Developing a Maui Blazor MacCatalyst app for Apple macOS store is a terrible experience

[Jinjinov]

Description

There are many things that could be better.

Developing a MacCatalyst app:

• [x] Building a Release version on Visual Studio for Mac always builds for the first framework in TargetFrameworks, not the selected framework

  • [x] https://developercommunity.visualstudio.com/t/Building-a-Release-version-always-builds/10238279

• [x] Visual Studio for Mac can not run any MAUI project in Release mode:

  • [x] https://developercommunity.visualstudio.com/t/Can-not-run-any-MAUI-project-in-Release-/10237400

• [x] it doesn't work with XCode 14.2 and iOS 16.2

  • [x] https://github.com/dotnet/maui/issues/12124#issuecomment-1358154061

• [x] Microsoft.AspNetCore.Components.Web.HeadOutlet throws exception in the trimmed version

  • [x] https://github.com/dotnet/aspnetcore/issues/40033#issuecomment-1362864155

• [x] adding signing to csproj results in error MSB6006: "codesign" exited with code 3.

  <EnableCodeSigning>True</EnableCodeSigning>
  <CodesignKey>3rd Party Mac Developer Application: Jinjinov (**********)</CodesignKey>
  <EnablePackageSigning>true</EnablePackageSigning>
  <PackageSigningKey>3rd Party Mac Developer Installer: Jinjinov (**********)</PackageSigningKey>

• [x] can't open developer tools for Blazor:

  • [x] https://github.com/dotnet/maui/issues/5561
  • [x] https://github.com/dotnet/maui/issues/7706

Publishing a MacCatalyst app on Apple macOS store:

• [x] rejected when trying to upload with Transporter: The product archive package's signature is invalid. Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate. A commented section in csproj that the developer could un-comment would be helpful here.

• [x] rejected when trying to upload with Transporter: The product archive is invalid. The Info.plist must contain a LSApplicationCategoryType key, whose value is the UTI for a valid category. For more details, see "Submitting your Mac apps to the App Store". Some indication in Visual Studio would be helpful here. I had to add:

  <key>LSApplicationCategoryType</key>
  <string>public.app-category.productivity</string>

• [x] rejected when trying to upload with Transporter: Invalid bundle. The bundle supports arm64 but not Intel-based Mac computers. Your build must include the x86_64 architecture to support Intel-based Mac computers. A commented section in csproj that the developer could un-comment would be helpful here: <RuntimeIdentifiers>maccatalyst-x64;maccatalyst-arm64</RuntimeIdentifiers>

• [x] rejected when trying to upload with Transporter: Invalid Bundle. The key UIDeviceFamily in the app's Info.plist file contains one or more unsupported values '1'. (ID: e98a0fc1-d792-4b2d-854c-51a5d1649c82) I had to change

  <key>UIDeviceFamily</key>
  <array>
      <integer>1</integer>
      <integer>2</integer>
  </array>

  to

  <key>UIDeviceFamily</key>
  <array>
      <integer>2</integer>
  </array>

• [x] rejected when trying to upload with Transporter: App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list Adding a Platforms/MacCatalyst/Entitlements.plist file and <CodesignEntitlement>Platforms/MacCatalyst/Entitlements.plist</CodesignEntitlement> inside csproj would be helpful here. I had to add:

  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>com.apple.security.app-sandbox</key>
  <true/>
  </dict>
  </plist>

• [x] rejected because project name is used instead of application title: https://github.com/dotnet/maui/issues/12287

• [x] I had to add <key>ITSAppUsesNonExemptEncryption</key><false/> to Info.plist. Some indication in Visual Studio would be helpful here.

• [x] Maui Blazor template lacks entitlements necessary to submit to Apple macOS store

  • [x] https://github.com/dotnet/maui/issues/13094
  • [x] https://github.com/dotnet/maui/issues/14219

• [x] https://github.com/xamarin/xamarin-macios/issues/14686

• [x] https://github.com/xamarin/xamarin-macios/issues/17591

Steps to Reproduce

1. Create a new Maui Blazor project
2. Try to publish a Maui Blazor MacCatalyst app on Apple macOS store

Link to public reproduction project repository

https://github.com/Jinjinov/Ididit

Version with bug

7.0 (current)

Last version that worked well

Unknown/Other

Affected platforms

macOS

Affected platform versions

macOS Ventura 13.1

Did you find any workaround?

No response

Relevant log output

No response

[akhanalcs]

Microsoft should document all the issues and solutions you figured out. And hopefully make the whole experience better. This was a great post. Thank you!

[ghost]

We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.

[rachelkang]

@rolfbjarne thoughts on any of these issues here?

[rolfbjarne]

This is great feedback! Thanks a lot!

• adding signing to csproj results in error MSB6006: "codesign" exited with code 3.

I'm not sure what caused this, a binlog would likely be nice to diagnose.

