I've developed my first App with Flash CS6 and not with Xcode. the App was tested on actual Iphone 4, 4s and 5 devices. it's bug free and ready for distribution. I've created both distribution certificate and provisioning profile. Both are applied in the publish setting in Flash CS6 and made sure in the deployment I've selected Deploy for App Store. now to upload the App to the app store i've already did all what is needed to be done in Itunes Connect and the status over there is "waiting for upload". to upload the app I'm using the Application Uploader that's included in the package of Xcode. So I've created the required Archive.zip and proceeded to the upload and get the following error:
Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate.
what did I miss? Please help! thanks :)
Thanks for your comment. I've actually found the solution that might help others in this situation. here are the steps that i've done:
I went to Xcode and created a fake project. it automatically generates a .plist file and i've erased the content and replaced it with this:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>5GJX4765WZ.com.bobjt.largeimagesupport</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>5GJX4765WZ.com.bobjt.largeimagesupport</string>
</array>
</dict>
</plist>
Next I've opened the terminal and used this commanded to replace the old .plist that flash created with the new one:
codesign -f -s <your code signing identity> --resource-rules ./Payload/MySampleApp.app/ResourceRules.plist --entitlements ./MyEntitlements.plist ./Payload/MySampleApp.app
at this point it should replace it and if by any chance you encountered an error that states invalid file format... Make sure to download the latest Xcode and type this command :
export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/usr/bin/codesign_allocate"
and that's it :) cheers to all
Related
I know this has been asked a hundred thousand times, but after 3 hours none of the answers have provided any solution to my issue.
I recently changed an app I'm developing from ad-hoc distribution to enterprise distribution. I also updated to Xcode 7.1 this morning (although I'm not sure if it's related). With nothing else changing in my application, whenever I try to compile the application now and install it on my device, I get the error that the Code Signing Entitlements file toes not match the entitlements in the provisioning profile.
My entitlements:
$ cat GoDriver/GoDriver.entitlements
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>aps-environment</key>
<string>development</string>
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)com.rudylimo.GoDriver</string>
</array>
</dict>
</plist>
The App ID on the developer portal:
And my apps capabilities:
I've attempted to run the app on 2 devices and a simulator and it will only run on the simulator.
EDIT:
After some more testing, if I remove the aps-environment row from my entitlements file, the app builds and installs properly (but without push notifications working).
I'm having so much problems with Enterpsie Distribution on iOS 8.1.3.
I managed to fix MOST of my installations which were giving this error:
Ignore manifest download, already have bundleID
with this answer: https://stackoverflow.com/a/25948839/517688
Which basically tells you to fake the bundleID on the server manifest.plist.
But on some of my test devices I'm getting a new error after the change:
Error Domain=MIInstallerErrorDomain Code=63 "Application is missing the application-identifier entitlement."
And I can't seem to find a solution for this one.
EDIT 1
I tried adding this to the .entitlements file:
<key>application-identifier</key>
<string>com.domain.appname</string>
but now I'm getting this error when trying to Archive the app for distribution:
None of the valid provisioning profiles allowed the specified entitlements: application-identifier, aps-environment.
The application-identifier entitlement is not formatted correctly;
It should contain your 10-character App ID Seed, followed by a dot, followed by your bundle identifier:
XXXXXXXXXX.com.domain.appname
I have resolved this issue by following the steps from this post:
https://stackoverflow.com/a/28235443/2638825
For apps that have been signed by a third party that you're resigning with your enterprise certificate (this walkthrough is assuming the ipa file is AcmeApp.ipa, your entitlements file is entitlements.plist and your provisioning profile is provProvile.mobileprovision; all files are in the Desktop folder (Mac OSX), and S836XXACME is your team identifier):
Create a new entitlements.plist file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>S836XXACME.uk.co.acme.AcmeApp</string>
<key>get-task-allow</key>
<false/>
</dict>
</plist>
Unzip the ipa:
cd ~/Desktop
unzip AcmeApp.ipa
Remove the Code Signature:
rm -r Payload/AcmeApp.app/_CodeSignature/
Copy in the mobileprovision file:
cp provProfile.mobileprovision Payload/AcmeApp.app/embedded.mobileprovision
Codesign:
codesign -f -s "iPhone Distribution: ACME Corporation Limited" --entitlements entitlements.plist Payload/AcmeApp.app
Zip it up as the resigned ipa:
zip -qr AcmeApp_resigned.ipa Payload/
You also need to amend the manifest.plist file as per the 'ALREADY' signed part earlier:
<key>bundle-identifier</key>
<string>S836XXACME.uk.co.acme.AcmeApp</string>
I tried this solution on iOS 8.4.1, 8.4, 8.0.2 and 7.1.1 devices and it works for me.
