I'm trying to resign an ipa which is already signed with the developer certificate.
Now I'm resigning with the enterprise distribution certificate.
I've got proper provisioning profile, ios_distribution certificate to sign the app.
I'm following this answer Re-sign IPA (iPhone) for the resigning steps.
With this I'm successfully able to resign the ipa but when I try to install this via itools, I'm getting this error: verification failed as the authority is invalid.
Another thing is I'm resigning with the enterprise distribution certificate but still when i try to install the resigned ipa directly (keeping resigned ipa on dropbox) getting this error "safari can't download this file" which I believe should come when the app is not signed with the enterprise distribution certificate and someone try to download that file directly on iphone (not via appstore or itunes).This certificate says I can distribute this app outside the appstore, so I'm confused what I'm really missing.
I don't know about itools and the error message doesn't sound right, but it could be that
xcrun PackageApplication is copying your dev app's entitlements across to the distribution app and they don't match what's in your distribution profile. e.g get-task-allow may still be true.
If you use a distribution signing identity PackageApplication actually tries to fix this, but it just failed for me now and I get an unusable IPA. Ah, looks like it detects the "distribution-ness" of your signing identity with regular expressions. I was using the abbreviated form "My Company (ID)" form instead of "iPhone Distribution: Company Name (ID)".
If I use the longer form, the resulting binary installs fine. The more you know.
You can't install IPA files directly from Safari, you need to set up an itms anchor tag and a plist, and a bunch of absolute URLs as described here.
Related
I have made an app for the iPhone using flash CS 5.5, tested it on a device (it works fine on there) and I'm member of the development programme. I'm attempting to upload the app to the store after filling in all the information on iTunes connect. However, when I attempt to upload the ipa file through the Application Loader (Version 2.5.2) I keep encountering the same error:
'Application failed code sign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate.'
I've tried creating the certificates again but still getting the same error.
Thanks for any help :)
It means that you are not using iPhone Distribution Certificate, which is required to upload apps on the app store. I'm guessing you are using a developer certificate.
Here is link how to create distribution certificate for app store submission: Steps to create a distribtution certificate.
Next time do a search you'll get plenty questions related to this topic. For example:
Application failed codesign verification?
Try again with your release certificates, and make sure that whatever you are quoting there for making the certificate should be same as you app's plist file.
Refer to this links: Building Your App for Distribution
When I upload my app to the App store I am facing the issue below:
Application failed codesign verification. The signature was invalid,
or it was not signed with an Apple submission certificate
I did all of the changes below:
cleaning project,
cleaning all,
deleting build directory,
deleting certificates + profiles
and reinstall distribution provisional profile and distribuction certificate
but still I am facing the same problem. What am I missing?
First, check that your certificate is correct/valid. To do this, log in to the iOS Provisioning Portal with your Apple developer account and create a new distribution certificate. Make sure that you specify that you want to store you app on the iOS App Store. Create a certificate for the App Store by clicking the App Store radio button - don't choose "Ad Hoc". After that, download and install the newly created provisioning certificate.
Check that you've done the following:
Set your code-signing identity in the XCode project to use the new provisioning certificate.
Used the certificate for Distribution profile, not just Developer.
Used the "Clean all targets" function in XCode.
Deleted any build folders from your application's directory tree in the Finder.
After that, build and run your application.
For a fuller explanation, see Apple's documentation about this.
For the iOS error "Application failed codesign verification", see Apple's complete list of potential causes at the following URL "How do I resolve the error: Application failed codesign verification?"
I had the same issue and tried all the solutions listed and then some. But it turned out that it was something so simple, I could kick myself! Set your Archive Build Configuration to Release. You can do this by going into PRODUCT -> EDIT SCHEME -> ARCHIVE -> BUILD CONFIGURATION -> SET TO RELEASE.
Good Luck!
I have been getting this problem for almost 4 hours now, getting very frustrated. I have gone through and revoked my certs and provisioning profiles 3 times now and started from scratch. I've also ensured my project was set to use the DISTRIBUTION profile. I revoked and deleted my development cert/prof just so I couldn't select it by accident. My mobileprofile is being copied correctly. I'm using Xcode 4.0.2. I started a new project and dumped my files in there and I get the same problem there..
