Xcode: Failed to launch macOS command-line program due to permission issue - xcode

Environment
macOS Catalina 10.15.7
Xcode 12.3
Problem
My macOS command-line application, written in C++, runs ok inside Xcode or as a standalone program in Terminal. But fails to launch when run as a child process from other programs.
The error message looks like this
Efforts
I've looked through my project's provisioning settings.
My team profile is only one-day past its life span. And the project still builds so I doubt that is the issue. I then switched to another certificate that is still healthy but saw the same problem with the child process failure.
I've also checked security settings and there are no permission blocks or anything like that. I've built this program many times and sorted out all the permission issues before. There used to be no problem running it as a child process.
Question
What am I missing?

Found the solution myself.
I had to remove the code signature using
codesign --remove-signature
Then sign it normally through Xcode.
It is most probably caused by our team switching signing identity and deprecating the old one.
Another related fix:
This error also happens when I run any script that launches child processes of executables built myself inside an IDE.
The solution is to add the IDE to
System Preferences > Security & Privacy > Privacy > Developer Tools

Related

CGEventPost fails to deliver keyboard events to another process under Catalina (Mac OSX 10.15)

We have a little QA helper program (called keysim) using CGEventCreateKeyboardEvent and CGEventPost to feed functions keys to the application under test. This did work great until the current Mac OSX version (10.15). Now the program does simply have no effect when the application under test has the focus (and the QA test fails). Any pointers why this happens and how this could be resolved?
I did add the keysim app under System Preferences > Security and Privacy > Privacy > Developer Tools (The info says : Allow the apps below to run software locally that does not meet the systems security policy).
And this made the function key invocation successful.
IMHO The info is misleading : Our keysim program doesn't run software. The info for Accessibility says: Allow the apps below to control your computer. So that's why I tried that instead of "Developer Tools".
Never mind: problem solved.

Stuck at “Authenticating with the App Store...” when publishing my app [duplicate]