thank you "Mark Chamberlain" :)
This problem is caused by Apple's security patch for 8.1.3. You could see the discussion from Apple Developer forums.
bllakjakk's answer is right. But just to make it clear, the 10-character App ID Seed is called Team ID and you could find it from your Organization Profile in Member Centre.
As per the Technical Notes by Apple
(your_app) failed to install
Unable to download application, (your_app) could not be downloaded at this time.
Application is missing the application-identifier entitlement
Upgrade's application-identifier entitlement string ({Your New App ID Prefix}.com,YourApp.Bundle.ID) does not match installed application's application-identifier string (({Your Old App ID Prefix}.YourApp.Bundle.ID); rejecting upgrade.
Installation Failure Errors
So you need to conform to this.
After updating iOS 8.1.3, I tried to download, but getting error "Unable to download app" and "could not be installed at this time" messages appears.
What are changes between 8.1.2 and 8.1.3 which i have to take into consideration?
Download mode: < a
href="itms-services://?action=download-manifest&url=https://****.plist">
Thanks!
After a few hours wracking braincells, here's how I did it:
NOTE: I haven't currently tested this against iOS 8.1.2 or lower (proceed with caution!)
For apps that have ALREADY been signed with your OWN enterprise certificate, all you have to do (as mentioned by RAStudios in his edit) is to edit the manifest.plist:
Before:
<key>bundle-identifier</key>
<string>uk.co.acme.AcmeApp</string>
After:
<key>bundle-identifier</key>
<string>S836XXACME.uk.co.acme.AcmeApp</string>
For apps that have been signed by a third party that you're resigning with your enterprise certificate (this walkthrough is assuming the ipa file is AcmeApp.ipa, your entitlements file is entitlements.plist and your provisioning profile is provProvile.mobileprovision; all files are in the Desktop folder (Mac OSX), and S836XXACME is your team identifier):
Create a new entitlements.plist file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>S836XXACME.uk.co.acme.AcmeApp</string>
<key>get-task-allow</key>
<false/>
</dict>
</plist>
Unzip the ipa:
cd ~/Desktop
unzip AcmeApp.ipa
Remove the Code Signature:
rm -r Payload/AcmeApp.app/_CodeSignature/
Copy in the mobileprovision file:
cp provProfile.mobileprovision Payload/AcmeApp.app/embedded.mobileprovision
Codesign:
codesign -f -s "iPhone Distribution: ACME Corporation Limited" --entitlements entitlements.plist Payload/AcmeApp.app
Zip it up as the resigned ipa:
zip -qr AcmeApp_resigned.ipa Payload/
You also need to amend the manifest.plist file as per the 'ALREADY' signed part earlier:
<key>bundle-identifier</key>
<string>S836XXACME.uk.co.acme.AcmeApp</string>
After investigating..
Edit: After further testing, I found that simply matching the bundle ID in the Info.plist and the bundle ID in the manifest.plist worked for installing apps over-the-air on iOS 8.1.3. If this solution does not work, try the solution below.
Original Solution
Fix to the problem:
Your application must have a valid entitlements.plist, which includes correct the valid bundle identifier of an application.
If you are distributing an application signed with a iOS development certificate, here is an example of a entitlements.plist you should include with your app.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>com.yourbundleidhere.mycoolapp</string>
<key>com.apple.developer.team-identifier</key>
<string>com.yourbundleidhere.mycoolapp</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>com.yourbundleidhere.mycoolapp</string>
</array>
</dict>
</plist>
If you are using a wildcard profile, replace com.yourbundleidhere.mycoolapp with yourwildcardappid.*. In both instances, you can use iResign to properly resign applications and include the now required, entitlements.plist.
