Before Xcode 4.3, I used this method to submit applications to the app store:
-- Compile the application with the appropriate signing certificate which was configured inside the application's build settings
-- Distribute the application into the app store or clients using Xcode's built in submission process. When I was asked to select the signing certificate with which to sign the app, I always selected "Don't Resign".
However, the "Don't Resign" option does not exist in Xcode 4.3. Therefore, my application is resigned, and I always end up with an error saying that the code sign verification failed.
Is there any way around this problem?
I have found out that the compilation errors about code signing are due to a bug in Xcode 4.3. As many other have pointed out in Apple's developer forums, and myself, there are many cases where Xcode will complain about code signing your application if your application contains an image bundle! So, I remove the bundle with the images, and re-imported the images as separate files. I was able to compile the application for Ad Hoc this way, whereas it wouldn't compile with the bundle.
Also, as far as "Don't Resign" is concerned, I noticed that even if the application is already code signed in another step, Xcode 4.3 became smart enough to not re-sign the application with the same certificate, even if it appears to not give you the chance to not to! That's what I have verified with Ad Hoc builds. I will soon try that with production builds.
So, Xcode 4.3 became smarter in one way, and dumber into the other. Apple needs to fix this problem with the bundles, SOON!
Yes, there is a way. Before it used to default to whatever code sign it could find and auto-embed it into your apps. Right now its bugged.
To solve it, you would have to go through the steps of obtaining a new certificate and its private/public key. 3 step process:
Make sure you completely delete your old certs and keys by going to Applications > Utilities > Keychain Access. Then Deleting the certificates and private keys associated with your Developer account.
After deleting all that info head Here to generate a new certificate for your app. Download and import to your login keychain
3.In Xcode open your project. Head to your root project folder > targets > build settings and attach the new correct certificates to code sign your app correctly.
If you are unsure about the code-signing process. Either go here or go to the dev provisioning profile under distribution you have some (REALLY OUTDATED) examples to point your way
Related
I see that this question has been asked many times but I see no solution that works for me so I'm hoping that providing more info might shed some light.
We use appcenter.ms to test iOS apps. Until our iOS certificate expired this method worked fine. We generated a new enterprise certificate and ad hoc provisioning profile for new releases of the iOS app. Which led to the first curiosity.
I see how to upload a certificate on appcenter.ms but not a provisioning profile. I thought there was an option to do this in the past but perhaps I am mistaken. However, the app is signed with a provisioning profile before upload, so perhaps this is not needed now.
Once the app is uploaded, it can't be installed. It remains grey and when you tap it, you get the "this app cannot be installed because its integrity could not be verified" error. Again, that the .ipa is created with an ad hoc certificate and profile in Xamarin (VS for Mac).
Also, I can't install the provisioning profile on a device from appcenter.ms. You basically get stuck in a loop where you seem to successfully install the profile but have to keep doing it because it never actually installs.
I hope this is enough info for some insight and thanks in advance for any feedback.
We were able to solve this by redoing and downloading development certs and via
And also downloading and double clicking the apple development certificate here
After that our keychain showed both as trusted and we could build to the iPhone again.
The issue can be the your device is simply not registered on the developer portal and/or that ad-hoc provisioning profiles have not been regenerated.
You need to register your device, regenerate a provisioning profile with this device in it and rebuild your app using this profile.
This can also happen because of
Developer ID Notary Service - Outage
which can be checked on https://developer.apple.com/system-status/
Notarization is well explained here:
Notarization gives users more confidence that the Developer ID-signed
software you distribute has been checked by Apple for malicious
components. Notarization is not App Review. The Apple notary service
is an automated system that scans your software for malicious content,
checks for code-signing issues, and returns the results to you
quickly. If there are no issues, the notary service generates a ticket
for you to staple to your software.
Work around fix:
Select your app.
Navigate to TextFlight tab
Create External Testing group
Add one tester
Add build which you want to download using TestFlight
Open TestFlight and download an app.
In my case this was caused by trying to include an entitlement for aps-environment "development" when using an Ad-Hoc provisioning profile. The value for this environment in Entitlements.plist must match what is hard coded into the provisioning profile file - if you open an Ad-Hoc profile in a text editor you will see it expects the "production" environment.
