-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot register Tart VMs as developer device to provisioning profile #943
Comments
|
The issue persists even with a random serial set |
Then the other option might be that in order to use Apple ID on Sequoia devices VMs must be built from *.ipsw on a Sequoia device. Right now our images are still built on a Sonoma host due to some networking issues happening in Sequoia which blocks us from upgrading our infrastructure. Which images are you using? |
I was using the tart sequoia 15.1 images. I have a suspicion this is because Apple does not recognize the random UDID that tart provides in the VM, whereas the UDID of an actual mac would be verifiable, especially since you can change the UDID of the vm using My workaround for right now has been to build apps with the |
For signing macOS apps this is really annoying, because we have to register a new device ID for every new VM image we create. And there is a limit of 100. I want to make a suggestion. I saw this MR which added the --random-serial set command. Why not allow advanced users to pass the device ID they want to use? The VZMacMachineIdentifier type has an initializer with Data so it should be possible in exactly the same way as with the random identifier. Has this been discussed before? I don't want to maintain a Tart fork, but I would be willing to create a MR for it if there is a chance for it to get accepted. |
#59 is not possible at the moment. You want to create VMs from an *.ipsw with a predictable device ID, right? |
No actually it's more about the device ID not changing when deploying new versions of a image. As far as I understand you can't just chose arbitrary device IDs because we don't know how VZMacMachineIdentifier works exactly. The documentation says "When serializing the VM to disk, you can preserve the identifier in a binary representation by serializing the data in the VZMacMachineIdentifier.dataRepresentation property. Conversely, you can recreate the identifier with init(dataRepresentation:) from the binary representation." And I thought if we can just take a valid binary representation, for example when the image is first created, persist it, use it the next time we generate a new version of the image. That would ensure the device ID never changes. |
|
Yes it changes, which confirms assumption about how code signing works. I don't know what exactly is going on, but after running From playing around I can tell that you are already persisting this serial / machine identifier in some way, because merely creating a new image on the same machine will not create a new serial. In other words, every image created on the same machine always has the same serial, unless Therefore my conclusion is that our issue stems from the fact that we are using a pool of several machines to create these images, and if a new machine is added to this pool, the images created on it will have a new serial. Which is not as bad as I thought initially, where I said the serial changes for every new image. This is not true, the serial only changes if the new image is build on a new machine. |
To the original poster: I was not using fastlane to add the machine identifiers, but I am using match to generate provisioning profiles. So generally speaking there is no issue with Tart VMs and code signing. Maybe you just sent the wrong machine identifier? Where did you get your argument tart_vm_udid from? I'm taking it from the xcodebuild output... |
The issue here isn't code signing itself but code signing an app using a specific provisioning profile. The app I'm trying to build uses an iOS App Development profile, in order to build on any device using a Development profile you must register the device to the profile which returns the error I originally sent. The
or by just checking System Information |
|
I'm using a VM, not built on my machine, from the latest IPSW at the time (15.1).
I haven't tried anything newer than 15.1 |
tried building locally and it did not resolve the issue, I believe because the hardware identifier is originally set from the restore generated and distributed by apple. If there is a way to generate the ipsw from my own mac then I think the issue may be resolved, but I can't find any information about this online. Looking through the virtualization docs also confirms this as the hardware model settings come from the restore itself. |
I am experiencing a similar issue on macOS Sequoia 15.2 VMs, where I am unable to run any macOS app that is developer-signed, even if I add the device UUID to the devices list for my organization. Strangely, when I go to inspect the The same app will run just fine on a bare-metal machine that has been registered in the devices list. It seems that some part of Sequoia is refusing to accept any provisioning profile for running developer-signed apps in a virtual machine, even if that profile contains the device's UUID. I'm moving forward by signing everything with Developer ID as a workaround, but obviously that isn't a very attractive solution from a security standpoint. If anybody has more details I'd love to hear your experience, so far the Internet hasn't turned up any useful information as it seems like it's quite a niche use case. |
It turns out that Sequoia VMs have an incorrect format for their provisioning UDIDs. This is why you're getting that error when trying to register the VM as a device - it's using the iOS-style UDID that looks like |
Hello,
I am trying to build a macos app from src on a tart VM running macOS sequoia, and in order to be able to, the provisioning profile needs to have the device (tart VM) included. The device ID here is the mac UDID except I am getting the following error when attempting the register the device
The request was made via the fastlane
register_devices
lane.I'm trying to understand if this is a limitation by Apple, or if there is any known workaround.
The text was updated successfully, but these errors were encountered: