I've got the infamous
The executable was signed with invalid entitlements
error, and there have been other questions about it, but the message doesn't seem t have enough detail to fix it, or to explain the cause. It says
The entitlements specified in your application’s Code Signing
Entitlements file do not match those specified in your provisioning
profile
but which entitlements file, and which provisioning profile?
My app was fine, it's on the store, but one day I got this error and am completely stuck ever since. I don't know what I did!
My app has a main iOS app, a Now app, a watch kit app, and a watch kit extension, each with an entitlements file (I use an application group to share data). All the files have the same content. And of course, each of these targets have build settings with a code signing section. The provisioning profile is set to automatic on these. But which profile is it using?
Over time, various provisioning profiles have built up, some made by me, some made by XCode. I've got "XC" prefix ones for each target made by XCode, "iOS Team Provisioning Profile" ones, and ones I created and named. So I don't know which profiles are being used. When I set specific ones, it doesn't seem to help.
Finally when you look in the profiles, they say enabled services are "App Groups, Game Center, In-App Purchase", the first is necessary, the latter two aren't but seem to be automatic.
So. Where can I look for details about what is being matched against what, and what to change to fix this? It seems this error frustrates many, I hope Apple can add some details to this error. For example, didn't XCode, when you set the code signing settings to "Automatic" used to add which one it was using, like "Automatic (myapp development profile)"?
In your General if your bundle identifier and signing identity(Debug) and signing identity(Release) contains different provisioning profile then you get this error so make sure you have entered the same provisioning profile on both the places and always check yes to Automatically manage sigining
I want to distribute my app, but when I run it it shows me message:
The entitlements specified in your application’s Code Signing Entitlements file do not match those specified in your provisioning profile. (0xE8008016).
I already watch my distribution account and Capabilities in Xcode and
entitlements in them are the same. In what can be problem?
I also get this exception few times when I did something with provisioning profiles or capabilities, In my case its always in iCloudkit (xcode 6) issue, for some reason in app id (if you check in developer center) it assigned invalid or unwanted icloud containers to the app id. So i remove them and only added one correct container to fix this issue.
I had this problem recently, You will find many questions here with the same issue, check this question for the approved answer The executable was signed with invalid entitlements (iPhone build)
For me, I didn't do this. I tested the app on the device using the development certificate and the ad-hoc one, Then submitted it using the disruption certificate after making sure that there is nothing wrong with my certificates.
You probably need to check your Bundle ID value in both your .plist file and also here:
(This really is the most developer-unfriendly environment in use in 2016...)
As soon as I check "Use Entitlements File" in Xcode, I get the following error when I try to run my app on my phone:
The executable was signed with invalid entitlements.
The entitlements specified in your application’s Code Signing Entitlements
file do not match those specified in your provisioning profile.
I'm trying to get iCloud working, and it seems like I'm failing on step 1. I can run in the emulator, but not in the device I provisioned automatically through the organizer.
What am I doing incorrectly here?
First of all, you need to have specific provisioning for your App's ID, matching its bundle ID. Even if it's only for development, generic Team Provisioning cannot work to test iCloud.
If the App ID had been issued without iCloud enabled, and updated afterward, related Provisioning must be updated also.
Often, provisioning updating from Xcode's organizer fails to bring the right one. In this case, I suggest you to try to download updated provisioning directly from iOS Developer Website.
In my case, I have added inter-app capability in my iOS project and Xcode automatically suggested to add this permission in the app id (bundle id) in the provisioning portal and I did so. After this
I thought it was fixed since Xcode was showing tick marks for all under inter-app audio sections as follows
Add the "Inter-App-Audio" entitlement to your APP ID
Add the "Inter-App-Audio" entitlement to your entitlements file
Link AudioToolbox.framework.
Actually it was not fixed and I had to generate another distribution certificate with inter-app enabled and only when I signed with that distribution certificate I was able to install the app.