The possible solutions depending on your requirements are to either use the Development profile/certificate, or change the aps-environment to "production" to continue using an Ad-Hoc provisioning profile.
It can also happen if you have other incorrect entitlements - worth checking what entitlements are enabled under the Identifier in Apple Developer portal and removing unnecessary ones.
I had this issue because when building the app on xCode for distribution (Product->Archive then Distribute App), I chose automatic signing. After manually signing the app and choosing my own generated certificate and profile, everything worked again fine.
I removed the Entitlements file from the Addition Resources in iOS Bundle Signing and it worked.
I think the MSAL configuration was set to debug in entitlements.plist
I have also face this issue before but for me the reason was little different
First the build was enterprise one and the build was made on the earlier Xcode version on which the iOS version you are using on the device was not supported by the Xcode.
All I did was to update my Xcode and make a new build and shared the build. After that we were able to install that build over device Hope it works for you as well
This is how I solved for myself.
In you iPhone Settings > General > VPN & Device Management you should see your company name (if an app from it is installed), and if you click on it, you will see a button like "Verify" above the list of apps installed provided by the company. Just click on "Verify".
I'm working on a hybrid mobile app project (Ionic framework) and releasing to Android, iOS and web. This issue concerns only releasing the application on iOS.
I ran into an issue whereby I suddenly started getting the following email from iTunes Connect after building, archiving and uploading my iOS app to App Store from Xcode.
App Store Connect: Your app "YourAppName" (Apple ID: XXXXXXXXXX) has
one or more issues
Dear Developer,
We identified one or more issues with a recent delivery for your app,
"YourAppName". Please correct the following issues, then upload again.
Invalid Signature - A sealed resource is missing or invalid. The file
at path [YourAppName.app/YourAppName] is not properly signed. Make sure you
have signed your application with a distribution certificate, not an
ad hoc certificate or a development certificate. Verify that the code
signing settings in Xcode are correct at the target level (which
override any values at the project level). Additionally, make sure the
bundle you are uploading was built using a Release target in Xcode,
not a Simulator target. If you are certain your code signing settings
are correct, choose "Clean All" in Xcode, delete the "build" directory
in the Finder, and rebuild your release target. For more information,
please consult
https://developer.apple.com/library/ios/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
Best regards,
The App Store Team
I tried everything I could find on the internet regarding this issue:
Checking over my certificates, provisioning profiles, recreating them, updating Xcode, building the project again, made sure I'm using a distribution certificate not an ad-hoc certificate, verified the code signing settings in Xcode were correct, verified the bundle was built using the Release target, tried the "Clean All" option, deleted the "build" directory in the finder and rebuilt the release. In short - I tried everything I could find by Apple regarding this issue, also looked up the same issue in StackOverflow and tried a huge variety of the recommended solutions. I tried all of those options multiple times over to make sure I didn't miss anything.
Nothing worked...
Also a note that I was able to upload to App Store without any problems before. There hasn't been any changes to the project which could result in this Invalid Signature issue arising - no certificates have expired, no new ones have been created, no new provisioning profiles have been created. The same profiles and certificates were used which worked just fine some time ago. iTunes Connect just suddenly started responding with this issue.
What else can I try?
I was sceptical at first when I tried this solution but this actually solved my issue.
Find a spare USB stick or an external hard drive.
If your Mac's filesystem is APFS format the external volume using a HPFS Mac OS Extended (Journaled) file system. Move your project over to the freshly formatted HPFS external volume and rebuild it over there. This is important as if you build it on your Mac's APFS volume and then move it over to your HPFS external volume to archive and upload in Xcode this will not work!
The project needs to be built, signed, archived and uploaded ON the HPFS volume.
The uploading to App Store should now work again. It worked for me, hope it works for you as well.
See more information on the solution here
while i am trying to build my project its giving me this error,i am using xcode 7 :
what i was tried:
Deleted the development and distribution certificated and then i have create it again.
about xcode ->preference->account->viewdetails ,in xcode 7 there is no refresh button is there.
Debug-iphoneos/Demofb.app: User canceled the operation.
Command /usr/bin/codesign failed with exit code 1
in simulator its running.
but i don't know where problem is from keychainaccess or from the xcode.
