I have a version of an app that runs on iOS8 and iOS7 and I want to codesign it for Enterprise deployment. When I do this, it runs successfully on iOS7 but on iOS8 when tapping on the app it hangs on installing with just a grey icon.
One thing I've noticed is that the latest unzipped Payload from the vendor does not include a ResourceRules.plist file, wondering if that may be the issue?
I've tried code signing without a ResourceRules.plist, using an old (possibly inaccurate?) ResourceRules.plist, and using a different provisioning profile and certificate. Got the same behavior as above every time.
What else should I check to try to resolve this? Thanks
EDIT: I'm getting the following in debug while doing the install (identifier/app names changed to aaa, bbb and ccc for privacy reason):
Jan 14 11:06:09 Brads-AIR atc[31] : 0x101f7c000 __MobileInstallationInstallForLaunchServices_block_invoke240: Returned error Error Domain=MIInstallerErrorDomain Code=37 "Appex bundle at "/private/var/mobile/Library/Caches/com.apple.mobile.installd.staging/temp.FYHYX8/extracted/Payload/CCC.app/PlugIns/Photo.appex" with identifier "com.aaa.AAA" does not have expected identifier prefix "com.bbb.BBB"" UserInfo=0x12ff52da0
OK I figured this out. Problem was that the plug-in nested within the app bundle also needed code-signing first (remove its _CodeSignature, change bundle identifier in its Info.plist, replace its embedded.mobileprovison, codesign it separately), just as though it were an app within an app that needed configuring first.
Related
We are trying to test application on iOS 15 and found that we are getting this message App needs to be updated.
Can anyone please let me know the reason behind this message? Existing users will have to delete the app and install again to get rid of this alert.
I went into the same issue with my enterprise apps, and fortunately I've managed to fix it.
There are actually two reasons that can cause this issue on iOS 15 if you're deploying your apps using an Enterprise account. The root key of the issue is a new signature format, that is required on iOS 15. Apps released through the App Store are automatically resigned, thus why they aren't affected by the issue.
Also, note that the main cause for this is building IPAs with older MacOS versions. If you update to latest Big Sur, you should be able to generate an IPA that is correctly signed. If you don't want to update, read the solutions below.
First reason
The first reason, documented by Apple here, is that your IPA must use the new signature format. If the IPA has been built with MacOS 10.14 or higher, it should be good. To ensure your IPA have the correct signature, use following steps:
Rename MyApp.ipa to MyApp.zip and unzip (you'll get a Payload folder which contains MyApp.app)
In Terminal, run codesign -dv /path/to/MyApp.app
Look in the output the value next to CodeDirectory. If you see v=20500 or v=20400, you're good. If you see a value below 20400, you need to resign your app using following command: codesign -s "Your Codesign Identity" -f --preserve-metadata /path/to/MyApp.app (ensure you do this using MacOS >= 10.14, and re-run codesign -dv /path/to/MyApp.app to ensure you now get v=20400 or v=20500)
Zip the Payload folder and rename it to MyApp.ipa
Try reinstalling this IPA, it should work. If it doesn't, read the second reason below.
Second reason
An other possible reason, not documented by Apple, a bit more tricky, is that you might need to re-sign your app including the DER entitlements. To check if you need to do this, do this:
In Terminal, run codesign -dvvvvv /path/to/MyApp.app
Look in the output under Page size, you should see something like this:
-7=4ade7be00e0a7b6db853edc4843e7ece1eea646f6f13d1809f78fc50d8db461f //If this line doesn't exist or contains only 000..., you need to include DER entitlements
-6=0000000000000000000000000000000000000000000000000000000000000000
-5=1dfa58bd8ac3c4fb42142c1c4d28c436128b3a7460186a44526194fb690112bc
-4=0000000000000000000000000000000000000000000000000000000000000000
-3=ef08dbe5a7c355336e1fb571604b683ce1c54536cb59a6155a1d18387fd23f6e
-2=5b730fa46ffd405fd88da9606d82eda9af7f460f6049047afc176163326f5a7f
As commented in above block, if -7 isn't existent or if it only contains 000..., then that's the reason why the IPA doesn't install properly. To fix this, follow next step
Run codesign -s "Your Codesign Identity" -f --preserve-metadata --generate-entitlement-der /path/to/MyApp.app to resign your app including DER entitlements. Re-run codesign -dvvvvv /path/to/MyApp.app to ensure the -7 value is now correct.
