An app signed with a codesign version provided on an older macOS, like Catalina (10.15) will not run on iOS 15 because the lastest version you can install is Xcode 12.4.
Xcode 12.5 seems to change the behavior of codesigning. When installing you get the error message:
The code signature version is no longer supported
Is there a workaround?
Notice
This answer is mostly for people using older versions of Xcode. My build farm was for a time stuck at Xcode 12.4 because some Mac minis couldn't be upgraded past Catalina. If you are using a recent Xcode 13+ this is not your issue. Probably cruft of some kind in your project.
If you're still using an Xcode 12 release it is time to let go. The only reason to use 12.4 would be because you're stuck on Catalina and new problems are cropping up that will not be worked around so easily.
codesign --generate-entitlement-der
Apple has changed the codesign signature to include DER encoded entitlements in addition to the plist encoded entitlements. This additional DER encoded entitlements section is required in iOS 15 and becomes the default behavior of codesign in the latest Xcode. To use codesign on an older machines with an older version of Xcode add the --generate-entitlement-der flag to your call to codesign.
If signing through Xcode, you can add this flag to the OTHER_CODE_SIGN_FLAGS setting in the Build Settings tab.
If codesigning at the command-line:
CODESIGN_ALLOCATE=$( xcrun --find codesign_allocate ); export CODESIGN_ALLOCATE
xcrun codesign --generate-entitlement-der ...
The source of this information was the Apple Forum thread and the answer from Matt Eaton in DTS at Apple.
In the Xcode 12.5 Release Notes there is also a reference to the new signature format. However, it seems the information is not entirely correct.
General advice
If you have a non-trivial setup like CocoaPods, you should probably de-integrate and re-integrate and of course do a project clean. These sorts of 'me too' answers really just add noise to the signal and anyone doing this sort of development should have already tried this.
Here are some visual directions to #CameronLowellPalmer's answer.
I got the steps from
#WayneHenderson's comment underneath the accepted answer.
Follow the red arrows steps 1 - 11 (there is no 8, I made a mistake and went from 7 straight to 9).
The most important thing is step 4, make sure to select All or you won't find the Other Code Signing Flags options.
For step 5 just enter Other Code Signing Flags into the search container.
Steps 9 - 11 is where you enter --generate-entitlement-der
You will need to add the --generate-entitlement-der to your OTHER_CODE_SIGN_FLAGS under Build Settings.
Xcode > Target > General
Section "Embedded Framework, Libraries and Embedded Content"
Set all frameworks in the Embedded field to "Do not Embed"
For people who use Xcode13 like me, the problem may not be because of the code signature of our apps (To check the code signature of apps, see https://developer.apple.com/documentation/xcode/using-the-latest-code-signature-format), but due to the code signature of one of the dependencies, and removing the dependency solves the problem.
In my case, I remove the dependencies one by one, and eventually found that the culprit is FirebaseAnalyticsOnDeviceConversion. remove dependencies
I have spent 2 days to find this issue, Finally i got the solution here from the person Lance Samaria. I would like to share it.
Target-> Build Settings -> Other Code Signing Flags
Add this code --generate-entitlement-der to both Debug and Release
After that Go to Target-> General->Frameworks, Libraries, and Embedded Contents -> Change to "Do not Embed"
Also I renewed Provisioning Profile and IOS Distribution Certificates.
Now Clean Build Folder and Run Your Project.
Thank you so Much for Lance Samaria
I want to share my solution. This worked for me using XCode 12.3, macOS Catalina, and tested using Adhoc distribution.
Build, archive, export ipa as usual using XCode.
Now you have the IPA file, then rename it to zip extension. (make a backup if needed)
Extract it. There should be a Payload folder.
Open terminal, cd to your IPA directory, then run command:
codesign -s "CERTIFICATE_NAME" -f --preserve-metadata --generate-entitlement-der ./Payload/YOUR_APP.app
CERTIFICATE_NAME is your certificate name located in keychain. It maybe looks like this: Apple Distribution: XCompany (XXXXXX)
YOUR_APP is your .app file name located in Payload folder.
This warning showed up, I ignored it.
Warning: default usage of --preserve-metadata implies "resource-rules" (deprecated in Mac OS X >= 10.10)!
Then run zip command:
zip -ru myapp_resigned.ipa Payload
Done. You can redistribute the new IPA.
After testing all solutions, Only one worked for me. Because XCode adds sign signature automatically when you add Framework, Any Framework that needs to Embed & Sign should remove, and add again. Xcode will add the new sign signature automatically.
Go to YourTarget>Frameworks, Libraries, and Embedded Contents.
