Resigned IPA is not verified correctly by codesign - ios

I have an IPA file exported for development and I want to sign the IPA file using a valid enterprise certificate. Actually, I have gone through all the steps mentioned here amd here and used various available tools such as ota-tools and iResign to sign the file.
The app is actually a very small swift app and only uses app groups and key-chain sharing capabilities and is developed by members of my enterprise team using the App ID and team identifier that we have defined using Xcode in our enterprise account.
I have done the resigning process without any problem and the app is installed successfully on my iPhone. But it immediately crashes upon startup.
So, I doubted the resigning process and did some checks. I tried to check the resigned IPA file using 'codesign -v' command but it says "code object is not signed at all".
I also unzipped the IPA file did all the code-signing on the main app and Frameworks folder but still head no luck with codesign verification. it still says "code object is not signed at all".
I would appreciate if someone can help me with this problem.

I'm having the same problem where the app won't start after resigning and installing. Did you have any success resolving this problem?
About the codesign verification, if you've successfully installed the app on the phone that means that the resign is OK. Also you should run the 'codesign -v' command on the .app itself in the ipa file, because that's the file you're actually signing, the ipa is just a zip you create after the resigning.

I had the same problem (resigned app crashed on launch). I figured out that this happens only for IPAs with embedded bitcode.
Removing bitcode support from project settings (ENABLE_BITCODE = NO) fixes the problem.
I understand that this is limitation, for this reason I opened an issue on fastlane sigh (the main tool I use for resigning) on Github.

Related

Is entitlement.plist file required while re-signing a development IPA with distribution certificate and profile of same account?

In my organization, the distribution certificate and app store provisioning profile are located and installed on a Mac machine present inside a Lab environment to which only a lab manager has access to.
For me to upload an app's IPA to app store, I need to archive a development IPA (using dev cert and profile in Release configuration mode) on my local Mac and then send across this IPA to the lab manager.
The lab manager uses a python re-signing script to re-sign the IPA on the lab Mac.
Do I also need to explicitly send a entitlements.plist file along with the IPA. My app does not use any capabilities as of now, not even Push Notifications. All Capabilities in Xcode are Off and on developer portal also the app identifier has Game Center and In-House Purchase as checked by default under the Capabilities.
I am assuming since it is the same Apple account using which lab manager will be re-signing the IPA and the app store profile present on the lab Mac contains its own entitlements, I do not need to send an explicit entitlements.plist file. Also, I assume the app will not get rejected in review.
Are these assumptions correct? Thanks in advance.
You can not magically attach an entitlements file during export; it has to be there during archiving. But you do not find out whether you got it "right" (in Apple's eyes) until distribution time.
So a situation where archiving happens in one place and exporting happens in another is not going to be a happy one.
I would describe this entire situation as unacceptable. I have had many occasions, just working on my own machine, where I was able to archive but then unable to upload to the app store or TestFlight because of an entitlements issue. And often there was no "real" issue: I just needed to do a bunch of goat sacrifices and fooling around with the settings (e.g. turn entitlements on and off). The point is, you don't know there's an issue until you export — and then to find out whether you fixed it you have to build / archive again.
1) Entitlement plist can be given while resining an ipa like below but this is optional.
codesign --entitlements entitlements.xml -f -s "IDENTITY" Payload/<app_name>.app
Please refer How do I resign app with entitlements?
2) To resign an ipa, you can follow below procedure (without giving Entitlement).
Requisites:
Distribution profile
Distribution certificate
Assuming Distribution profile stored in Desktop ~/Desktop/AdHoc.mobileprovision
Procedure :
1) unzip ipa using following command,
unzip app.ipa
2) When you unzip it You will have as an output a directory called “Payload”.
3) remove _CodeSignature file from unzipped folder “Payload” as below
rm -rf Payload/MyApp.app/_CodeSignature/
4) Rename distribution profile which is stored in Desktop to embedded.mobileprovision
5) Copy distribution profile(embedded.mobileprovision from Desktop) to Payload/.app
cp ~/Desktop/AdHoc.mobileprovision Payload/MyApp.app/embedded.mobileprovision
6) Resign using below commands,
codesign -f -s “IDENTITY” --resource-rules Payload/MyApp.app/ResourceRules.plist Payload/MyApp.app
7) Zip payload to form an ipa as below
zip -qr <app_name>.ipa Payload/