I super-double-triple checked the directions to get certs. Created private keys, sent file to developer provisioning portal, got a cert back, it loads up and matches my private key.. have deleted all non relevant keys. Have deleted all old provisioning profiles that were saved in MobileProfile/..
here, really, my project is set up right!!
here, really, my target (only target!) is set up right!
Here's my keychain.. certs look good
My super-slow-carefully-made provisioning profile shows up just fine in Xcode, it's certainly recognized as being good and signed
What I'm getting is:
rocessProductPackaging "/Users/rcl/Library/MobileDevice/Provisioning Profiles/AFFB40FF-FE57-4131-A1D1-0804E0E747FF.mobileprovision" /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app/embedded.mobileprovision
cd /Users/rcl/Documents/iMan/iMan_On_Xcode402/iMan
setenv PATH "/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
"/Users/rcl/Library/MobileDevice/Provisioning Profiles/AFFB40FF-FE57-4131-A1D1-0804E0E747FF.mobileprovision" -o /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app/embedded.mobileprovision
Then..
ProcessProductPackaging /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/Entitlements.plist /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Intermediates/iMan.build/Release-iphoneos/iMan.build/iMan.xcent
cd /Users/rcl/Documents/iMan/iMan_On_Xcode402/iMan
setenv PATH "/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/Entitlements.plist -entitlements -format xml -o /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Intermediates/iMan.build/Release-iphoneos/iMan.build/iMan.xcent
Then...
CodeSign /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app
cd /Users/rcl/Documents/iMan/iMan_On_Xcode402/iMan
setenv PATH "/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
setenv _CODESIGN_ALLOCATE_ /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate
/usr/bin/codesign -f -s "iPhone Distribution: Robert Lorentz" --resource-rules=/Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app/ResourceRules.plist --entitlements /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Intermediates/iMan.build/Release-iphoneos/iMan.build/iMan.xcent /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app
Then....
Validate /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app
cd /Users/rcl/Documents/iMan/iMan_On_Xcode402/iMan
setenv PATH "/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
setenv PRODUCT_TYPE com.apple.product-type.application
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/Validation /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app
warning: Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate. (-19011)
Executable=/Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app/iMan
codesign_wrapper-0.7.10: using Apple CA for profile evaluation
AssertMacros: signer, file: codesign_wrapper.c, line: 610
AssertMacros: profile, file: codesign_wrapper.c, line: 914
codesign_wrapper-0.7.10: Failed to load provision profile from: /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app/embedded.mobileprovision
- (null)
Edit:
One note is that I have had Xcode 4.2 beta installed, not sure if that could be causing issues? I used the provided script and did a full uninstall of the beta developer tools and installed Xcode 4.0.2 again.
Edit:
I've tried generating the private keys in my own name and also my company's name, for 'Common Name'. I initially registered with the apple developer program with my own name, but when I set myself up on iTunes Connect I used my business name as the name I wanted to appear. It seems the CERTIFICATE I'm issued obviously uses my real name. I've tried setting the common name on private key to both things with no luck, but which is correct?
Edit:
And to be clear, the file /Users/rcl/Library/Developer/Xcode/DerivedData/iMan-hapawfvbfkeskkaembwcgifzypdz/Build/Products/Release-iphoneos/iMan.app/embedded.mobileprovision definitely exists and matches the md5sum of my ~/Library/MobileDevice/Provisioning Profiles../ file (the only one that exists, the one I want to use.)
Edit:
When creating my distribution provisioning profile, it doesn't seem to matter what I pick for my App ID - they all give the same results. Is there something that needs to match up with this App ID?
Edit:
Ok I'm "getting somewhere" or walking backwards. So my bundle ID specified by me has been com.panagiaindustries.iman ; apple issued me SR49T455EV.com.panagiaindustries.iman ... if I build my app with the com.pana... one, it fails to codesign within xcode. if I build with the SR49T... one, it codesigns, but when I use Application Loader I get 'Bundle identifier SR49T... differs from reserved bundle ID: com.pana...' as an error. Which SHOULD I be using?
Edit:
Adding the following entitlements file seemed to have no effect:
get-task-allow
application-identifier
SR49T455EV.com.panagiaindustries.iman
I had gone from Xcode 4.0.2 to 4.2.x beta, then back to 4.0.2. After this, Xcode wasn't working so I ran the "official perl" uninstaller script, then reinstalled 4.0.2. Xcode worked.. but apparently I was still using some beta tools. I resolved my problem by mv /Developer /Developer.old and install "fresh" 4.0.2.