Remove all frameworks that are Embed & Sign, except CocoaPods.
add removed frameworks again and set to Embed & Sign.
check that pods framework set on Do Not Embed
Now clean and run your app on your device.
What helped in my case was pod deintegrate and pod install. That's all.
I had this problem with the newest Xcode version (13.4.1). As the installation on an iOS device actually stoped working out of nowhere (it did install successfully 10 min ago before I downgraded one dependency), I doubted the proposed solutions relate to my problem.
Just my two cents.
As pointed out in other responses, now to sign ios app (compatible with ios and ipados 15) with codesign command on MacOS prior to Big Sur add the --generate-entitlement-der flag. I can sign my app with Xcode 10.3 using this python 2.7 (tried both on MacOS Mojave 10.14 and MacOS Catalina 10.15) snippet code:
from fabric.api import local
local('cp %s "%s"' % ("/path/to/embedded.mobileprovision", app_full_path))
local('xattr -rc %s' % app_full_path)
local("codesign -f --generate-entitlement-der -vv -s \"%s\" --entitlements \"%s/Entitlements.plist\" %s" % (
env.code_sign_identity, app_full_path, app_full_path)
)
Output example log:
[localhost] local: cp /path/to/embedded.mobileprovision "/path/to/Payload/appname.app"
[localhost] local: xattr -rc /path/to/Payload/appname.app
[localhost] local: codesign -f --generate-entitlement-der -vv -s "iPhone Distribution: COMPANYNAME S.p.A." --entitlements "/path/to/Payload/appname.app/Entitlements.plist" /path/to/Payload/appname.app
/path/to/Payload/appname.app: replacing existing signature
/path/to/Payload/appname.app: signed app bundle with Mach-O universal (armv7 arm64) [com.name.reverse.dns]
Some additional tips...
MacOS keychain should contains the Apple certificate used to create the mobile provisioning profile, which is also utilized to distribute the app we’re signing. You can check it using the command security find-identity -p codesigning:
$ security find-identity -p codesigning
Policy: Code Signing
Matching identities
1) AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA "iPhone Distribution: COMPANYNAME S.p.A."
...
13) CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC "iPhone Developer: Name Surname (DDDDDDDDDD)"
13 identities found
Valid identities only
1) AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA "iPhone Distribution: COMPANYNAME S.p.A."
...
13) CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC "iPhone Developer: Name Surname (DDDDDDDDDD)"
13 identities found
After the ipa zip archive creation, you can use the Gem ipa_analyzer (https://github.com/bitrise-io/ipa_analyzer) to verify if the app is correctly signed:
$ zip -9 -y -r /path/to/appname.ipa /path/to/Payload
$ gem install ipa_analyzer --user-install
$ PATHAPP="/path/to/appname.ipa"
$ ~/.gem/ruby/2.6.0/bin/ipa_analyzer -i ${PATHAPP} -p --info-plist --prov | grep -E "ExpirationDate|CFBundleIdentifier|DER-Encoded-Profile"
"DER-Encoded-Profile": "#<StringIO:0x00000f0000000008>",
"ExpirationDate": "2022-09-18T12:15:25+00:00",
"CFBundleIdentifier": "com.name.reverse.dns",
...
Here a complete output example.
As additional references about this issue, you can read also this Apple documentation page and this Apple forum post.
EDIT: this procedure it's working also with MacOS Monterey (version 12.6.1) and Xcode Version 14.1 (14B47b).
The following changes solved my problem
Go to Project Target and select General
Scroll down to Frameworks, Libraries, and Embedded Content
Turn any Embed & Sign to Do Not Embed
My issue was I was using custom framework, and when I embed it in my app. it showing me error
The code signature version is no longer supported.
i spend whole day to struggle with it. Finally resolved it by adding user-defined settings. In new Xcode 13 which supports arm 64
Project target->Build Settings-> + sign to add user define setting and add a setting. then add VALID_ARCHS as a field under this add the value $(ARCHS_STANDARD). Automatically it will convert it arm64 arm 7.
see the attached image for more reference.
When nothing else works, try turning your device off and back on again. Strangely this finally fixed it for me.
My issue was I was using custom static framework target, and I embed it in my app, Finally resolved it by don't embed it or change static to dynamic framework target
Maybe it will help somebody one day, but the solution for me was connected with the pods and their framework.
When I switched settings to Do not embed everything worked.
On an inhouse Mac Mini we previously had a configuration where we could build our software (mostly in C) so it could be used on devices with ARM chips running iOS. The build used makefiles that invoked a gcc binary that was present within a /Developer hierarchy. I'm told this /Developer hierarchy was from an old version of Apple's Xcode tool.