You Need to have Developer Certificate And Private Key in your keychain And Provision profile that have created must match with this Certificate.
I've been trying very very hard to create a simple simple iOS app which can recieve push notifications. My only reason for doing this is to establish a procedure for some other team members to use, and have not been able to find an up to date, working version of such instructions elsewhere on the web. Our shop is fairly new to iOS dev, I personally am completely inexperienced with iOS dev and Xcode. I've stumbled through tens of tutorials, articles, and trouble posts from Apple and elsewhere and I feel like I might be nearly there...
Here is where I've got to (note I'm using Xcode 4.3 and trying initially to deploy just to iOS 5.1, and I gather that some things may have changed recently vs earlier versions of Xcode, but again I'm new to all this -- and finding it completely confusing and convoluted):
1) I've got a provisioning profile on my iPhone which has Push enabled
2) In my test Xcode project I've got that provisioning profile selected as the signing identity (in Build Settings > Code Signing)
3) I've got my bundle identifier under Summary and Info > Custom iOS Target Properties set properly* (I think??)
4) I've got registerForRemoteNotificationTypes being called in my delegate's didFinishLaunchingWithOptions
5) I've got didRegisterForRemoteNotificationsWithDeviceToken and didFailToRegisterForRemoteNotificationsWithError in my delegate, set up to log the device token or error respectively
6) I've got Enable Entitlements checked under Summary.
7) Right below that the Entitlements File selected is Tinker6 (the name of my test project), which was generated automatically when I checked Enable Entitlements
8) In the Tinker6.entitlements file I've got the following (which I've gathered is correct based on several different posts all over the web, but which I can't find anything definitive from Apple itself on):
Updated
9) Also, I have tried the whole thing without an entitlements file, and get essentially the same result.
10) My mobileprovision file contents include entitlements properly (I've scrambled the number and domain but structurally the same):
<key>application-identifier</key>
<string>12355456A7.com.whatever.tinker</string>
<key>aps-environment</key>
<string>development</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>12355456A7.*</string>
</array>
/end update
When I attempt to run this on my device, I get the following error in Xcode output:
2012-06-11 12:45:23.762 Tinker6[13332:707] Failed to get token, error:
Error Domain=NSCocoaErrorDomain Code=3000 "no valid 'aps-environment'
entitlement string found for application" UserInfo=0x24a3b0
{NSLocalizedDescription=no valid 'aps-environment' entitlement string
found for application}
I've tried setting get-task-allow to NO, aps-environment to production, all four possible combinations, same thing.
How can I get past this? Where is definitive documentation on this?
-- further background follows --
*As far as the bundle id, I am still not clear on how this should be set in relation to App Ids and Profile ids in the Provisioning profile. In the Provisioning portal under App Ids I have this (again, scrambled the number and domain):
And the two places bundle id is set I have this:
I am not at all sure these are correct or whether one or both should be set to 12355456A7.com.whatever.tinker, though I've tried those earlier in the process with no success...
Note I realize there are many posts with similar titles, however they all seem to be out of date based on the file names and so-forth given, and the fact none of the solutions seem to be useful. I'm hoping the greater level of detail I've given will warrant a quality response. I will probably assign a bounty as soon as possible and if you give a high quality answer that leads to a solution I will award you the bounty as well as promote your answer via twitter and my blog. Especially if you crosspost post a really good "here are the exact 500 steps you need to get a simple push notification app working including provisioning and whatever else" article on your blog or whatever.
If you created your provisioning profile before configuring the app ID for push, try to regenerate the provisioning profile.
iOS Provisioning Portal -> Provisioning -> Your cert -> EDIT -> Make
an edit -> Download new provisioning
Worked for me. Now i'm able to use push.
First of all, you don't need the entitlements file unless you are adding custom key/value pairs that do not exist in the provisioning profile. When your app is built, any entitlements from the provisioning profile will be copied to the app.