Please anybody help me to solve this problem ,i am struggle here for more then half day.
I surfed a bit and found the following things. Hope it helps you some way.
While choosing a signing identity, you have the choice of submitting your Mac app to the store, signing it with a Developer ID certificate to distribute it outside of the store, or not code signing it at all. If you select Mac App Store, you assign your Xcode project to a team and can enable app services, as described in Adding Capabilities. If you select Developer ID, you assign your Xcode project to a team but the available capabilities are limited (read Distributing Apps Outside the Mac App Store for how to create a Developer ID-signed app)
Xcode detects when you’re missing a signing identity. Typically, this happens when you move from one Mac to another or recreating the certificates and provision profiles. Click here to know more on provision profiles, but I am not sure this might not be your issue.
If you use the team provisioning profile that Xcode manages for you during development, as described in Team Provisioning Profiles in Depth, Xcode fixes code signing and provisioning issues for you before you attempt to build your app. In this case, you shouldn’t set the Code Signing Identity build settings yourself. However, if you want to use a custom development provisioning profile and set these build settings, as described in Using Custom Provisioning Profiles, you may encounter build issues described in this section. Common build errors tend to involve incorrect code signing identities.
I've build a new application which is going to support IOS 7. I got the new XCode 5 GM and tried to sign my apps using my fresh provisioning profile and distribution certificate, but i'm having trouble with distribution. I constantly get the following error:
"Invalid Code Signing Entitlements. The entitlements in your app
bundle signature do not match the ones that are contained in the
provisioning profile. According to the provisioning profile, the
bundle contains a key value that is not allowed:
'[XXXX.com.sample.company ]' for the key 'keychain-access-groups".
Also the same error for a key value called application-identifier.
Screenshot of the errror:
The solution lies in the new option in Xcode 5 which says provisioning profile. Just set the project target's provisioning profile to the right one and it'll work.
If you are like me and you think you tried EVERYTHING, archived your project over ten times, banged your head on the keyboard and still get this error. Please do yourself a favor and simply Restart XCode, it worked for me. Sometime Apple... I hate you.
I went through many of the steps above but what finally worked for me was refreshing my profiles in Xcode. Not sure why it was necessary since my app's distribution profile was showing up in the list already. Here are the steps:
Xcode Preferences
Accounts tab
Select your Apple ID
Hit the View Details button in the Apple ID detail panel
Hit the Refresh button in the lower left corner
In my case, i activated the same capabilities in Xcode that in Application services in developer.apple.com. Thats works for me
In my case (sorry) I switched "Team" to "None" in -> General -> Identity
In another case I needed to switch this identity from "None" to the developer account managing the identities and profiles.
Xcode sometimes messes up greatly with code signing, it seems. Or, we mere mortals simply aren't clever enough to understand what it is doing, of course. Don't give up, we're all going through some code signing torture at times!
In my case, I had to set correct Provision Profile for Release, and then had to restart Xcode. Before restarting, it had same provision profile, and didn't work. So, sometimes a restart can do miracles. Maybe this helps somebody.
If someone uses a GameCenter then check this section in your target. I worked with some old project and there were 2 errors (but everything worked fine). Disabling and enabling it back solved this problem.
Most likely this action adds Game Center entitlement to App ID and and handle it itself.
1.Go to project folder, delete *.entitlements files.
2.Then go yo in xcode project target -> build settings -> code signing entitlements - delete values
3.Clean
4.Run
Ah, this glorious error. For me whenever I see this error I check the following things:
1. Allow XCode to access your provisioning profile info all the time - If XCode keeps asking when you start it up to have access to your computer's private files so that it can get provisioning profile information with the options to allow access always, not now, or just one time - set it to ALWAYS ALLOW access
2. If you have any old entitlement files kicking around your project get rid of them and any sign of them - if you see a .entitlements file in your project delete it (or at least remove the reference to it if you aren't sure you are ready to outright delete it), then make sure the 'Code Signing Entitlements' line under the 'Code Signing' section in Build Settings is empty
3. Check your Application Services online and match them up with your Services in XCode for the app - Go to the Apple Member Center and check the App ID for your app, click on the app to see its 'Application Services' and see what you have checked, then go to XCode and check your 'Capabilities' section to make sure the two have the same list of Apple services on both
4. Make sure you assign a valid Provisioning Profile to your app before validating - double check your provisioning profile for your app in the Apple Member Center, make sure it isn't expired, has the right App ID with the correct bundle id and distribution. Download and click on the new provisioning profile to make sure XCode has it, or go to XCode > Preferences > Accounts > click on your account and 'View Details' then click the bottom corner button to Sync all the profiles to XCode. You should have the profile available to select now in the 'Code Signing' section. Once you have the correct provisioning profile then you can set the 'Code Signing Identity' lines to the correct option for that provisioning profile.