Explanation of the problem
Due to security patches (see here under CVE-2014-4493), without the entitlements.plist, the application will not install. The security patch keeps applications from overriding existing apps and installing over the top of them/replacing them.
I've done quite a few experiments with this. In my experience the bundle identifier in the manifest.plist file isn't actually that critical. The most important thing to do is to get the entitlements.plist correct.
Rather than creating this manually I would recommend generating it from the provisioning profile using the following script (credit):
# Create an entitlements file
# parse provision profile
security cms -D -i "provProfile.mobileprovision" > ProvisionProfile.plist 2>&1
# generate entitilements.plist
/usr/libexec/PlistBuddy -x -c "Print Entitlements" ProvisionProfile.plist > Entitlements.plist 2>&1
You can then use this entitlements file with the --entitlements option on the codesign utility.
I have the same issue and this happens for the applications that doesn't have any entitlements.
Re-signing the app with entitlement solved the issue for me, but this is going to be pain as all the applications that are already deployed need to be re-signed and deployed.
This is a weird issue because these apps which failed for me doesn't use anything like keychain sharing or push notifications and hence doesn't need an entitlement at all (as per my understanding). Now when I just add an entitlement with keychain-sharing it starts working.
I have answered this here, this worked for me without having to do anything else
In addition to #Mark's and #RaStudio's answers, I have seen two more causes for the 'Unable to download application' message; one of which is new to iOS 8.1.3.
New failure cause on iOS 8.1.3
This error occurs when trying to install an application that has an expired provisioning profile. When signing an application, both the certificate and the provisioning profile must be valid and not expired. It seems as though an application with an expired provisioning profile and non-expired certificate can be installed on iOS 8.1.2 in some circumstances. Ensure that the provisining profile is not expired by going to Apple's developer center.
Old failure cause
This error occurs when trying to download an application signed with a development certificate and provisioning profile if the device has not been added to the development provisining profile on Apple's developer center.
I have sovled this problem.
Since Apple has changed provisioning profiles, please RENEW the provisioning profiles (File 1) and copy it into the "Payload/".
Make sure there's a Entitlements.plist (File 2) in the "Payload/", and this plist file MUST be PLAIN TEXT which is created by a text editor.
Make sure there's a Info.plist (File 3) in "Payload/", and this is created by XCode;
Copy the Entitlements.plist (File 4) anywhere else except the "Payload/".
Be sure "Bundle identifier" in File 1-4 should be the same.
Use this Entitlements.plist (File 4) to Re-Sign the IPA file.
You can resign it like this
codesign -fs "iPhone Distribution: Your Company Name" --entitlements=/Users/SenTR/Downloads/codesign/Entitlements.plist /Users/SenTR/Downloads/codesign/Payload/Your_Project_name.app
Entitlements.plist sample
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>PREFIX.yourappBundleID</string>
<key>aps-environment</key>
<string>production</string>
<key>get-task-allow</key>
<false/>
<key>keychain-access-groups</key>
<array>
<string>PREFIX.yourappBundleID</string>
</array>
</dict>
</plist>
If you know Chinese, this will be helpful.
http://hennry.com/2015/03/fail-to-resign-ipa-since-ios8/
ios 8.1.3: inhouse app need distribute with MDM.
MobileInstallation
Impact: A malicious enterprise-signed application may be able to take control of the local container for applications already on a device
Description: A vulnerability existed in the application installation process. This was addressed by preventing enterprise applications from overriding existing applications in specific scenarios.
from apple release note
I got this error and thought I'd share the answer, as it was only due to years of Adobe Air for iOS development I could solve the problem. :)
If you, when uploading through Application Loader get an error like:
Invalid Bundle The bundle does not support the minimum version os specified in info.plist
You can simple add
<key>MinimumOSVersion</key>
<string>6.0</string>
into your AppName-app.xml manifest into "InfoAdditions" section.
This was the first thing I've tried. But this didn't help me to get rid of this error...
UPD: Just found here:
Hi,everyone.
I have the same warning too. But I was just resolved.