Publishing a MacCatalyst app on Apple macOS store:

• rejected when trying to upload with Transporter: Invalid bundle. The bundle supports arm64 but not Intel-based Mac computers. Your build must include the x86_64 architecture to support Intel-based Mac computers. A commented section in csproj that the developer could un-comment would be helpful here: <RuntimeIdentifiers>maccatalyst-x64;maccatalyst-arm64</RuntimeIdentifiers>

Mac Catalyst will default to a universal (arm64+x64) build when building for a Release configuration (and just x64 for all other configurations).

But yes, we can add a comment to the templates as well.

For most of the other publishing issues I filed https://github.com/xamarin/xamarin-macios/issues/17591 to improve our templates and build logic. @rachelkang you might want to update your MAUI templates as well.

[brightertools]

I am also trying to deploy to macOs and get things running.

This issue has helped me sign and get the app into TestFlight and distribute for testing. https://github.com/dotnet/docs-maui/issues/1187

Our app is a .net7.0, (non Blazor) MAUI app for windows/macOs, compiled on Monterey Intel mac and but crashes on another machine (Ventura M1 arm mac), this is all I have to test at the mo, so trying to work that out.

[cdavidyoung]

@brightertools , since you have gotten https://github.com/dotnet/docs-maui/issues/1187 to work, perhaps you could help me understand what to use for YOURNAME (***) and YOUR PROFILE NAME.

<CodesignKey>Apple Distribution: YOURNAME (*******)</CodesignKey>
<CodesignEntitlements>Platforms\MacCatalyst\Entitlements.plist</CodesignEntitlements>
<CodesignProvision>YOUR PROFILE NAME</CodesignProvision>
<PackageSigningKey>3rd Party Mac Developer Installer: YOURNAME (*******)</PackageSigningKey>

For what it is worth, I compile and run my MacCatalyst app on my Mac Mini, which is an M1. Previously I was using a 2014 Mac Mini and it would also compile and run my MacCatalyst app. Have you tried building on your M1 Mac?

[brightertools]

@brightertools , since you have gotten dotnet/docs-maui#1187 to work, perhaps you could help me understand what to use for YOURNAME (***) and YOUR PROFILE NAME.

<CodesignKey>Apple Distribution: YOURNAME (*******)</CodesignKey>
<CodesignEntitlements>Platforms\MacCatalyst\Entitlements.plist</CodesignEntitlements>
<CodesignProvision>YOUR PROFILE NAME</CodesignProvision>
<PackageSigningKey>3rd Party Mac Developer Installer: YOURNAME (*******)</PackageSigningKey>

For what it is worth, I compile and run my MacCatalyst app on my Mac Mini, which is an M1. Previously I was using a 2014 Mac Mini and it would also compile and run my MacCatalyst app. Have you tried building on your M1 Mac?

Hi @cdavidyoung

Thanks for your message.

Following the guide you will need to create the certificates (x2) and download them to your computer. The: Apple Distribution: YOURNAME (***) is copied from the one certificate name

The: 3rd Party Mac Developer Installer: YOURNAME (***) is copied from the other certificate name

The profile name is the name created when creating the profile in the "Certificates, Identifiers & Profiles" section of the apple developer site. In xode you need to login to your account and download the manual profiles.. this is the profile with the matching name I beleive.

I am developing mainly on Windows then opening on my Mac to publish (Visual Studio seems a bit slower to develop on Mac, from key commands to building and running) I only have a Mid 2015 mac, the app uns fine locally, but does not run on either my mac or another M1 mac via TestFlight. it just crashes.. searched around and found loads of things to try but its so trial and error.

It's not straight forward what might work or not in the "sandbox" or if I am worried about that too much, given the entitlements which are not that clear.

The process of setting up a new app, just for testing and re-building the app until it fails seems like a long winded unnecessary process, but it's hard to tell if the error is build, platform, signing or code related.

[cdavidyoung]

Ok, this is what one of my certificates says:

Certificate Name Charles Young Certificate Type Mac Installer Distribution Expiration Date 2024/02/29 Created By Charles Young @.***)

It is still not clear but perhaps YOURNAME (****) is actually Charles Young @.)? And the profile name is the one right under the Name label ( "**" ) when viewing the profile? Review Provisioning Profile Name "**" Status Active Platform macOS

Regarding the Mid 2015 mac and the M1 Mac, I found that when I migrated from my 2014 Mac Mini to the recent M1 Mac Mini certain applications would not run until different versions were installed. I believe this was the difference between the Intel chip of the older Macs and the newer Macs with the Apple M1 chip. I even had trouble building my app on the M1 Mac until VS and Xcode updated to compatible versions. I don't understand it but perhaps this has something to do with your problem. You might just have to upgrade your 2015 Mac to a more recent model. I just picked up my M1 Mac Mini at Costco for $400. The M2 is just $200 more and it will run circles around your 2015 Mac.