We have been trying to submit an app to the iTunes store using Application Loader for three days and keep getting stuck at the "Authenticating with the iTunes store" step.
We have read many forums (including stackoverflow) and tried what was suggested:
making a new provisioning profile
using different or multiple versions of Application Loader
changing proxy settings
rebooting the Mac
uploading at a different time of the day, etc.
We have even left it running overnight and have not had success with getting past this step. Unfortunately, no feedback is given about what the issue may be, and we have not gotten any error messages. We have submitted multiple apps without any difficulty in the past but are completely stuck this time!
How were you able to solve it?
This only started happening to me today (May 2017) and no answers in this thread solved my issue. The resolution for me was from here;
https://forums.developer.apple.com/thread/76803
Open Terminal. Change to home directory,
cd ~
Move the current transporter directory,
mv .itmstransporter/ .old_itmstransporter/
Invoke the following file to let Transporter update itself.
"/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/itms/bin/iTMSTransporter"
Wait till it updates, then open Xcode and attempt upload.
You have to agree to a new sign up in Application Loader. Select "Application Loader" under the "Xcode -> Open Developer Tool" menu (the first menu to the right of the Apple in the menu bar). Once you open Application Loader there will be a prompt to agree to new terms and then to login again into your iTunes account. After this any upload method will work.
Just wait. In a few minutes all will be ok.
Dec 10th 2019, Xcode Version 11.2.1, MacOS X 10.15.1
I was facing exactly same issue yesterday and I thought it might be network issues, at least it looks like so. But this morning I had tried couple different networks and several VPN connections, none of them is working!
The highest voted answer here asks me to reset a cache folder named .itmstransporter under my home dir, the run a program iTMSTransporter under a specific folder, but I can't find both of them.
But soon I figured that it is the cache folder for the people who uses the legacy uploader program: Application Loader, which is deprecated by Apple and can be no longer found in Xcode 11. Then I found that the latest Xcode has located iTMSTransporter here:
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/itms/bin/iTMSTransporter
And its cache folder is here:
/Users/your_user_name/Library/Caches/com.apple.amp.itmstransporter/
I removed my existed cache folder, and run iTMSTransporter without any parameter, it soon started to output logs and download a bunch of files, and finished in 2 or 3 minutes. Then I tried again to upload my ipa file, it works!!!
CONCLUTION:
Either the old Application Loader, or the latest Xcode, uses a Java program iTMSTransporter to process the ipa file uploading.
To function correctly, iTMSTransporter requires a set of jar files downloaded from Internet and cached in your local folder.
If your cache is somehow broken, or doesn't exist at all, directly invoking iTMSTransporter with functional parameters such as --upload-app in our case, iTMSTransporter DOES NOT WARN YOU, NOR FIX CACHE BY ITSELF, it just gets stuck there, SAYS NOTHING AT ALL! (Whoever wrote this iTMSTransporter, you seriously need to improve your programming sense).
Invoking iTMSTransporter without any parameter fixes the cache.
A functional cache is about 65MB, at Dec 10th 2019 with Xcode Version 11.2.1 (11B500)
I was stuck at "Authenticating with the iTunes Store" today. I had used the same version and build number as a previous submission. After I updated the build number, the upload went fine. I don't know if it's related, or if it was a coincidence.
I had the same issue for months, I just removed hotspot shield and private tunnel applications from my computer and tried to upload my app and everything worked just fine. so I suggest if you have installed any VPN application on your computer, remove the application and then try uploading your app from either application loader or xcode's organizer.
Try answer mentioned in this Reference Link, it really worked for me and for others as well.
Mentioning answer here as well.
Open Terminal and run:
cd ~
mv .itmstransporter/ .old_itmstransporter/
"/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/itms/bin/iTMSTransporter"
iTMSTransporter will then update itself, then you can try uploading in XCode again or via application loader.
There is no magic fix. Itunes is just working bad. Lately is having more and more issues and it takes more and more to update and send an ipa to the store.
I had this issue with AppLoader and Xcode organiser too and after trying multiple times it just went through.
Changing network connection helped.
Turned off wifi on my phone
Enabled 3G
Created HotSpot
Connected my mac to the hotspot and got through the authetication issue
In my case, I hadn't agreed to the newest Developer Agreement. Just run Application Loader once, click on [Accept] to agree, then quit the Application Loader and the Upload to App Store should work fine.
Following worked for me.
Open another instance of Application Loader.
( Select "Application Loader" under the "Xcode -> Open Developer Tool" menu)
"Agree" to the terms.
After completing Step 2. First instance of Application Loader proceeded to the next step and build got submitted.
I have also encounter the same issue. One possible solution is to go to Xcode -> Preferences -> Accounts and from the left menu select on App ID then click on the View Details and tap on the refresh button. while reloading you will get following error
The selected team's agent, 'ADMIN NAME' must agree to the latest
Program License Agreement.
If you will not get above error, Following solution will not work.