Zip the Payload folder and rename it to MyApp.ipa
You should be able to install the IPA now! 🎉
I have fixed the issue with the following configuration: MacOS Big Sur(macOS 11.14) and Xcode 12.5.1.
I rebuild the package with the configuration mentioned above.
I uploaded the package to TestFlight.
I tested on iOS 15 device. Everything works as expected. No popup.
As far as I understood the the reason of the failure is updated signature format. In iOS 15 the new format is mandatory while on iOS 14 it only gives a warning.
More information about the signature can be found here: https://developer.apple.com/documentation/xcode/using-the-latest-code-signature-format
If you're using Xcode 12.4 or 13 and MacOS 10.15.4 or above in December it should be sufficient to create a new Provisioning profile and provision with that. The provisioning profile must have the DER entitlements in it. Please see https://developer.apple.com/forums/thread/682775 for a method to check your provisioning profile has the DER entitlements.
I have facing above same issue any try all above solution but not work.
Once i change below setting than after it will work.
Build Setting
change excluded architecture "Any SDK" to "Any iOS Simulator SDK" and value arm64
So I've inherited development work for another users iOS application, and am doing my best to be able to make a working IPA file for it. I've been trying for the better part of 7 hours fighting with provisioning profiles, Entitlements errors, etc trying to get my .ipa file to install correctly, but have yet to do so. Recently I was able to get the application on my physical device by just pressing run and allowing it to deploy that way (this means that the provisioning profile and the device are all set up to work for the application, right?). Whenever I build the archive file and and distribute it as an .ipa file and try to install this .ipa through either itunes or the Iphone Configuration Utility, however, I continue to get the "The executable was signed with invalid entitlements" error. Is something wrong with my schemes or...? I think if I can't get it working soon I'm going to reinstall xcode, and clear out all my certificates, devices, provisions and just restart from square one.
This is an older project so it still had an Entitlements.plist file with it, which I've read is now longer used in xcode 4.x. I've made sure that the filepath for it isn't referenced, but should I just delete it?
I apologize if this issue has come up before, but this seems like an error message that gets spit out for a variety of reasons.
In my case, using correct provisioning profile(including device UDID), but Build Configuration was set to "Release".
So, after setting to "Build", it works.
H e l l o Everyone, after installing the last Xcode 4.3.1 I stuck with submitting apps. I can't archive apps for submitting. It says:
warning: Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate. (-19011)
Executable=/Users/YYYYYY/Library/Developer/Xcode/DerivedData/XXXX002-ekjbelaglwpkredizicvazolomgj/Build/Intermediates/ArchiveIntermediates/ZZZZ/InstallationBuildProductsLocation/Applications/ZZZZ.app/ZZZZ
AssertMacros: message, file: /SourceCache/codesign_wrapper_Sim/Security-1245/codesign_wrapper/codesign_wrapper.c, line: 495
AssertMacros: profile, file: /SourceCache/codesign_wrapper_Sim/Security-1245/codesign_wrapper/codesign_wrapper.c, line: 904
codesign_wrapper-0.7.10: Failed to load provision profile from: /Users/YYYYYY/Library/Developer/Xcode/DerivedData/XXXX002-ekjbelaglwpkredizicvazolomgj/Build/Intermediates/ArchiveIntermediates/ZZZZ/InstallationBuildProductsLocation/Applications/ZZZZ.app/embedded.mobileprov
- (null)
I've tried to put in provisioning profiles (renew them), but it does not help.