Given that you still see an error message about missing entitlements, I can only assume the code signing options are not correct in the build settings.
You need to make sure the correct profile is selected for the "Debug" configuration, and to be safe, that you have selected the correct profile for both the "Debug" and child-node labelled "Any iOS SDK":
Although this screenshot shows the "Automatic Developer" profile selected, choose the exact provisioning profile you want from the drop down, just for testing purposes. It could be that Xcode is automatically choosing a different profile than the one you want.
Also be sure to do a clean build, completely delete the app from your device, etc. This is just to make sure you don't have some old fluff hanging around.
I have faced this issue in Xcode 8.
You must have to enable Target—> capabilities—> push notification.
Check the screenshot.
Easiest way is to do this from your accounts with Xcode:
Head over Xcode -> Preferences -> Choose Accounts Tab -> View Details -> Hit refresh button on the bottom left -> Done.
Build again and it should work.
Ok, I faced the problem before. Since push notification requires serverside implementation, for me recreating profile was not an option. So I found this solution WITHOUT creating new provisioning profile.
Xcode is not properly selecting the correct provisioning profile although we are selecting it correctly.
First go to organizer. On the Devices tab, Provisioning profile from Library list, select the intended profile we are trying to use. Right click on it and then "Reveal Profile in Finder".
The correct profile will be selected in the opened Finder window. Note the name.
Now go to Xcode > Log Navigator. Select filter for "All" and "All Messages". Now in the last phase(Build Target) look for the step called "ProcessProductPackaging" expand it. Note the provisioning profile name. They should NOT match if you are having the error.
Now in the Opened Finder window delete the rogue provisioning profile which Xcode is using. Now build again. The error should be resolved. If not repeat the process to find another rogue profile to remove it.
Hope this helps.
The answer was: start over, do everything the same but create a new provisioning profile, and install it. That worked. Inspecting all the details (entitlements in mobile provision) looks exactly the same as everything in my question here. But now it works. Apple: WAT?
Of course, it would have been obvious to do this if it was possible to delete provisioning profiles. But since that's not possible, I didn't want to clutter our team with a bunch of test profiles. Still, finally lost patience and tried it anyway, and it ended up working. Whatevs.
Delete old provisioning profile from XCode in Organizer.
Then, generate a new provisioning profile for the same bundle id in iOS provisioning portal (after you have enabled push).
Import the new provisioning profile in XCode, set it in your app build settings.
Build, run, it works.
I just did it.
It took me 10 minutes from error to success.
XCode 6.1.1, and multiple apple developer accounts
Another answer for this already fairly comprehensive mix: I came across this issue again today, and this time it was due to my having multiple apple accounts. I needed to first add the 2nd developer account in XCode > Preferences > Accounts > +
Ensure that the Push Notification Capability is ON
Next I needed to actually explicitly enable In-App Purchase in the app (I did not need to do this previously). XCode > (the app window) > Targets > Capabilities > In-App Purchase ON (and at this stage I was given the option to choose the correct certificate)
Note that I had already added the Push enabled certificate by double clicking it in Finder.
(Xcode 5) Well, after spending an hour I solved my issue. Even if you re-generate the provisioning file in Xcode 5, you should manually update your account. I only changed provisioning file in the Organizer tab that did not work, Xcode kept build with old provisioning file.
So go to
Xcode > Preferences > Accounts > View Details (Select your account)
Then refresh your provisioning files.
My problem was simply that I was signing with the Xcode-managed wildcard provisioning profile.
After I created an app-specific profile (and downloaded it, double-clicked it, and ensured my Build Settings referred to it), I successfully received an APNS device token.
I had the same issue was everyone else and tried all the above tricks, nothing worked. I even deleted and started fresh with a different developer account.