On Thu, Mar 2, 2023 at 6:05 AM Mark Redman @.***> wrote:

@brightertools https://github.com/brightertools , since you have gotten dotnet/docs-maui#1187 https://github.com/dotnet/docs-maui/issues/1187 to work, perhaps you could help me understand what to use for YOURNAME (***) and YOUR PROFILE NAME.

Apple Distribution: YOURNAME (*******) Platforms\MacCatalyst\Entitlements.plist YOUR PROFILE NAME 3rd Party Mac Developer Installer: YOURNAME (*******)

For what it is worth, I compile and run my MacCatalyst app on my Mac Mini, which is an M1. Previously I was using a 2014 Mac Mini and it would also compile and run my MacCatalyst app. Have you tried building on your M1 Mac?

Hi @cdavidyoung https://github.com/cdavidyoung

Thanks for your message.

Following the guide you will need to create the certificates (x2) and download them to your computer. The: Apple Distribution: YOURNAME (***) is copied from the one certificate name

The: 3rd Party Mac Developer Installer: YOURNAME (***) is copied from the other certificate name

The profile name is the name created when creating the profile in the "Certificates, Identifiers & Profiles" section of the apple developer site. In xode you need to login to your account and download the manual profiles.. this is the profile with the matching name I beleive.

I am developing mainly on Windows then opening on my Mac to publish (Visual Studio seems a bit slower to develop on Mac, from key commands to building and running) I only have a Mid 2015 mac, the app uns fine locally, but does not run on either my mac or another M1 mac via TestFlight. it just crashes.. searched around and found loads of things to try but its so trial and error.

It's not straight forward what might work or not in the "sandbox" or if I am worried about that too much, given the entitlements which are not that clear.

The process of setting up a new app, just for testing and re-building the app until it fails seems like a long winded unnecessary process, but it's hard to tell if the error is build, platform, signing or code related.

— Reply to this email directly, view it on GitHub https://github.com/dotnet/maui/issues/12293#issuecomment-1451837173, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHE7KZX6KGJIZYKUX7AFSLW2CLINANCNFSM6AAAAAATIMHHBA . You are receiving this because you were mentioned.Message ID: @.***>

[brightertools]

@cdavidyoung

Yes, ProfileName is the Name field from the "Provisioning Profile" in the apple account area.

The others I copy/pasted these certificate names exactly from the Mac's Keychain Access > My Certificates.

My apple account is an organisation account, so has the company name, when I first set up the certificates I seemed to have loads my name and company name, and at some point deleted them all and re-created them (just the 2 required) and manually downloaded the profile in xcode via Xcode > Preferences > Account > Select Admin Account > Download Manual Profiles

Settings in the project for these are:

<CodesignEntitlements>Platforms\MacCatalyst\Entitlements.plist</CodesignEntitlements>
<CodesignKey>Apple Distribution: Brighter Tools Ltd (***)</CodesignKey>
<CodesignProvision>ProfileName</CodesignProvision>
<PackageSigningKey>3rd Party Mac Developer Installer: Brighter Tools Ltd (***)</PackageSigningKey>

I will be updating my mac, the mini is a good call.

UPDATE:

Purchased Macbook Pro M2, nor cannot publish the app.. lovely... will now figure that one out first Publish error = 1, not helpful.

And noticed running VS on windows on Parallels doesn't support MAUI..

[dustin-wojciechowski]

Working through your issue here and editing as I go along.

New templates implemented in #14219 solve following issues:

• [x] #13910 Solves the issue with the UIDeviceFamily key.
• [x] adding signing to csproj results in error MSB6006: "codesign" exited with code 3 - We have a fix submitted for that here: https://github.com/xamarin/xamarin-macios/issues/17829
• [x] https://github.com/dotnet/docs-maui/issues/1399 Will fix our documentation to indicate the correct usage of <RuntimeIdentifier(s)>
• [ ] #7706 - It appears this issue occurs due to an entitlement that is automatically added and removed by Apple in Xcode during debugging. Using partial entitlements could be a solution (and we do have an issue to address this as well: https://github.com/dotnet/maui/issues/13080) to fixing this in the future, but for now, please add this to your Entitlements.plist:

  <dict>
  <key>com.apple.security.get-task-allow</key>
  <true/>
  </dict>

  Also see this documentation.

• [x] #5561 Same Solution as above.

Other MAUI issues:

• [x] #12287 This issue is also tracked here: #11263. I'll see what I can do to help this along.

