I'm working on a hybrid mobile app project (Ionic framework) and releasing to Android, iOS and web. This issue concerns only releasing the application on iOS.
I ran into an issue whereby I suddenly started getting the following email from iTunes Connect after building, archiving and uploading my iOS app to App Store from Xcode.
App Store Connect: Your app "YourAppName" (Apple ID: XXXXXXXXXX) has
one or more issues
Dear Developer,
We identified one or more issues with a recent delivery for your app,
"YourAppName". Please correct the following issues, then upload again.
Invalid Signature - A sealed resource is missing or invalid. The file
at path [YourAppName.app/YourAppName] is not properly signed. Make sure you
have signed your application with a distribution certificate, not an
ad hoc certificate or a development certificate. Verify that the code
signing settings in Xcode are correct at the target level (which
override any values at the project level). Additionally, make sure the
bundle you are uploading was built using a Release target in Xcode,
not a Simulator target. If you are certain your code signing settings
are correct, choose "Clean All" in Xcode, delete the "build" directory
in the Finder, and rebuild your release target. For more information,
please consult
https://developer.apple.com/library/ios/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
Best regards,
The App Store Team
I tried everything I could find on the internet regarding this issue:
Checking over my certificates, provisioning profiles, recreating them, updating Xcode, building the project again, made sure I'm using a distribution certificate not an ad-hoc certificate, verified the code signing settings in Xcode were correct, verified the bundle was built using the Release target, tried the "Clean All" option, deleted the "build" directory in the finder and rebuilt the release. In short - I tried everything I could find by Apple regarding this issue, also looked up the same issue in StackOverflow and tried a huge variety of the recommended solutions. I tried all of those options multiple times over to make sure I didn't miss anything.
Nothing worked...
Also a note that I was able to upload to App Store without any problems before. There hasn't been any changes to the project which could result in this Invalid Signature issue arising - no certificates have expired, no new ones have been created, no new provisioning profiles have been created. The same profiles and certificates were used which worked just fine some time ago. iTunes Connect just suddenly started responding with this issue.
What else can I try?
I was sceptical at first when I tried this solution but this actually solved my issue.
Find a spare USB stick or an external hard drive.
If your Mac's filesystem is APFS format the external volume using a HPFS Mac OS Extended (Journaled) file system. Move your project over to the freshly formatted HPFS external volume and rebuild it over there. This is important as if you build it on your Mac's APFS volume and then move it over to your HPFS external volume to archive and upload in Xcode this will not work!
The project needs to be built, signed, archived and uploaded ON the HPFS volume.
The uploading to App Store should now work again. It worked for me, hope it works for you as well.
See more information on the solution here
Related
I am trying to deploy an iOS app Ad Hoc to an iPhone for beta testing. I've been developing the app on Windows VS, I have a Macbook air with all the necessary software (Xcode, VS, etc), and I have paired to it with VS on my Windows machine. I have also followed the following steps:
Created an Apple Developer account
Created an App ID with the bundle identifier as the same exact one as the one in info.plist
Created a signing certificate using my Macbook Air, downloaded it, and installed it into XCode
Created a provisioning profile with the App ID and the certificate, and made sure to include the device that I want to load the app onto.
Made sure everything above was set to "distribution" and "ad hoc" as needed.
Set Bundle Signing in my iOS project properties to Manual Provisioning, and selected the Signing Identity and Provisioning Profile to the ones that I created for this deployment.
Set the build to Release and the target to Remote Device
Ensured that the deployment target in info.plist was set to the highest available, which is 15.4, though my iPhone is at 15.6 (could this be the problem?)
Set the IPA Packaging Options to "Build iTunes Package Archive (IPA)"
Set "Include iTunesArtwork images and the iTunesMetadata.plist" to true in the same area
Successfully built the iOS project and produced a .ipa file
After all that, I've been trying to get the .ipa onto my phone, which is definitely the device I added to the provisioning profile.
I've tried two methods to do this, and both have failed:
Connecting my phone to my Windows machine and opening iTunes. Dragging the .ipa file onto the device. The app shows up on my phone, but when I try to open it, I get this error:
"This app could not be installed because its integrity could not be verified". Though it should have been.. The device is linked to the provisioning profile that was used to create the darn thing.
Connected my phone to my Macbook Air and accessed the device through XCode > Window > Devices and Simulators. I emailed myself the .ipa file and downloaded it onto the machine (the Microsoft docs explicitly state that emailing the .ipa should work just fine). In the "Intalled apps" section of the device, I clicked the little '+' and then pointed it to the downloaded .ipa. After a few seconds, it pops up an alert window that says "Unable to install *.iOS".