What worked for me in the end was
Do as suggested above and create APP ID
Then create provisioning profile
DO NOT use the team wildcard profile (managed by xcode one) in the development section of the provisioning. You need to make a separate one using that app ID that you've made push notification active for. This way when you develop it will have the push notification function built in.
I don't know if you can enable that for a wildcard app, but after trying at least 12 different suggestions and losing a few days I hope this helps someone
You mention a provisioning profile but I don't see any mention of an Apple Push Profile.
To use Push you must have a push profile (there are two, one for development and one for release). After you've created it you'll need to make sure it contains the relevant certificates (see the EDIT section below).
This is an excellent tutorial that will walk you through all the steps:
http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12
It would take me, or anybody else, hours and hours to write a thorough detailed answer like this tutorial, so I'm not going to attempt to, nor lay claim to the bounty when this tutorial already exists.
P.S. I believe you don't need entitlements any more, this is a legacy thing.
EDIT:
You should also check you have the necessary profiles on the device - go to the settings, then general, profiles, check your profiles are listed, especially the push profile of course.
You can also check this from the Organizer section of XCode. In Organizer there are two sections that say Provision Profiles - one at the top left in Library (this is the profiles in XCode that you use to sign etc.) Also you will see a section call Provisioning Profiles for the device that is connected, this is the profile that is installed on the handset.
If you don't have them installed on the handset you can download them from the provisioning portal website, then click on the Add button at the bottom of the Organizer window.
While in the provisioning portal you should also check that the Apple Push Profile includes the certificates:
- click on Provisioning on the left hand menu
- you'll see a list of your profile, select to EDIT the Apple push profile
- you'll see a certificates section, with a list of developers or testers etc. you have in your project, make sure the check box is checked for them.
- you'll also see a devices section, make sure the device you are testing on has been added.
If you have any old profiles in XCode or on the device delete them and download/refresh/install all the new profiles from the provisioning portal
Ran into this same issue myself. For me, the issue was that my product name ($TARGET_NAME) was not capitalized the same way presented in the certificate provided by apple. For example, i had com.companyid.APNDemo whereas the Apple cert was using com.companyid.apndemo.
I changed my target to be lowercase and it worked. Note: The clue for me was the codesigning setting in Build Settings was set to my default developer certificate; not the APNTest provisioning profile.
A lot of the above answers are correct. However, there seems to be more than one possible error when dealing with this.
The one I had was a capitalization issue with my App ID. My App ID for some reason wasn't capitalized but my app was. Once I recreated the App ID with correct capitalization, it all worked smoothly. Hope this helps. Frustrating as hell though.
P.S. if it still doesn't work, try editing the Code Signing Identity Field manually with "edit". Change the second line with the name of the correct provisioning profile name.
It took me hours to solve it. Given that someone is using custom scripts to sign and pack while others are using xcode itself, there's only one way to check what ended in your app. Dump you entitlements with
codesign --display --entitlements :- path/to/MyApp.app
and check aps-environment and application-identifier.
This error may occur when your certificate has expired.
The solution is to renew certificate and sign the application with it.
You need to make sure you have in your provisioning profiles (https://developer.apple.com/account/ios/profile/) an iOS Distribution profile.
When you upload from xCode to the App Store, make sure you have the aps-environment in the entitlements. If not, download them from the View Accounts -> View Details -> Download All.
I had a similar issue. I've been bouncing between XCode 7 and 8 for a variety of reasons. Once you use 8 to build, you will need to use 8. I simply used Xcode 8 and applied some of the changes suggested above and it worked.
recreating provisional files fixed my all problems.
There seem to be something quirky with the 'automatic' entitlements in Xcode 4.6.