Issues for VS for Mac Team:

• [ ] For Visual Studio for Mac not being able to run maui apps in release mode: it appears that the VS for Mac team have included a fix in the latest preview version of VS for Mac 2022 Preview: https://developercommunity.visualstudio.com/t/Building-IOS-Release-generate-error-the/10208351 (check last comment in thread)
• [ ] #12124 It appears that this issue has to do with the iOS simulator when on M1/M2 Macs. This is a problematic issue because if we set this as a default, it could affect other libraries. We will see about getting this change into the IDE itself, but the suggested fix is to add this to the csproj within a Maui Blazor solution:

  <PropertyGroup>
  <RuntimeIdentifier>iossimulator-arm64</RuntimeIdentifier>
  </PropertyGroup>

  Issue for .NET Core team:

• [ ] Microsoft.AspNetCore.Components.Web.HeadOutlet throws exception in the trimmed version https://github.com/dotnet/aspnetcore/issues/40033#issuecomment-1362864155 - To reduce trimming - It looks like this is aspnetcore's wheelhouse. I saw that you had a workaround for this, but an additional recommendation is to add this to your csproj to reduce trimming for iOS/MacCatalyst:

  <PropertyGroup>
  <MouchLink>None</MtouchLink>
  </PropertyGroup>

[dustin-wojciechowski]

I'll try to address all the issues line by line here.

Note: In addition to updating the templates for MAUI MacCatalyst apps to include what is necessary for publishing, the MAUI MacCatalyst Publishing documentation has also been updated, and has additional information. You can access it at aka.ms/publish-maui-app-store.

Developing a MacCatalyst app:

• [ ] Building a Release version on Visual Studio for Mac always builds for the first framework in TargetFrameworks, not the selected framework: https://developercommunity.visualstudio.com/t/Building-a-Release-version-always-builds/10238279

It looks like the VS for Mac team was looking into this, but their followup fizzled out. I will say though when it comes to building in Visual Studio, the behavior of building only using the selected platform in the IDE will only work when the Debug target is selected in the IDE. This type of target filtering does not exist for Release. Building for release in the IDE isn't really a replacement gesture for a proper archive for publishing through the IDE or from the CLI.

• [ ] Visual Studio for Mac can not run any MAUI project in Release mode: https://developercommunity.visualstudio.com/t/Can-not-run-any-MAUI-project-in-Release-/10237400

It appears that the VS for Mac team have included a fix in the latest preview version of VS for Mac 2022 Preview: https://developercommunity.visualstudio.com/t/Building-IOS-Release-generate-error-the/10208351 (check last comment in thread)

• [ ] it doesn't work with XCode 14.2 and iOS 16.2 https://github.com/dotnet/maui/issues/12124#issuecomment-1358154061

It appears that this issue has to do with the iOS simulator when on M1/M2 Macs. This is a problematic issue because if we set this as a default, it could affect other libraries. We will see about getting this change into the IDE itself, but the suggested fix is to add this to the csproj within a Maui Blazor solution:

<PropertyGroup>
    <RuntimeIdentifier>iossimulator-arm64</RuntimeIdentifier>
</PropertyGroup>

• [ ] Microsoft.AspNetCore.Components.Web.HeadOutlet throws exception in the trimmed version https://github.com/dotnet/aspnetcore/issues/40033#issuecomment-1362864155

It looks like this is aspnetcore's wheelhouse. I saw that you had a workaround for this, but an additional recommendation is to add this to your csproj to reduce trimming for iOS/MacCatalyst:

<PropertyGroup>
    <MouchLink>None</MtouchLink>
</PropertyGroup>

• [x] adding signing to csproj results in error MSB6006: "codesign" exited with code 3.

We have a fix submitted for that on the .NET for iOS side here: https://github.com/xamarin/xamarin-macios/issues/17829

• [x] can't open developer tools for Blazor: https://github.com/dotnet/maui/issues/5561 https://github.com/dotnet/maui/issues/7706

For both of these issues, It appears this issue occurs due to an entitlement that is automatically added and removed by Apple in Xcode during debugging. This is updated in our our templates as per #14196 , but for now, please add this to your Entitlements.plist:

<dict>
    <key>com.apple.security.get-task-allow</key>
    <true/>
</dict>

Publishing a MacCatalyst app on Apple macOS store:

• [x] rejected when trying to upload with Transporter: The product archive package's signature is invalid. Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate. A commented section in csproj that the developer could un-comment would be helpful here.

Solution added to templates in #14196

• [x] rejected when trying to upload with Transporter: The product archive is invalid. The Info.plist must contain a LSApplicationCategoryType key, whose value is the UTI for a valid category. For more details, see "Submitting your Mac apps to the App Store".

Solution added to templates in #14196

• [x] rejected when trying to upload with Transporter: Invalid bundle. The bundle supports arm64 but not Intel-based Mac computers. Your build must include the x86_64 architecture to support Intel-based Mac computers.