Note - if doing a distribution certificate it can help to set all the 'Code Signing Identity' lines to the identity you use for distribution including the debug lines
5. IF ALL ELSE FAILS - Clean your project and Restart XCode and some Apple magic may just work fine the next time you open your project and try to Validate
If you're building an old 3.1.5 project, Xcode 5 has some bugs which unfortunately makes Benjamin's answer impossible, as there are no Provisioning profiles to pick from. After many a late hour of tormented reading of Xcode project files I came up with this solution that worked for me:
In the Utilities pane (to the right) in Xcode 5, under project Document, change from Xcode 3.1-compatible to Xcode 3.2 compatible.
Enter your organization name.
Close project.
Open your project file, e.g. open -a TextEdit path/to/name.xcodeproj/project.pbxproj
Remove the two Distribution clauses (isa=XCBuildConfiguration).
Remove the two accompanying lines in buildConfiguration (one in PBXNativeTarget and one in PBXProject XCConfigurationLists)
Now you're ready to re-open, archive and submit to App store - voilà! It works again!
How I think it works
I assume this works because Apple somewhere along the line decided to drop the need for any separate distribution config, which is a good thing. When I archive, Xcode automatically code signs for distribution. That's the way it should have been implemented in the first place, it's just a shame that Apple can't make auto-migration part of the IDE; instead they force us developers to spend man-decades to make this stuff work.
I have been struggling with this problem for more than a day now, trying all kinds of solutions suggested here and elsewhere on the internet. Nothing worked...
But, I finally managed to solve the problem!
The problem I had was with an old app that I haven't touched in over 3 years, and now I was about to release a long awaited update. Since the time I released the app, Apple has been updating how the certificates and App Id works. They have introduced the concept of Team Id which seems to be recommended to use.
In particular, the Apple's "Certificates, Identifiers & Profiles" site, has seen a lot of changes since then.
There I realized that the Provisioning Profile I was using for App Store Distribution were connected to the App Id ED8xxxxxxx.com.rostsolutions.* but looking at the App Id for the game I was about to submit I notice that the App Id was ATMxxxxxxx.com.rostsolutions.Swisch. So the App Id prefix did not match!
That seemed to be the root of the problem. So what I did was to create a new Provisioning Profile connected to the App Id ATMxxxxxxx.com.rostsolutions.Swisch instead. Using that Provisioning Profile I successfully submitted my app to App Store and now I just keep my fingers crossed that everything else works fine at Apple's side.
(I first tried to connect to new Provisioning profile to the wildcard Id ATMxxxxxxx.com.rostsolutions.* instead, but that didn't seem to work).
But what puzzles me is that when I look at the old App in iTunes Connects and goes to Binary Details, it says that the App Id is ED8xxxxxxx.com.rostsolutions.Swisch. So why is the "Certificates, Identifiers & Profiles" page listing the App Id as ATMxxxxxxx.com.rostsolutions.Swisch?
My problem was solved by removing my Apple ID from Preferences->Accounts and then adding it back again. Then all my provisioning profile files showed up on the View Details utility panel. I was mistakenly choosing "Mac Team Provisioning Profile:*" instead of the actual distribution provisioning profile for the project thinking that it was a generic selection. Provisioning files must be specific to the project. Oh, and BTW, make sure your provisioning profile has the correct entitlements (for example, Maps). I managed to release an app with OSX Maps without the entitlement and Apple approved it -- but no Maps showed up on the production version!