There is an Entitlement.plist file for each SDK at:
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS6.1.sdk/Entitlements.plist
A workaround solution I came up with was to edit this file and add the sneaky aps-environment key manually like so:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
<key>aps-environment</key>
<string>development</string>
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
</array>
</dict>
</plist>
Then, Xcode is generating correct Xcent file, which contains the aps-environment key at:
/Users/mySelf/Library/Developer/Xcode/DerivedData/myApp-buauvgusocvjyjcwdtpewdzycfmc/Build/Intermediates/myApp.build/Debug-iphoneos/myApp.build/myApp.xcent
You can locate where your Xcent file is created using Xcode's Log Navigator,
look for "ProcessProductPackaging".
Unfortunately, this is the only way I found that fixes the issue.
(and finally able to properly get push token now)
Just wondering if another more elegant solution is available.
Please see my SO question for more details on that:
Xcode 4.6 automatic entitlement not working - "no valid aps-environment"
Before deleting and regenerating AppIDs/Profiles, make sure your Library and Device have the same (and correct) profiles installed.
I started seeing this error after migrating to a new computer.
Push had been working correctly prior to the migration.
The problem was (duh) that I hadn't imported the profiles to the Xcode library on the new machine (in Organizer/Devices under Library->Provisioning Profiles).
The confusing part was that the DEVICE already had the right profiles and they showed up as expected in build settings, so everything looked correct there, but the XCode LIBRARY didn't have them, so it was signing the app with...???
This was what fixed it for me. (I had already tried toggling the capabilities on/off, recreating the provisioning profile, etc).
In the Build Settings tab, in Code Signing Entitlements, my .entitlements file wasn't link for all sections. Once I added it to the Any SDK section, the error was resolved.
I tried out all the answers listed here but no one solved my issue. In my case this error is due to my silly mistake in Appid creation. I used Wildcard App ID instead of using Explicit App ID caused the problem
If you want an application to receive remote notifications(push notification), then you need to use an Explicit App ID, such as com.tutsplus.push, instead of com.tutsplus.*
Please find the ScreenShot,
All you need to do is, add one key in .Entitlements File.
APS Environment this key needs to be added and value should be Developement or Production as per your purpose .
Kindly check uploaded image
Have created an app-id as normal.
Then created an app-store distribution profile...as normal.
Set up the game in itunes connect
Installed the profile
Built the game with GS...all goes fine.
But when I upload my binary is rejected with that error : Invalid Code Signing Entitlements
Invalid Code Signing Entitlements :
The signature for your app bundle contains entitlement values that are not supported. For the com.apple.developer.ubiquity-container-identifiers entitlement, the first value in the array must consist of the prefix provided by Apple in the provisioning profile followed by a bundle identifier suffix.
The bundle identifier must match the bundle identifier for one of your apps or another app that you are permitted to use as the iCloud container identifier.
Specifically, value "(my team bundle seed id is here).*" for key "com.apple.developer.ubiquity-container-identifiers" in basejumpxl is not supported.
Really not sure what I have done wrong...as I have done this loads of times, and never had this issue
Anyone point me in the direction of what my obvious mistake might be??
I finally successfully submitted the app, and it's now "Waiting for Review" status.
The problem is with the new "Enable for iCloud" configuration in App ID's.
Here's what I did to fix it. Hopefully this will help anyone who's having this issue.
In iOS dev portal:
Save yourself some time and just go ahead and delete the provisioning file you previously made for the new app you're trying to submit. (you may have luck by simply renewing it, but probably not.)
Go to your App ID, and click on configure. Once in configure, UNCHECK "Enable for iCloud" and click "DONE". iCloud configuration is what's causing the error. (This option had disappeared earlier, but is back again.)
Make a brand new provisioning file for Appstore distribution, and select the proper app id.
Download this new provisioning file.
Add this newly downloaded provisioning file into Xcode's organizer. Easiest way is to just drag and drop the file overtop Xcode's app icon.
Re-publish your game in Gamesalad, making sure to choose the NEW provisioning file you just created. (I went ahead and deleted the problematic provisioning file so I didn't get confused and accidentally choose the wrong one when publishing.)
Re-submit through Application Loader.
Hope this helps. :)