Solution added to templates in #14196

• [x] rejected when trying to upload with Transporter: Invalid Bundle. The key UIDeviceFamily in the app's Info.plist file contains one or more unsupported values '1'. (ID: e98a0fc1-d792-4b2d-854c-51a5d1649c82)

Solution added to templates in #13910

• [x] rejected when trying to upload with Transporter: App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list

Solution added to templates in #14196

• [ ] rejected because project name is used instead of application title: https://github.com/dotnet/maui/issues/12287

I've made a comment in this issue, but essentially this falls on an issue where Apple is not using the CFBundleDisplayName in the tool tip you get when you hover over the application in the app dock. I will file a feedback ticket to Apple to see if we can get that fixed. Unfortunately for now, it will have to rely on what is set for your Application Title.

• [x] I had to add ITSAppUsesNonExemptEncryption to Info.plist. Some indication in Visual Studio would be helpful here.

Solution added to templates in #14196

• [x] Maui Blazor template lacks entitlements necessary to submit to Apple macOS store

Solution added to templates in #14196.

I hope these changes and suggestions will help improve your experience with publishing your MAUI Blazor MacCatalyst app for the Mac App Store!

[Jinjinov]

@dustin-wojciechowski Thank you very much for looking into this.

One of the last obstacles was https://github.com/dotnet/maui/issues/13094 but after fixing it, I still can't publish.

After these two entitlements were added, the .pkg file was successfully submitted to Apple for review, but they rejected it because the app crashed on launch. Their crash report:

Termination Reason:    Namespace DYLD, Code 1 Library missing
Library not loaded: @executable_path/../MonoBundle/libSystem.IO.Compression.Native.dylib
Referenced from: <DDE3A74F-055E-3EE1-94C5-8E5120BB0680> /Applications/ididit.today.app/Contents/MacOS/ididit.today
Reason: tried: '/System/Volumes/Preboot/Cryptexes/OS@executable_path/../MonoBundle/libSystem.IO.Compression.Native.dylib' (no such file), '/usr/lib/libSystem.IO.Compression.Native.dylib' (no such file, not in dyld cache), (security policy does not allow @ path expansion)
(terminated at launch; ignore backtrace)

[cdavidyoung]

I am getting the exact same crash report after downloading from TestFlight. I opened an issue trying to get some clarification on the documentation.

https://github.com/dotnet/docs-maui/issues/1403.

@dustin-wojciechowski I have not gone through your long list of solutions yet. It is not clear whether you have been successful in publishing a Mac app. If so, was it in association with the iOS version of the same app?

[brightertools]

I am getting the exact same crash report after downloading from TestFlight. I opened an issue trying to get some clarification on the documentation.

dotnet/docs-maui#1403.

@dustin-wojciechowski I have not gone through your long list of solutions yet. It is not clear whether you have been successful in publishing a Mac app. If so, was it in association with the iOS version of the same app?

I can also publish and download the published app via TestFlight but the app crashes when run on any Mac (intel/M1,M2)

[cdavidyoung]

@brightertools have you published an iOS version of your app?

[brightertools]

@brightertools have you published an iOS version of your app?

No, This app is built for desktop PC and MacOs, I haven't tried IOS specifically, although there are default references to IOS in the project, which I have left in there.

[dustin-wojciechowski]

@Jinjinov @cdavidyoung @brightertools So this looks like it may be an issue with provisioning. We are tracking this issue on the Xamarin-macios repo here: https://github.com/xamarin/xamarin-macios/issues/14686.

It appears that the solution to this would be to : Create a new provisioning profile and ensure that Configuration is set to "Mac" and not "Mac Catalyst". See this comment here: https://github.com/xamarin/xamarin-macios/issues/14686#issuecomment-1109808007

An alternative would be to add this to the .csproj:

<_LibMonoLinkMode>Static</_LibMonoLinkMode>
<_LibXamarinLinkMode>Static</_LibXamarinLinkMode>

It appears, however, that this second solution works for some and not for others.

Let me know how that works out, I am going to try and reproduce this.

[Jinjinov]

@dustin-wojciechowski Thank you very much for looking into this issue.

I tried the static link mode workaround, but the pkg is not appearing on the apple developer console, even though Transporter says the upload was successful.

EDIT: Two days later I got an email from Apple saying that the files are not properly signed: "ITMS-90238: Invalid Signature"

[Jinjinov]

Dear Developer,

We identified one or more issues with a recent delivery for your app, "ididit! habit tracker" 1.0.8 (8). Please correct the following issues, then upload again.

ITMS-90238: Invalid Signature - The executable at path ididit!.app/Contents/MonoBundle/libSystem.IO.Compression.Native.dylib has following signing error(s): valid on disk /Volumes/workspace/app_data/SWValidationService/mz_11706403474603236997dir/mz_1163718708745426016dir/com.jinjinov.ididit.pkg/Payload/ididit!.app/Contents/MonoBundle/libSystem.IO.Compression.Native.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.

ITMS-90238: Invalid Signature - The executable at path ididit!.app/Contents/MonoBundle/libSystem.Native.dylib has following signing error(s): valid on disk /Volumes/workspace/app_data/SWValidationService/mz_11706403474603236997dir/mz_1163718708745426016dir/com.jinjinov.ididit.pkg/Payload/ididit!.app/Contents/MonoBundle/libSystem.Native.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.