Recently we had a contractor upgrade this Mac Mini to OS X v10.10.5. Sorry, I can't remember what older version of OS X it was running before. This upgrade wiped out the /Developer hierarchy. I tried copying the /Developer hierarchy from the backup disk that the contractor created, but attempting to do the same iOS for ARM build using it fails under the newer OS X; I get a "no assemblers installed" message.
The contractor suggested installing Xcode v7.2.1, which is the most recent version of Xcode that can work with OS X v10.10.5. We did this install, but the hierarchy for the newer Xcode (now in /Applications/Xcode.app/Contents/Developer) doesn't seem to include a cross compiling version of gcc that can run on OS X on x64 but produce code for iOS on ARM.
The contractor suggested trying the build with the regular /usr/bin/gcc and specifying the same qualifiers (e.g., -isysroot) that were used before, obviously adjusted for the newer Xcode hierarchy. I've tried that, but I'm now getting the error message in the title as soon as the build tries to create dynamic libraries.
So it appears I need some kind of cross compiler to complete this build. I'm afraid I'm something of an Apple novice. How can I obtain a proper cross compiler for this build?
I have been developing an app and using Apple's new Testflight to distribute the beta. After every successful upload, I received a follow up email from Apple informing me that my binary lacked 64-bit support. However, RubyMotion has supported 64-bit as of 9/13 and has built 64-bit by default since 3.0. I have confirmed that my binaries are missing 64-bit support. What gives?
Turns out that setting your deployment target to less than 7.0 builds a 32-bit binary. After setting it to 7.0, it successfully built a 32-bit and 64-bit binary. You can check which architectures are contained in your binary by using the file command:
$ file ./build/iPhoneOS-7.0-Development/APPNAME.app/APPNAME
./build/iPhoneOS-7.0-Development/APPNAME.app/APPNAME: Mach-O universal binary with 2 architectures
./build/iPhoneOS-7.0-Development/APPNAME.app/APPNAME (for architecture armv7): Mach-O executable arm
./build/iPhoneOS-7.0-Development/APPNAME.app/APPNAME (for architecture arm64): Mach-O 64-bit executable
I have just updated my OSX to Yosemite, then I ran into an error when submitting a new build to TestFlight with the TestFlight desktop app.
error: /usr/bin/codesign --force
--preserve-metadata=identifier,entitlements,resource-rules --sign 2c30db522ceda29332f9f85951addff0276e0de1
--resource-rules=/tmp/sesLW20J9I/Payload/MyApp.app/ResourceRules.plist /tmp/sesLW20J9I/Payload/MyApp.app failed with error 1. Output:
Warning: usage of --preserve-metadata with option "resource-rules"
(deprecated in Mac OS X >= 10.10)! Warning: --resource-rules has been
deprecated in Mac OS X >= 10.10!
/tmp/sesLW20J9I/Payload/MyApp.app/ResourceRules.plist: cannot read
resources
Anyone has got an idea?
OK, finally I find a solution to this issue. It seems that the resource rules file is not generated by default in XCode 6.1.
To generate the resource rules file as before, go to project setting, search for
Code Signing Resource Rules Path, and set its value as
$(SDKROOT)/ResourceRules.plist
After this change, rebuild your target, TestFlight desktop app will work as before.
The app has not been updated to work on Yosemite (and I doubt it ever will because it was developed before Apple acquired TestFlight iirc and Apple has integrated the uploading process into Xcode.
I have a Mac Pro that I usually build and sign my apps on for distribution outside of the Mac App Store (signing is required for Mountain Lion machines that have Gatekeeper even if it isn't an app store app).
I sign the applications in Terminal, and it works fine on the Mac Pro, so I went to create another Developer ID Application certificate for a Mac Book Air, successfully created an installed the certificate, but I'm completely unable to sign any apps on the air still. I keep getting the error:
object file format unrecognized, invalid, or unsuitable
The problem is that I can take the built .app file that was built on either machine and successfully sign it on the Mac Pro. If I take a .app file built from either machine and try to build in on the Mac Book Air I receive this error. I'm not getting any errors about the certificate.
Just so it's here, I use the following two lines to sign the app (which I copy to an "App" folder on my desktop):
cd ~/Desktop/App
codesign -f -v -s 'Developer ID Application: [company name]' '[appname].app'
I've checked in Keychain access and the certificates show up nearly identically on both machines. Both computers are running 10.8.3. I can't really see what the difference is that is preventing the MBA from signing the app.
Thanks for any help!
The Mac Book Air did not have extra Command Line Tools installed, which is what caused the problem. I needed to have Xcode 4.4 (or newer) and go to the Preferences Window > Downloads section and install the Command Line Tools from there for the code signing to work properly.