It means that you need to login into the developer account using Admin login and accept that latest agreement.
Then you will be able to upload binary on the app store.
The updated answer for Xcode 11.x.x and Transporter application, open terminal:
rm -rf ~/.itmstransporter/
"/Applications/Transporter.app/Contents/itms/bin/iTMSTransporter"
Wait a while
Problem solved!
I'm running MacOS Mojave 10.14.6, Xcode 11.3.1 and Transporter 1.1.1, and always got stuck at the Authentication with App Store stage, no matter how long I wait, I tried uploading using Xcode, using xcrun altool, Transporter, nada.
Finally I got it working by exporting the ipa file to a new Macbook (10.15.3, Xcode 11.3.1, Transporter 1.1.1), and used the Transporter app to upload it there.
The key difference is the Transporter tool on my new Macbook asked for a 6-digit code as authentication while the old Macbook did not, I suspect the authentication token on my old device expired but the system didn't ask for a new one when trying to upload the app. I had 2-FA enabled.
So I think forcing a manual re-authentication when you upload the app is the answer, the only other difference is the MacOS version, but I didn't test if it'll make a difference.
I solved the problem by removing ~/Library/Caches/com.apple.amp.itmstransporter.
For safety, renaming will be better,
cd ~/Library/Caches
mv com.apple.amp.itmstransporter com.apple.amp.itmstransporter.old
Then, xcrun altool uploaded my ipa successfully.
By the way, I'm using Xcode 11.x & 12.2, macOS Catalina.
In 2020 Dec, the fix did finally worked for me was restarting my mac.
Today I ran into this issue, on Xcode 11.2.1 I solved it by going to Xcode -> Preferences -> Accounts -> Tapped on the '-' next to my Apple ID, then signed in again. This fixed it for me!
In April 21, 2021, I followed #DawnSong's answer, outlined in the image below but I also restarted my Mac and voila it worked.
Spec
Xcode 12.4
macOS Big Sur 11.2.3
You may try to relogin your ITC account via Application Loader.
Just try a different Internet connection. I tried all the solutions above but none worked. However, when I tried using my cellular connection (instead of my DSL connection that stands behind a firewall), it worked immediately.
It might be a network issue. If you are running inside a virtual machine (e.g. VMWare or VirtualBox), try setting the network adapter mode from the default NAT to Bridged.
All i did was duplicate my Application Loader.app in /Applications and
ran both Application loaders at the same time.
this solution is out there, it used to work for me, but today not even that! what I did and worked is that (2 instances) + uploading with XCode (organizer). Had to try a couple of times and it worked.
hope this helps someone, this bug has been there for quite a lot of time now() an apple doesn't seem to care too much
Another reason could be that you have changed the machine from which you're submitting the app. Or the user account on the machine. The new machine may lack the private key and/or certificate for the App Store. Although a certificate with the correct name is displayed in Xcode.
In this case, go to https://developer.apple.com -> certificates, use the plus sign (+) to add a new certificate (distribution), and follow the steps to request a certificate for the private key on your current machine. After installing the certificate, authentication may work.
For me I tried almost all the suggestions given above but the problem still reoccurred after the first success in uploading to App store. Until I found this website. In summary, do the following
Open terminal
Run this command:
rm -rf ~/.itmstransporter/
“/Applications/Xcode.app/Contents/Applications/Application
Loader.app/Contents/itms/bin/iTMSTransporter”
Note: this command(which is different from others above) will delete your ITMSTansporter folder and create a new one and ensure that xcode is quitted before running this command.
3. Start Xcode and all should be well.
Using Xcode 12.3 Distribute App and xcodebuild both got stuck today at this point.
I finally was able to solve this. Peeking around my system I found 3 versions of iTMSTransporter.
Printing the version of each using ./iTMSTransporter -version gives the following results:
/Applications/Transporter.app/Contents/itms/bin/ has version 2.0.0
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/bin/ has version 2.1.0
/usr/local/itms/bin/ has version version 1.9.3
So it looks that old version in /usr/local/itms was used by Xcode. After deleting /usr/local/itms I was able to upload my binary within Xcode 12.2 and using the xcodebuild command line tool.
Check your firewall
Network settings - (Check with network admin, usually they have blocked apple services unknowingly)
Check your system data/time.
I had same sort of issue, I resolved it by getting direct access to internet.
Also check Application Loader logs to see at which point it gets stuck.
I think I followed all the approaches given, but none worked for me.
My own approach that seems to work for me is to go thru the initial steps to upload a binary, then, after selecting the binary, do NOT click Send; instead close the window, and in the new window that will appear, start anew: hopefully it will go thru.
Found the solution:
I was uploading the build, Every activity went well except “Authenticating with the iTunes store”.
I disconnected my LAN cable and Connected my MAC with my mobile hotspot. and authentication problem was solved. If you have a limited internet plan then as soon as you pass authentication stage, again connect your LAN so that it will upload the app from you LAN cable's internet connection.
my upload failed each time when I uncheck the "include bitcode" option when uploading. So I checked the "include bitcode" option and upload went well.
Check your Firewall, If it is "On" then just Off it, then try