ITMS-90238: Invalid Signature - The executable at path ididit!.app/Contents/MonoBundle/libSystem.Net.Security.Native.dylib has following signing error(s): valid on disk /Volumes/workspace/app_data/SWValidationService/mz_11706403474603236997dir/mz_1163718708745426016dir/com.jinjinov.ididit.pkg/Payload/ididit!.app/Contents/MonoBundle/libSystem.Net.Security.Native.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.

ITMS-90238: Invalid Signature - The executable at path ididit!.app/Contents/MonoBundle/libSystem.Security.Cryptography.Native.Apple.dylib has following signing error(s): valid on disk /Volumes/workspace/app_data/SWValidationService/mz_11706403474603236997dir/mz_1163718708745426016dir/com.jinjinov.ididit.pkg/Payload/ididit!.app/Contents/MonoBundle/libSystem.Security.Cryptography.Native.Apple.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.

ITMS-90238: Invalid Signature - The executable at path ididit!.app/Contents/MonoBundle/libmonosgen-2.0.dylib has following signing error(s): valid on disk /Volumes/workspace/app_data/SWValidationService/mz_11706403474603236997dir/mz_1163718708745426016dir/com.jinjinov.ididit.pkg/Payload/ididit!.app/Contents/MonoBundle/libmonosgen-2.0.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.

ITMS-90238: Invalid Signature - The executable at path ididit!.app/Contents/MonoBundle/libxamarin-dotnet.dylib has following signing error(s): valid on disk /Volumes/workspace/app_data/SWValidationService/mz_11706403474603236997dir/mz_1163718708745426016dir/com.jinjinov.ididit.pkg/Payload/ididit!.app/Contents/MonoBundle/libxamarin-dotnet.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.

Best regards,

The App Store Team

[mike3sullivan]

@dustin-wojciechowski Thank you very much for looking into this.

One of the last obstacles was #13094 but after fixing it, I still can't publish.

After these two entitlements were added, the .pkg file was successfully submitted to Apple for review, but they rejected it because the app crashed on launch. Their crash report:

Termination Reason:    Namespace DYLD, Code 1 Library missing
Library not loaded: @executable_path/../MonoBundle/libSystem.IO.Compression.Native.dylib
Referenced from: <DDE3A74F-055E-3EE1-94C5-8E5120BB0680> /Applications/ididit.today.app/Contents/MacOS/ididit.today
Reason: tried: '/System/Volumes/Preboot/Cryptexes/OS@executable_path/../MonoBundle/libSystem.IO.Compression.Native.dylib' (no such file), '/usr/lib/libSystem.IO.Compression.Native.dylib' (no such file, not in dyld cache), (security policy does not allow @ path expansion)
(terminated at launch; ignore backtrace)

Same error, tried the static link fix and did not work. Building for Release with developer id application/installer. Pkg installs but errors on run.

[cdavidyoung]

@mike3sullivan Did you try running from TestFlight before submitting the app?

[mike3sullivan]

App Store not involved…built app for distribution outside Apple Store. Pkg built and installed without problem, but errors on app run.

[dustin-wojciechowski]

@Jinjinov @cdavidyoung @brightertools Have you tried creating a provisioning profile that specifies MacOS instead of MacCatalyst for the Profile Type? If not, I strongly recommend that you do this, as I was able to replicate your error exactly when creating a provisioning profile that had MacCatalyst set:

But when I used a provisioning profile that had Mac set, the app worked as correctly when operating through TestFlight. See our documentation here for this (keep in mind the image in the documentation is currently set to MacCatalyst)

We'll need to investigate this further to see exactly what is causing this issue, but I will see if we can add a note in our documentation addressing this error in the meanwhile.

[dustin-wojciechowski]

@mike3sullivan If you are getting the same error, it is likely that my comment above will be beneficial to you too. Please check out this section in MAUI publishing documentation for publishing outside the App Store: Creating a provisioning profile (just change Profile Type from Mac Catalyst to Mac for the Profile Type)

[mike3sullivan]

ok...THAT error is gone now...but my app still crashes. The investigation continues...

[dustin-wojciechowski]

@mike3sullivan Would you mind creating a new issue for publishing outside the Mac App Store, with a crash report and a reproduction? I can start taking a look at it, but want to keep problems related to publishing to the App Store limited to this issue.

[mike3sullivan]

I am stuck again -- my problem now is in a Blazor page. I can't debug the problem since I have run into another listed problem - inability to use Dev Tools to debug Blazor. Seems this has become a problem again after upgrading MacOS to 13.3+ (and iOS 16.4+) per https://github.com/dotnet/maui/issues/7706

Not sure when the 'next SDK bump' is happening...

[dustin-wojciechowski]

@mike3sullivan Have you added com.apple.security.get-task-allow to your Entitlements file for your debug configuration?