As a result of the update to the latest version of Mac OSX(10.9.5)
that is installed in the Application loader, it came to success.
I don't know this reason. Please try.
Can anybody check if this really helps? Also it would be good to check both cases - with default MinimumOSVersion and with set to 6.0 (for example).
To solve the issue you should add
<key>MinimumOSVersion</key>
<string>6.1</string>
(or higher)
AND
make sure the extensions you use have the same (or higher) MinimumOSVersion value in theirs manifests!
If no - you should update extensions or "hack" a bit their manifests.
I use latest release AIR SDK.
UPD: Latest AIR SDK Beta fixes loader error "Invalid Segment Alignment"
To solve (on Mac OS X):
Rename myapp.ipa to myapp.zip
Unzip
Go to the created "Payload" folder
Right click myapp.app and click "Show package content"
Open info.plist in a text editor
Change the value string of MinimumOSVersion to (at least this is what I put in, and it works)
<key>MinimumOSVersion</key>
<string>6.0</string>
Save the file and exit
Right click the Payload folder and click "Compress 'Payload'"
Rename back Payload.zip to myapp.ipa (where myapp is the original name of your ipa)
You have now solved this problem, however you may get an error when uploading, that the code signing is not messed up. I could upload OK but then when I went to the Prelaunch section of itunesconnect, it said "Invalid Binary" after 15 minutes.
In this case, also complete the following steps:
Create a file called Entitlements.plist in the same folder as your ipa, with the following content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>XXXXXXXX.com.my.app</string>
<key>keychain-access-groups</key>
<array>
<string>XXXXXXXX.com.my.app</string>
</array>
</dict>
</plist>
Where XXXXXXXX is your team(?) code in your Distribution Certificate KeyChain Access, and com.my.app is your app's app ID.
Then run the following code in the terminal
/usr/bin/codesign -f -s "iPhone Distribution: MyName Surname (XXXXXXXX)" "--resource-rules=./Payload/MyApp.app/ResourceRules.plist" --entitlements "Entitlements.plist" "./Payload/MyApp.app"
These steps should of course be taken before the last two steps above :)
UPLOAD and it should work!
I updated macosx to 10.9.5 and also changed my infoadditions on application xml to:
<InfoAdditions><![CDATA[
<key>UIDeviceFamily</key>
<array>
<string>1</string>
<string>2</string>
</array>
<key>MinimumOSVersion</key>
<string>6.0</string>
]]></InfoAdditions>
After that, the application loader uploaded my ipa with no errors.
I have two applications - one has a space in the name, the other doesn't. when I try to run the application through my command line build process I have problems with the application being able to function properly - ie: bombs out with "SecItemCopyMatching: missing entitlement"
--- When I attempt to check the entitlements on the command line of the application with the space:
>machine:Release-iphoneos builder$ codesign -d --entitlements - Application\ Name.app
Executable=/Users/Shared/Jenkins/Home/jobs/My_Application_Name/workspace/build/Release-iphoneos/Application Name.app/Application Name
--- When I run this on an app without the space in the name:
machine:Release-iphoneos builder$ codesign -d --entitlements - application.app
Executable=/Users/Shared/Jenkins/Home/jobs/My_Application_Name/workspace/ios/build/Release-iphoneos/Application.app/Application
??qq?<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>ABC123456.com.company.app</string>
<key>aps-environment</key>
<string>production</string>
<key>get-task-allow</key>
<false/>
<key>keychain-access-groups</key>
<array>
<string>ABC123456.com.company.app</string>
</array>
</dict>
</plist>
So the big question here is - this application name is already being used globally and I can't change it - how can I fix this issue so that I can do these command line builds???
IMNHO: Apple has made a big mistake in it's non-posix compliance in xcode.
Any suggestions appreciated.
APPLE'S RESPONSE: "The Code Signing of iOS applications is only supported by DTS when using the Xcode app to build and sign your applications. Their isn't a supported workflow for signing iOS Applications using xcodebuild."
So they don't support their own command line tools...
It's possible that removing all provisioning profiles solved this, although I did that on a few occasions prior to the last time I did it with no luck. It resolved itself one night on an automated build much to my surprise...