Other things I have tried since this has been a problem:
Recreating the above steps by re-registering my device, creating new certificates, downloading, installing, all that business.
Messing with the deployment target version.
Jumping out from behind the couch and startling it to make it do what it's supposed to.
I swear I'm done with Xamarin forever after this problem is solved, but all the headaches I've experienced have made me think twice about whether to even bother with .NET Maui haha thanks for any help you can provide
Firstly, the error This app could not be installed because its integrity could not be verified" may be caused by the proper certificate or the test devices are not visible in 'Devices' (UDIDs added) in developer.apple.com/account.I found two simialr issues, you can refer to them: link1, link2.
Secondly, have you follow this docs on how to generate the IPA file?
I have a CI build machine running Xcode server and using a bot to generate a build, however the .ipa built via the bot is not being entitled to register for the APNS token.
Specifically, didFailToRegisterForRemoteNotificationsWithError gets called and there is a runtime warning of ""No valid 'aps-environment' entitlement string found for application".
However if I build the app on a separte development PC, or I build it actually on the CI machine independently of the bot then everything is fine.
I've used push notifications extensively in several apps so know that the message "No valid 'aps-environment' entitlement string found for application" always appears if the app has not been signed with the correct profiles. However I have absolutely 100% confirmed that the app is being built with the same profiles when running as part of the bot build to when I build it manually.
I also know that Xcode downloads provisioning profiles to different locations when running under the bot to when running for a user, and I also know that the bot runs as system and not the logged in user when I build manually. I have taken all these differences into consideration but am still unable to get the bot build to work.
What's more I have used this exact same CI machine to previously build this app using Jenkins (which also ran as system) enabled for push and it worked!
These is what I have done/checked:
1)
Download the project manually to the desktop, open in Xcode and examine the signing identity and provisioning profiles being sued in the build settings. Build and run it manually using Xcode -> it works
Download the project indirectly via the bot as part of its integration run. Open the project downloaded by the Bot in Xcode (the Xcode server downloads it to: /Library/Server/Xcode/Data/BotRuns//Cache/NNNN). Do the same thing, check the signing identity and provisioning profiles. THEY ARE IDENTICAL to those used when I build on the desktop
OK so the problem is not due to a difference in the actual signing identity and provisioning profiles being used.
2) When you run Xcode manually it downloads the provisioning profiles to location X, but the Bot downloads the provisioning profiles to location Y. So I have examined the contents of X and Y to make sure there is nothing missing from Y (if there was the build would actually fail however, which it doesn't).
To make absolutely sure they are identical I have copied the entire contents of X into Y and run the bot again (they don't get overriden by the bot) - So now the bot and the desktop builds are using the exact same copies of the profiles yet still there is a difference when the .ipa executes.
Incidentally the location of X is ~/Library/MobileDevice/Provisioning Profiles and that of Y is / Library/Server/Xcode/Data/ProvisioningProfiles.
3) When I build manually it is as the logged in user, but when the bot build it is as the system. So within the keychain I have tried copying all the certificates and keys from the user's keychain into the system keychain. Yes still it makes no difference, the .ipa created by the build bot fails to run properly while the build created manually via Xcode does run.
This is driving me mad and has wasted days already, what else could I have missed or could try to resolve this?
Any suggestions or ideas?
I have found the exact cause, as to the reason behind the cause I don't know, thus I'm marking mine as the accepted answer as it is at least a workaround to anybody who encounters the same problem. I'm tempted to think the reason is due to a bug in the bot system which is mistakenly expecting there to be an entitlements file.
I've discovered that the reason the bot build fails is because the bot is not placing the aps-environment entitlement into the .app file even though that entitlement is within the embedded.mobileprovision. But XCode does insert it into the .app file if built manually or an archive is built.
Also I've found that I can force the bot to put the necessary entitlement and associated information into the .app file if I use an Entitlements.plist.
But this is using Xcode 5 - entitlement.plist files are a thing of the past, so it should not be necessary to use one just to force the bot to place the entitlement into the .app, hence why I suspect it might be a bot bug.
Are you tried to unzip your .ipa and check embedded.mobileprovision they should be the same. Also just for sure check that you not use developer profile to release build in bot/xcode.