Can`t debug iphone apps with on xcode

I can`t debug apps on my test device.
Error says,
A valid provisioning profile for this executable was not found.
I created the distribution provisioning file for App store.
Then on xcode, changed the build configuration to Release.
But above error shows.
When I debug with Debug mode, it works.
Could someone help me with this problem?
The type provisioning profile that you need to 'directly' run on your device is called 'Ad hoc'.
Not sure it still is the only way today but before you had to put the .ipa in your itunes and synchronise to install the application.
Nowadays, I find it is easier in the long run just to upload the 'appstore' builds to itunes connect build and enable testflight instead of the 'ad hoc' way

Xcode's Bot always returns error

I got an issue with Xcode's Bot. It always returns the "User canceled the operation. Command /usr/bin/codesign failed with exit code 1" error string after running the command below:
/usr/bin/codesign --force --sign <MY_PRIVATE_KEY> --entitlements /Library/Developer/XcodeServer/Integrations/Caches/2cdd321641e8c114e4eba9819b017479/DerivedData/Build/Intermediates/MyApp.build/Debug-iphoneos/MyApp.build/MyApp.app.xcent /Library/Developer/XcodeServer/Integrations/Caches/2cdd321641e8c114e4eba9819b017479/DerivedData/Build/Products/Debug-iphoneos/MyApp.app
I can run this command in Terminal with sudo. I'm using Xcode 6.3.1 and OS X Server 4.1.53 in my Mac 10.10.4.
Thank for your help.
This looks like a code signing error. There are a few different reasons for this to happen so you will need to do some troubleshooting. Can other bots build on your server? If so then its probably a build settings issue in this specific project.
In the Xcode Project go to the Project Target that your trying to build, and then Build Settings, and Code Signing. Under the Provisioning Profile you can either choose Automatic or explicitly choose the correct provision, and then under the Code Signing Identity choose iOS Developer. This is probably where your issue is if its related to the project. Do you have a proper provision setup for the project on the Apple Developer Portal?
If you can't get any bots to run on your server then the issue could be with how you set up Xcode Server. Have you added the server to your team? Here is the blog post that I used to get mine up and running, although you don't need to do all of those steps in the post. Focus specifically on the Setup Certificates section and Setup Provisioning Profiles section.
I fixed the issue by copying the missing provisioning file from my local directory "/Users/phuongle/Library/MobileDevice/Provisioning Profiles" to "/Library/Developer/XcodeServer/ProvisioningProfiles". Do not use the downloaded provisioning file from developer.apple.com directly.
I just want to note here for everyone having the same issue with me.

Cocoapods/ CrittercismSDK causing App Submission Error: ITMS-90035

I am trying to upload an app to Testflight using XCode 6.3. However, on trying to validate the app, it is giving me the error message below:
I have tried regenerating the certificates and provisioning profiles without having any success.
ERROR: ERROR ITMS-90035: "Invalid Signature. Code object is not signed
at all. The binary at path [VirtualMechanic.app/dsym_upload.sh]
contains an invalid signature. Make sure you have signed your
application with a distribution certificate, not an ad hoc certificate
or a development certificate. Verify that the code signing settings in
Xcode are correct at the target level (which override any values at
the project level). Additionally, make sure the bundle you are
uploading was built using a Release target in Xcode, not a Simulator
target. If you are certain your code signing settings are correct,
choose "Clean All" in Xcode, delete the "build" directory in the
Finder, and rebuild your release target. For more information, please
consult
https://developer.apple.com/library/ios/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html"
That dsym_upload.sh script does not belong in the app bundle as it's the script that is run as part of a Build Phase that is used to upload the debug symbols to Crittercism.
Find the Build Phase that is copying it into the app bundle and remove it, however please note that it will still need to be run within a Build Phase.
Here's the official Crittercism Support Article related to the issue which recommends upgrading the pod to version 5.2.0.

Entitlements are not valid sencha touch 2 native packaging

I am new to sencha touch and developed a small test app using sencha touch 2 and generated a
native package for i-os and it's working fine with the emulator but when i tried installing it
on the device it's falling in installation with the message entitlements are not valid. I have
generated the certificate from apple official site and also have the provisioning profile
for the same then why the installation fails?
Is there any way to specify the i-os version in packaging for which i have to develope the app
The same test app i have package for android device it's working fine.
Please help me any one.
Thanks in Advance!
Try this:
codesign -f -dvvv -s "iPhone Developer" /path/to/YourApp.app
where 'iPhone Developer' is a substring of the certificate in your keychain to use. Then try to load the .app file to your iPhone.
Also, make sure you don't have an expired certificate in your "My Certificates" section in your keychain. I had one and it was causing my builds to fail.
Let me know if this helps or not.

Resources