[mike3sullivan]

Yes…added get-task-allowed as documented. Issue 7706 describes the scenario and discoveries. Apple make changes in 13.3 that require a change to an SDK.

[dustin-wojciechowski]

@mike3sullivan Ah, okay. It looks like we have a fix recently completed for it: https://github.com/dotnet/maui/pull/14610

[cdavidyoung]

@dustin-wojciechowski I am now getting back to trying to publish my MacCatalyst app. In answer to your question, yes, I did create a provisioning profile that specifies MacOS instead of MacCatalyst for the Profile Type. I was still getting this crash so I once again went back to the beginning of the process.

After careful review I discovered I was using an invalid profile in the CodesignProvision of the release configuration in the .csproj file. However, after fixing that I am now not even able to use Transporter to upload the pkg.

One thing that may be a little different about my situation is that I am trying to publish both an iOS version and a MacCatalyst version of my app. The iOS version (CacheAll) is already published, so I must be doing something right. 👍

So, I would like to describe my procedure step-by-step to see if you agree with it. Perhaps this might reveal where I am getting it wrong. So my first question is whether creating the certificate(s) is independent of the subsequent steps. In other words, could any decision in a later step of create/downloading a distribution/provisioning profile make it necessary to redo the certificate(s)? I am assuming that I do not need to redo this regardless of subsequent steps.

1. Create a certificate signing request
2. Create a distribution certificate
3. Create an installer certificate

Of course, the name of this certificate is later included in the .csproj file:

3rd Party Mac Developer Installer: Charles Young (...)

[mike3sullivan]

Putting this here (as an FYI) because it got moved out of the Maui issues but will potentially affect people reading this thread. Using DateTime.Parse or its variants in Release on MacCatalyst will crash the app; caused by a bug in the runtime. https://github.com/dotnet/runtime/issues/85414

[cdavidyoung]

@dustin-wojciechowski Any help with the first step of the process: certificates? Do I need to redo that step or should I move on to Create a distribution profile?

[dustin-wojciechowski]

@cdavidyoung My first thought would have to be with publishing to the two platforms, especially if the app already exists in the store. It looks like from the issue you created with the MAUI documentation repo here that you've already tried configuring the App Id as posted in this section: Configuring the App ID.

I think this would be worth creating a new issue within the primary MAUI repo as well. @jfversluis have you had issues when publishing a MacCatalyst version of an already existing iOS app?

Also, I wonder if publishing to multiple platforms might not work at all with our workaround of using Mac for the Profile Type when generating the provisioning profile @rolfbjarne?

[cdavidyoung]

First of all, thank you @dustin-wojciechowski for responding. It gives me hope that there is some way forward!

I guess we'll wait to hear from @jfversluis whether publishing a MacCatalyst version of an already existing iOS app is even doable at this point.

I am certainly willing to be a guinea pig for this task. Just let me know where to start. As mentioned before, I would like to verify that my certificates are in order. I have a bunch of them on the Apple developer website and a lot of them in my keychain on the Mac.

[rolfbjarne]

@dustin-wojciechowski

Also, I wonder if publishing to multiple platforms might not work at all with our workaround of using Mac for the Profile Type when generating the provisioning profile @rolfbjarne?

I haven't heard about any such issues, but otoh nobody has said they have this scenario working either.

@cdavidyoung

However, after fixing that I am now not even able to use Transporter to upload the pkg.

What's the exact error you're getting?

[cdavidyoung]

Could not create a temporary .itmsp package for the app "CacheAll-0.0.35.pkg". No suitable application records were found. Verify your bundle identifier 'com.CacheAlI.MacCatalyst' is correct and that you are signed into Xcode with an Apple ID that has access to the app in App Store Connect

[rolfbjarne]

Could not create a temporary .itmsp package for the app "CacheAll-0.0.35.pkg". No suitable application records were found. Verify your bundle identifier 'com.CacheAlI.MacCatalyst' is correct and that you are signed into Xcode with an Apple ID that has access to the app in App Store Connect

If you're trying to create a universal purchase in the App Store, you need to use the same bundle identifer as for the iOS app (I'm assuming that's not com.CacheAll.MacCatalyst)

[cdavidyoung]

When I switch the bundle id to com.CacheAlI I get a build error:

/usr/local/share/dotnet/packs/Microsoft.MacCatalyst.Sdk/16.2.2054/tools/msbuild/iOS/Xamarin.Shared.targets(3,3): Error: Project bundle identifier 'com.CacheAll' does not match specified provisioning profile 'CacheAll MacCatalyst' (jiffyLog)

The com.CacheAlI id has the MacCatalyst checkbox selected and it refers to com.CacheAll.MacCatalyst.