Shooting in the dark:
Although you said that the provisioning profile works great when you are running the build manually, have you tried creating a new provision profile from scratch and use that on the CI build machine using the bot?
I've been browsing the internet for a solution to this issue and have found plenty of threads about the same problem, but there was either no solution found or the ones proposed didn't work.
I followed along with the tutorial linked in the iOS text file in the Air project template for FlashDeveop. Since I do not currently have an iOS device, I've been sending the IPA to a coworker to have him test it. When he attempts to load the application onto the iTouch, he gets an "app failed to install" with no further information on why it failed. Does anyone know what could cause this?
Here's what I've already done/checked:
made sure the app ID in the apple portal matched the ID in the application.xml
sent my co-worker the provision profiled used to create the IPA
tried the test targets (fast test, fast debug, etc) as well as an "ad-hoc" build
recreating the certificates
Its also worth noting that the app runs fine on my Android device, so I'm fairly certain that I've missed something in the certification process for iOS.
Yeah sounds like a provisioning problem. Make sure the UDID of all devices you are targeting are in each listed provisioning profile (Note: You will need to add any additional UDID's added to the developer portal again to any provisioning profile).
Although I strongly recommend using Testflight for your circumstance, makes sending an .ipa extremely easy. https://testflightapp.com/
Before Xcode 4.3, I used this method to submit applications to the app store:
-- Compile the application with the appropriate signing certificate which was configured inside the application's build settings
-- Distribute the application into the app store or clients using Xcode's built in submission process. When I was asked to select the signing certificate with which to sign the app, I always selected "Don't Resign".
However, the "Don't Resign" option does not exist in Xcode 4.3. Therefore, my application is resigned, and I always end up with an error saying that the code sign verification failed.
Is there any way around this problem?
I have found out that the compilation errors about code signing are due to a bug in Xcode 4.3. As many other have pointed out in Apple's developer forums, and myself, there are many cases where Xcode will complain about code signing your application if your application contains an image bundle! So, I remove the bundle with the images, and re-imported the images as separate files. I was able to compile the application for Ad Hoc this way, whereas it wouldn't compile with the bundle.
Also, as far as "Don't Resign" is concerned, I noticed that even if the application is already code signed in another step, Xcode 4.3 became smart enough to not re-sign the application with the same certificate, even if it appears to not give you the chance to not to! That's what I have verified with Ad Hoc builds. I will soon try that with production builds.
So, Xcode 4.3 became smarter in one way, and dumber into the other. Apple needs to fix this problem with the bundles, SOON!
Yes, there is a way. Before it used to default to whatever code sign it could find and auto-embed it into your apps. Right now its bugged.
To solve it, you would have to go through the steps of obtaining a new certificate and its private/public key. 3 step process:
Make sure you completely delete your old certs and keys by going to Applications > Utilities > Keychain Access. Then Deleting the certificates and private keys associated with your Developer account.
After deleting all that info head Here to generate a new certificate for your app. Download and import to your login keychain
3.In Xcode open your project. Head to your root project folder > targets > build settings and attach the new correct certificates to code sign your app correctly.
If you are unsure about the code-signing process. Either go here or go to the dev provisioning profile under distribution you have some (REALLY OUTDATED) examples to point your way
I've been trying for a weekend now to install my application via ad-hoc means for beta testing and demo purposes. I can install from Xcode just fine, but when I try and take the app file and place it into iTunes, then try and synch, I keep getting the error "The application was not installed on the iPad because it is not signed".
I have gone through all the steps. We went to the provisioning portal and added all the devices. We then downloaded a distribution provisioning profile and installed that onto the development computer. We created an Entitlements.plist file, though there was no get-task-allow attribute, so I had to add in my own. I cleaned the targets, restarted Xcode, built the application under the ad-hoc profile with the Entitlements.plist set for the Code Signing Entitlements.
I take the app file that's generated and drag it into the Applications area of iTunes, hit synch, and I get the error.
I know I am doing something wrong, missing a step, but it must be a convoluted, obscure step that Apple doesn't have in their documentation. So can anyone see the problem in what I'm doing? If you could, let me know. Thanks.
Ok. Yay. Figured this out after some more hair-pulling.
Apparently, the build you follow is important. I kept testing and building to the Simulator folder, and this is wrong.
To deploy to a device, you should clean all targets and then build specifically to the device. You don't have to run it or have something plugged in, but you must build to device. The APP that is produced is different for simulator as it is for device.
Did you set the "Code Signing Entitlements" build setting in your target to "Entitlements.plist"?