These are the following steps needed to build an iPhone app under an Apple Distribution License and upload it to the App Store.
Create A CSR from Keychain Access in a Mac machine.
Access Keychain Access as Finder>>Applications>>Utilities>>Keychain Access.
Upload this CSR while creating a Distribution Certificate.
An Apple License can have only one Apple Distribution Certificate.
Download Distribution Certificate.
Open Keychain Access.
Access Keychain Access as Finder>>Applications>>Utilities>>Keychain Access.
Install the downloaded Distribution Certificate.
Right Click on the Distribution Certificate and select "Export Certificate" and save as Personal Interchange Certificate (.p12) format in destination Library>>Keychains.
For every new application we need to create new Provisioning Profiles under one Apple Distribution Certificate.
For each new Provisioning Profile, we need to create a new App Id.
So we need to create a Adhoc and Appstore Provisioning Profile.
Adhoc Provisioning Profile is for testing the app in apple devices.
*Appstore* Provisioining Profile is for uploading the app to appstore.
Download the respective Provisioning Profile and double click on the profile to install it.
Delete all the previous profiles and just retain the newly installed profile.
Build the application by selecting the Code Signing Entity as the newly installed Provisioning Profile.
6 Upload the ApplicationName.app.zip file as the binary file in Application loader while uploading the application to appstore.
Reference: https://developer.apple.com
I believe this would be of some help to you.
I don't see anything listed under code signing entitlements (line just above the provisioning stuff). Open the new file assistant and look under resources for entitlements file. Then add one key pair:
<key>get-task-allow</key>
<true/>
In theory it will add this for you, but I remember some versions of Xcode have been bad about actually adding it. There should also be one other key pair:
<key>application-identifier</key>
<string>[someNumber].[bundleID]</string>
I'm not sure where the number comes from, though it might be the App ID from iTunes Connect.
In the build log of the original post you can see the root cause of this particular signature verification failure expressed with the text: "..Failed to load provisioning profile from: (x)". I've experienced two cases of this particular signature verification failure, and both were successfully worked around by updating to Lion 10.7.2 and the latest Xcode for Lion (currently Xcode 4.2.1).
For others experiencing the "Application failed codesign verification" during Xcode Archive Validation or Submission, look to the build log at Product > Archive time for a build warning by the same title and expand that for the root cause. Then take a look at Apple's complete list of potential causes of this error at the following URL "How do I resolve the error: Application failed codesign verification?"
Xcode keeps an archive of all the versions of my apps that I've submitted to the app store in the 'archived applications' section. I assumed using this I could install an old version of an app to my device, in order to reproduce any problems my client may have had with that particular version.
However, when I try to do this I get an error:
'this executable was signed with invalid entitlements, the entitlements specified in your applications code signing entitlements do not match those specified in your provisioning profile'
The original app was signed using our App Store distribution certificate, and I use the Organizer interface to re-sign it using our Developer profile.
select the archived app
select the version I want to test
click 'share'
select 'iphone developer' next to identity
save to disk (saves the ipa file)
then copy the ipa to the device using the little + button you see next to 'applications' on the screen you get when you select the connected device.
Then I get the error, and the app isn't installed.
Is there something obvious I'm doing wrong here? Or is there a different process to re-install an archived app to my device?
Edit: Thanks for the answers, I've solved this now. I wrote up the process I used if others want to do this http://pervasivecode.blogspot.com/2011/01/installing-archived-application-to.html
You cannot install an app by dropping it into iTunes when it is signed with the App Store distribution certificate. You need an IPA signed with an Adhoc certificate to do that.
Xcode can resign an archive with the second certificate but I don't think this resigning will overwrite the first certificate. But then, I never tried.
I'd like to send a binary to a client without the source code.
How can here sign the app for distribution on it's own name without
recompiling everything (since he does not have the source code)
I'm not talking about adhoc distribution.
I've tried to codesign -f with another distribution profile but itunes
connect refuses it.
The client needs to send you his distribution certificate and personnal certificate with his public key, matching his iPhone developer identity, so you can compile the app with his informations.