In my case, I had the same problem, my solution was to change the 'Release Provisioning Profile' in the Build Settings before doing Archive. I do this twice, once for App Store distribution, and another one for Ad Hoc distribution. I also add a comment on my archives. My conclusion is that there is something broken about the "archive re-signature".
There is a very good tutorial for solving that problem on this website.
It says that this problem can occur when your Projects Bundle Identifier is different to the one you entered on the iTunes Connect Website.
I think xcode 5 uses "release" instead of "distribution" that you may created yourself.
If all above didn't work (in my case after couple of days no luck trying everything) I have only one Mac application. BE CAREFULL WITH REVOKE!
1) Revoke by hand all "Mac App Distribution" & "Mac Installer Distribution"
2) Clean relevant certificates and open-keys in Keychain (Warning: export before delete)
3) Restart Xcode
4) Go to (in Safari) developer.apple.com -> certificates etc.
5) Create CertificateSigningRequest.certSigningRequest in Keychain->Certificate assistant
6) Create by hand on developer.apple.com both "Mac App Distribution" & "Mac Installer Distribution" with your *.certSigningRequest
7) Provisioning Profiles -> Distribution -> create/fix custom provision for AppStore (I'm specially named it as "Mac provision profile for AppStore"
8) Xcode -> Settings -> Account -> Your account -> Refresh
9) Xcode Clean -> Archive -> Validate
I have been struggling with similar problem (I was building for Ad-Hoc distribution). Only thing that has changed since last successful deploy, was adding two devices to provisioning profile.
After double- and triple- checking all build settings, I regenerated provisioning profile (without changing anything), re-downloaded and it worked fine.
So note to self: if there is no logic explanation, you can always try good old IT voodoo.
I also recommend iPhone Configuration Utility, which despite its name, is useful for checking what provisioning profiles you have on computer.
ERROR ITMS-9000: “This bundle is invalid. New apps and app updates submitted to the App Store must be built with public (GM) versions of XCode 5.1.1 or higher and iOS 7 SDK. Do not submit apps built with beta software.
If multiple developers are using the same member center account. One of them can't use a certificate created by others cause they used a certificate request created using their computers.
You need to use a certificate created by you (certificate request
created using your computer).
Alternative, told them to send you the Developer Profile. not sure of the name. to use a certificate created on another computer.
Code signing Entitlements occur because of your resource does not contain Entitlements file in resources,Just go to build setting and search code signing Entitlements delete entry for debug and release, build project again you will see there is no error. Cheers
I had the same problem, but nothing written here worked for me. However, I found a simple way that worked for me. Here's how to do it:
1) In your Project and your Target(s) build settings, choose "None" for all Provisioning profiles, and choose "Don't Code Sign" for all Code Signing Identities.
2) Now, choose your Target and go to build settings. In Code Signing Identity Release setting, choose "iOS Distribution" for "Any iOS SDK". And then, in Provisioning Profile Release setting, choose your distribution profile for "Any iOS SDK". After that your Code Signing Identity Release setting should automatically change to "iPhone Distribution".
3) Archive your build and validate. Now it should work fine. That's it!
I am trying to submit an update to the iOS app store. I am going from a Buzztouch app to a Sprite Kit app. I am able to archive the Xcode project and submit it. The app gets to the status of Upload Received but than about a minute later, it changes to Invalid Binary and I get an email saying:
Invalid Signature - Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose "Clean All" in Xcode, delete the "build" directory in the Finder, and rebuild your release target.
Once these issues have been corrected, go to the Version Details page and click "Ready to Upload Binary." Continue through the submission process until the app status is "Waiting for Upload." You can then deliver the corrected binary.
I have cleaned out the build directory, rebuilt my release target, and made new provisioning profiles multiple times. All of the Code Signing Identities are set to iOS Developer. Code signing and the provisioning profiles have always been a little bit confusing to me, I could have made some obvious mistakes.
I have tried submitting over 50 times! I find this very frustrating because I have emailed Apple and they got back to me but it was just a link to the dev center with code signing information. I have also spent lots of time searching the Internet to find a solution to this and there hasn’t been a good solution that actually works for this problem.
The only thing I can think of is either because I am changing from a Buzztouch app or it is Sprite Kit.