There is no such a warring during normal build, only during archiving. In organizer when I press renew it gets only developers provisioning profiles and not renewing ones for distribution. So I put the distribution profile manually.
I've tried also to fix the project - Code sign identity - putting there iPhone distributing provisioning profile, remove build and clean targets, remove DerivedData (just in case) like people advised and cleaning all targets and checked twice that certificate is not expired.
Fortunately I kept the previous version of XCode 4.2, and it works fine archiving the same project. But I would love to hear any suggestions how to make XCode 4.3 working. Thank you in advance.
I had exactly this problem last night and was tearing my hair out!
However, the clue is that the last line "Failed to load provision profile" has characters missing from the end ('mobileprov' instead of 'mobileprovision'). Mine did too. I think there's a character limit per line and if your directory or application name is too long it will fail to work properly.
I re-created the project with a shorter name and everything worked fine (after re-doing the provisioning, etc.).
Since that was my first app (and it was painful to submit!) this is a stab in the dark as to what the real cause is - so perhaps the more advanced users out there could tell me if I'm right or not? Or was the re-creation of the project more likely to have fixed the issue?
Richard
I have restarted this process about 4 times over the past 3 weeks. I have not succeeded in submitting my app to the store. Please help me! I just started over again tonight, I did it in this order:
Deleted everything referring to the IPhone in my Keychain,
Redownloaded the Distribution Certificate
Created a new app id called: com.myapp
Downloaded the Provision Profile and installed it into XCode.
Please note: I did not install an Entitlements.plist because I was told I didn't need one. Everything is looking good at this point.
Duplicated my "Release" Configuration and renamed "Distribution"
Under the Configuration of "Distribution", Code Signing Identity, I can see my Provision Profile it actually says: IPhone Distribution: My Name (for Application Identifiers: com.myapp)
So at this point at the bottom of the Project Info Window I see this:
The name (“common name”) of a valid code-signing certificate in a keychain within your keychain path. A missing or invalid certificate will cause a build error. [CODE_SIGN_IDENTITY]
So I realize I haven't altered my bundle name for my app, I change it to com.myapp, warning still doesn't go away. I tried adding in my prefix into the Bundle Identifier like this:
5JSF8843kJJ.com.myapp (for example)
But the error still doesn't go away!
After all this I try to Build and Run on my device anyway thinking it may go away. But I get this error:
The iPod “myIpod” doesn’t have the provisioning profile with which the application was signed.
Click “Install and Run” to install the provisioning profile “myprofile” on “myIpod” and continue running “myappname.app”.
Please Help! I need to get this to work!
Thank you for your time.
UPDATE: I have fully tested the app and I am ready to distribute, I am trying to get a successful Build so that I can zip up my .app file and submit it using Application Loader.
You can't run an app using the Distribution certificate or Distribution Build.
You shouldn't duplicate your Release Build until after you get it running and configured exactly as needed, except for the choice of code signing certificate.
I'm getting this error when trying to build:
The entitlements specified in your application’s Code Signing Entitlements file do not match those specified in your provisioning profile.
(0xE8008016).
This is not my first time building apps. This will be my sixth app, so this thing is tripping. I'm making an AppStore distribution build, so I dont need entitlements. I dont have any entitlement files specified in my code signing entitlement. ITS BLANK. For the project info pane and the target info pane, there is absolutely nothing in my code signing entitlements, which is how its supposed to be. Yet I still get this dumb error. Remember, this is NOT an adhoc build, rather it is an AppStore build. What can be the problem??
Do you have multiple versions of Xcode installed (such as one of the betas)? Did you change the install directory after installing your current stable version of Xcode? Xcode installs things for code signing that can break if you either install a new version of Xcode simultaneously, or you rename your /Developer directory.
Also, try checking the console for related error messages.