MacOS Notarize - Gatekeeper does not recognize notarized app

I have a MacOS app and want to distribute to beta users as DMG file outside AppStore.
I have read some articles about how to notarize an app and follow the steps to successfully notarize the DMG file without any problem.
My development machine runs on MacOS 10.14, and XCode version is 10.1.
However when I try to check the notarized DMG file on another testing machine which runs on MacOS 10.14.5 (by sending the file via AirDrop, or download from my website), I still see the popup from GateKeeper with message "'myApp.dmg' can’t be opened because Apple cannot check it for malicious software." on that machine.
It seems Gatekeeper does not work properly to check notarized DMG file. Is there anybody having the same problem and how to fix that?
Short answer
It could be due to an RPATH referencing a path outside the App bundle. Removing this RPATH would resolve the issue.
Inspecting log files
You can find extra information about the rejection (after trying to launch the blocked app) in the Console.app. Note that you should open the Console.app, before trying to open your blocked app, otherwise not all messages may be logged. You should look for process XprotectService in the logs of your device (i.e. choose your device in the left side bar of the Console.app). If the RPATH is indeed the problem, you should find a record like this:
XprotectService: [com.apple.xprotect:xprotect] File /path/to/your/executable/or/library failed on rPathCmd /rpath/causing/the/problem (rpath resolved to: (path not found), bundleURL: /path/to/your/bundle.app)
Inspecting these log files may give you a key to solve other issues too.
Note that I received the following information from an Apple engineer:
Gatekeeper does not inform users via UI about the specifics of the
error, though it is in the logs for developers to look at. The
notarization process is purely about a detecting malicious software
and does not replicate Gatekeeper enforcement. You still need to get
software notarized and test with Gatekeeper.
We are looking to provide better tooling for developers in the future
to pre-flight some of these common errors.
Contact Apple
If you are not able to solve your issue with the above information, you may want to contact Apple itself using the Feedback Assistant. They do not respond very quickly (~1-2 weeks), but the answers are rather to the point.

How to code sign macOS binary to stop firewall permissions requests?

Bowtie app is here: http://bowtieapp.com. The binary but not the source is available.
It has the problem on macOS Sierra 10.12.5 Beta that an active firewall causes it to request firewall permissions on every boot. I suspect this can only be resolved via codesigning.
There is an old fix which no longer seems to work:
https://ivadrenaline.wordpress.com/2015/07/07/do-you-want-the-application-to-accept-incoming-network-connections/
You can sign the frameworks, but then when you sign the whole app you get:
/Applications/Bowtie.app/: resource fork, Finder information, or similar detritus not allowed
Googling that error leads to: https://developer.apple.com/library/content/qa/qa1940/_index.html
But while running xattr -cr on the app causes the signing to proceed without error, it still does not prevent the firewall dialog permissions request from appearing.
I have also tried deep versions of the signing process which did not work.
I think Bowtie has the app itself and a helper application, so it may have more than one executable, and be related to this item: Application with multiple executables appears signed but triggers firewall warning
Also:
Why is OSX continually asking for firewall permission for my app which is signed?
This promising answer also did not work:
https://stackoverflow.com/a/40067738/365478
What is the fix for this?
Manually adding the application to the firewall exclusions list via the macOS System Preferences UI worked. The .app was fine, it wasn't necessary to find the executable. I didn't isolate these changes, so it may also be necessary to codesign the app with the failing methods and/or to manually set firewall exclusions via the terminal, as another answer on the following thread suggests.
https://stackoverflow.com/a/10011819/365478
If someone shows how to codesign it properly I'll remark that best answer.

OSX Gatekeeper stopping my application

My application was working good before I added one library and a sub-project(both created by me). All are code signed with same value.
If I create a local DMG (using build-script) then it is getting installed on my system, also in other system. But the build taken from Anthill pro fails to pass the OSX Gatekeeper and shows "Un-Identified developer" issue.
What could be the issue that makes the same DMG to behave differently?
I recently dealt with an issue with using a build server to sign an application. It signed fine, but then when we distributed it through our website, our users were asked to "Move to Trash" by OSX. My scenario was a little different, as I was using Jenkins, but perhaps the problem is the same.
I solved the issue by elevating our jenkins user up to an admin, and then running codesign with sudo.
I think this has something to do with signing as a developer vs. signing for distribution. If you download a signed package and your application was signed without distribution privileges, the extended attribute "com.apple.quarantine" gets places on the app package (check it by opening terminal and typing 'xattr [path-to-package]')

Resources