Here is a screenshot of my code signing:
In Apple developer support there are two additional common causes of the Invalid Signature binary rejection reason,
executable files containing special characters (i.e. non-numeric, and non-alpha). To resolve this issue, change the Xcode target’s Product Name build setting from “${TARGET_NAME} to a string containing only alpha/numeric characters. Let me know if this was the cause of the issue (and the problematic characters) because I file bug reports to fix each instance I find here.
Apple Double Files ("double files") that result from copying the Xcode project uncompressed to/from a non HFS+ formatted hard drive. To check if this caused your rejection:
A. Run the app diagnostic here: How do I check if my application's signature has been corrupted?
B. Then check the command line output with: List of Signature Verification Failure Root Causes. Double files are diagnosed with a message like:
resource missing: my.app/._.*
C. From the docs:
The file prefixed with "._" is considered an AppleDouble file and it
can result from copying the uncompressed Xcode project folder onto a
non-HFS+ formatted disk. The AppleDouble files must be removed using
the 'dot_clean' command. The Xcode project folder is the argument to
dot_clean as illustrated below. Note: You can drag your Xcode project
folder from Finder into the Terminal window to automatically fill its
path into the command.
dot_clean /path/to/My_Xcode_Project
(If Terminal can't find the dot_clean utility, download the optional Command Line Tools through Xcode > Preferences > Downloads)
D. After running dot_clean on your Xcode project, create a new app archive (via Xcode > Product > Archive), reattempt submission.
To prevent double files be sure to compress the Xcode project folder to .zip using Finder before transferring it to/from a non HFS+ formatted hard drive.
This is what I did when I encountered a similar problem with the Mac App Store:
Re-generate the app's Distribution and Development certificates (from the Apple Developer's Certificates site).
Download both certificates and drag them to Xcode's icon (not sure whether it had any impact, but after so many submission failures, I was pretty superstitious).
Re-fresh the certificates and identities from Xcode.
Open Xcode's Preferences.
Go to Accounts tab.
Clicked my account
Clicked the refresh button.
Generate the archive.
Submit the app and clicked on "refresh signing identities" somewhere mid-way in wizard prompts.
As a reference, here is my built settings related to signing. That one worked the last time I submitted the app (which has been in the "waiting for review" state for the past two days now, so I guess it passed all of their automated tests).
Your issue relate with signing failed because of your app didn't sign with recent distribution certificate. Check the following steps:
1) Check your bundle identifier to list out provisioning profile as like below picture. Because It also lead to this problem.
2)You may not using the correct certificates when building your app. Just Delete your certificates in Provisioning Portal and create new ones and update them in Xcode.
3) From your picture, you didn't selected correct provisioning profile. Goto Organizer / Provisioning Profiles / Refresh and allow Xcode to fetch the latest ones. see screen shot to how to do that.
Select correct Provisioning profile.
Select correct code sign.
4) Cleaned up your project.
5) Just clean all your targets . You can even go to /Users/%USERNAME%/Library/Developer/Xcode/DerivedData and delete all of the directories in there.
see this ref
Under "Code Signing Identity" Make sure you have selected your Distribution Cert for the "Release" scheme
Under "Provisioning Profile" make sure you select a Distribution provisioning profile (not an Ad Hoc one)
Archive and distribute, make sure the same cert is selected when submitting (after entering your iTunesConnect info)
After doing all of the above
Menu Bar
try Product->Archive
Then from the organise try resigning and submitting.
Window->Organiser
Select archive and then press distribute (but i'm pretty sure you'll know how that works)
Obviously if you can't do this then chances are you have indeed got something wrong with your signing certificates, more specifically your bundle identifier is likely to be the culprit.
One other option is your app uses services that you haven't set up on developer.apple.com/ios for the app id such as game centre, push notification etc. Good luck
check your launch images . Are they conflicting like 2 images have got same name. Because i have got the similar issue which i solved like this within 10 minutes.
To figure out this problem I just created a new Xcode project and copied and pasted everything into the new project.
In my case the problem was to not ASCII chars in filename (someone did sent us to embed), solution was to do a global search in project:
ls -1 -R -i | grep -a "[^A-Za-z0-9_.':# /-]"
And delete those chars from filenames.