Error 65 with TheStableAndValidateActionFailed. The issue is puzzling because the executable does not change at any point during the process. After facing this issue multiple times in my own project, I decided to test it on a more controlled setup. I followed the steps from this https://www.youtube.com/watch?v=hYBLfjT57hU and the instructions from this macos-code-signing-example which have previously worked for others. Yet, even with this setup, I still get the same Error 65. Below, I have attached the verbose logs for reference. I’m trying to understand what could be causing this issue—whether it’s related to certificates, the signing process, or something else entirely. Has anyone encountered a similar problem, and if so, how did you resolve it? Any insights would be greatly appreciated!