[cdavidyoung]

If I change the CacheAll MacCatalyst to CacheAll CacheAll in the release config for MacCatalyst in my .csproj file I get the build error:

/usr/local/share/dotnet/packs/Microsoft.MacCatalyst.Sdk/16.2.2054/tools/msbuild/iOS/Xamarin.Shared.targets(3,3): Error: The specified MacCatalyst provisioning profile 'CacheAll CacheAll' could not be found (jiffyLog)

[rolfbjarne]

When I switch the bundle id to com.CacheAlI I get a build error:

/usr/local/share/dotnet/packs/Microsoft.MacCatalyst.Sdk/16.2.2054/tools/msbuild/iOS/Xamarin.Shared.targets(3,3): Error: Project bundle identifier 'com.CacheAll' does not match specified provisioning profile 'CacheAll MacCatalyst' (jiffyLog)

You need to create a provisioning profile for Mac Catalyst using the "com.CacheAll" bundle identifier.

[cdavidyoung]

@rolfbjarne To be explicit I think you are saying I should follow the procedure documented here: https://learn.microsoft.com/en-us/dotnet/maui/mac-catalyst/deployment/publish-app-store?view=net-maui-7.0#create-a-provisioning-profile

I did this and now I have a profile "CacheAll MacCatalyst Rolf". Where do I specify this in my project?

[rolfbjarne]

I did this and now I have a profile "CacheAll MacCatalyst Rolf". Where do I specify this in my project?

In the project file, in a CodeSignProvision property:

<PropertyGroup>
    <CodeSignProvision>CacheAll MacCatalyst Rolf</CodeSignProvision>
</PropertyGroup>

[cdavidyoung]

@rolfbjarne I have already tried this in the release MacCatalyst section of .csproj:

<CodesignProvision>CacheAll MacCatalyst Rolf</CodesignProvision>

And I got this build error:

/usr/local/share/dotnet/packs/Microsoft.MacCatalyst.Sdk/16.2.2054/tools/msbuild/iOS/Xamarin.Shared.targets(3,3): Error: The specified MacCatalyst provisioning profile 'CacheAll CacheAll' could not be found (jiffyLog)

[rolfbjarne]

@rolfbjarne I have already tried this in the release MacCatalyst section of .csproj:

CacheAll MacCatalyst Rolf

And I got this build error:

/usr/local/share/dotnet/packs/Microsoft.MacCatalyst.Sdk/16.2.2054/tools/msbuild/iOS/Xamarin.Shared.targets(3,3): Error: The specified MacCatalyst provisioning profile 'CacheAll CacheAll' could not be found (jiffyLog)

Could you get a binary build log (https://github.com/xamarin/xamarin-macios/wiki/Diagnosis#binary-build-logs) with that failure and attach it here?

[cdavidyoung]

So I followed these command line instructions:

https://github.com/xamarin/xamarin-macios/wiki/Diagnosis#command-line

msbuild.binlog.zip

[rolfbjarne]

So I followed these command line instructions:

https://github.com/xamarin/xamarin-macios/wiki/Diagnosis#command-line

msbuild.binlog.zip

You need to append /p:Configuration=Release to the command line to build the Release configuration (the Debug configuration is built by default, and it looks like that configuration doesn't reproduce the error)

[cdavidyoung]

@rolfbjarne Ok, I'll do that. In the meanwhile I did a clean all and delete obj/bin. Now I am getting a slightly different error.

/usr/local/share/dotnet/packs/Microsoft.MacCatalyst.Sdk/16.2.2054/tools/msbuild/iOS/Xamarin.Shared.targets(3,3): Error: Project bundle identifier 'com.CacheAll' does not match specified provisioning profile 'CacheAll MacCatalyst Rolf' (jiffyLog) msbuild 2.binlog.zip

[rolfbjarne]

@rolfbjarne Ok, I'll do that. In the meanwhile I did a clean all and delete obj/bin. Now I am getting a slightly different error.

/usr/local/share/dotnet/packs/Microsoft.MacCatalyst.Sdk/16.2.2054/tools/msbuild/iOS/Xamarin.Shared.targets(3,3): Error: Project bundle identifier 'com.CacheAll' does not match specified provisioning profile 'CacheAll MacCatalyst Rolf' (jiffyLog) msbuild 2.binlog.zip

Looks like you used a different bundle identifier than 'com.CacheAll' when creating the provisioning profile.

If you go to the list of provisioning profiles (https://developer.apple.com/account/resources/profiles/list), and then choose CacheAll MacCatalyst Rolf, what's the "App ID" value that shows up?

[cdavidyoung]

@rolfbjarne Name CacheAll MacCatalyst Rolf Status Active Platform macOS Expires 2024/04/04 Configuration Mac Catalyst with an associated App ID Type App Store Created By Charles Young (charlesdavidyoung@gmail.com) Enabled Capabilities

In-App Purchase App ID MacCatalyst (com.CacheAll.MacCatalyst) Associated App ID CacheAll CacheAll (com.CacheAll) Certificates 1 total