When I try to build and run the app on the device I get following error App installation failed: This application's bundle identifier does not match its code signing identifier.
I checked the signing certificates, bundle ids, provision profile, entitlements and everything is correct.
Any Ideas ?
Go into Building Phases
Click the + sing and add script in New Run Script Phase
Add /usr/local/bin/carthage copy-frameworks to the script box.
In Input Files add a line for each Carthage framework you're using in your app: $(SRCROOT)/Carthage/Build/iOS/FrameworkName.framework
If you're still having problems, also add this under Output Files for each framework: $(BUILT_PRODUCTS_DIR)/$(FRAMEWORKS_FOLDER_PATH)/FrameworkName.framework
This process fixed it for me. It can be found under Carthage documentation. You can see this process here in items 4, 5, 6.
https://github.com/Carthage/Carthage#adding-frameworks-to-an-application
In the end the error was caused by Carthage.
After removing and rebuilding all frameworks it fixed the problem.
To fix this, I had to set framework's Product Bundle Identifier to anything with a dot.
In my case it was because of framework, not Carthage's, but the one as target dependency in Workspace.
Before the fix Product Bundle Identifier was something like "FrameworkName", andXcode would automatically append some autogenerated ID, and Signing Identifier would become "FrameworkName-5555494493d11a8e5f473d1cb2a5d781973d171e".
When I set Product Bundle Identifier to something with dot, like "com.organization.frameworkName", Xcode stopped to auto-append anything, and everything works because ids match.
It seems that it wasn't an issue before Xcode 11 and Catalina. This debug was crazy.
Are you using custom .xcconfig files?
Sometimes custom .xccofigs can override the default code-sign settings.
1) See if the project has a custom config by:
--- 1) Click on project whatever the project name is called in Xcode (usually at the top)
2) On the right you'll see your project settings. In here, you can set the identifier.. If not, then you're on the wrong view. This is what you should see:
3) Change the "bundle Identifier" to something to the effect of "com.yourcompany.yourAppName".
--- The com.yourcompany is your website domain name reversed.. Apple Recommend this.
--- After the com.yourcompany is the app name or "nickname' your give it so. com.yourcompany.myCoolApp would be the full identifier.
4) Once you've done this, make sure that under the "Build Settings" as below:
--- That your "Code Signing Identity" is set to whatever Identity you want. For Debugging on iOS or OSX you use "iPhone Developer: Your Name xxx" or "Mac Developer: Your Name xxx".
Code signing resources path: reserved for advanced / command line tools
Other Code Signing Flags: Not sure, never had to use this
Provisioning Profile: IDEALLY set this to "Automatic" so Xcode handles the setting. Otherwise, when you've set a provisioning profile on the Member Centre, then specify it here (make sure you've installed it first though).
in iTunes they changed it to have a flag for each role if he will have
Access to Certificates, Identifiers & Profiles.
and by default its false.
All i had to do is to:
go to iTunesConnect -> Users and Access -> edit my role by checking the box of "Access to Certificates, Identifiers & Profiles"
This issue is only related to CODE SIGNING
But, the key point to note here is, if you are using XCode 11.x version.
Not only the code signing in your project, but we should check the code signing in Thirdparty SDKs or dependencies that we add to our project.
Steps to verify the Code Signing of 3rd party SDks:
Download the source code of framework you need
Open the .xcproj file from the source code using XCode 11.x
Go to Targets -> Signing & Capabilities -> Select all tab -> Bundle Identifier
If you see any unevenness in the identifier like, identifier with 4 seperators (Eg: com.company.mac.app)
Change it to com.* and enter.
Make sure your XCODE COMMAND LINE TOOLS is set with XCode 11.x
Now, use below command to rebuild the SDK, with the changes done in above step-3
carthage build --no-skip-current --cache-builds --platform iOS
Now copy the framework generated from, carthage folder of source code, and replace the existing SDK in your project.
Repeat the same for process for all the 3rd party SDKs, in your project.
NOTE: Make sure you marked all the 3rd party SDKs as Embed & Sign in
Targets => General => Frameworks, Libraries, and Embedded Content
Your app is signed by a Provisioning Profile, which in turn is linked to a Certificate (which can be either for development or distribution).
Now certificates have a Bundle ID, which can be:
A wildcard, such as "com.mydomain.*"
OR
An explicit ID, such as "com.mydomain.myapp"
Either way, the bundle identifier of your app has to match the Bundle ID of the certificate tied to your provisioning profile.
A mismatch would trigger the error you're encountering.
I transfered my mac app to itunes connect and received following message:
App sandbox not enabled - The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list. Refer to the App Sandbox page for more information on sandboxing your app.
So, I enabled the sandbox entitlements and run the build. I got the notice:
CODE_SIGN_ENTITLEMENTS specified without specifying CODE_SIGN_IDENTITY. It is not possible to add entitlements to a binary without signing it.
Next, I selected the provisioning profile from target -> build settings and run again. So, I got a error that means my code sign identity isn't correct, maybe during I compiled the core-plot framework.
code object is not signed at all...
In subcomponent: ./Contents/Frameworks/CorePlot.framework ... Command /usr/bin/codesign failed with exit code 1
How I can do it sign?
Ok, I found the answer...
Alright, to sign the framework I added --deep to the Target -> Build Settings -> Other >Code Signing Flags.
Starting with XCode 6, you should sign each embedded framework first (sign inside, and then outside), and then sign the app. Make sure you have all the required values in your Info.plist files. There are more details in codesigning technote 2206
I can run the app fine through the development profile but I can't run it through the distribution profile. I have everything setup correctly as far as I can tell. The error that I get from xcode on compile is:
Code Sign error: No unexpired provisioning profiles found that contain any of the keychain's signing certificates
and in TARGETS > Release > Any iOS SDK I look under what should the correct line item and I see the following:
Profile doesn't match any valid certificate/private key pair in your keychains
So it sounds like my current cert doesn't allow me to run my app as distribution? I went into the member center and dirtied all related profiles and restarted xcode 4.6 after updating my profiles. Doesn't seem to work.
I also checked my Info.plist and the bundle name is correct there. It's also correct in TARGETS > Summary > Bundle Identifier.
A private key is missing
I noticed this morning that there is no private key underneath the iPhone Distribution cert in my Keychain Access and I suspect that's an issue? I'm an admin in the developer portal so I'm not sure why this wouldn't be working..
If you weren't on the distribution certificate when it was signed then you need to have someone who IS on the certificate to export their cert + private key for you. If in doubt, it's probably the dev portal agent who you need this from. The details are found in the answer for the question below:
Profile doesn't match any valid certificate/private-key pair in the default keychain
I have this code signing issue that came up only recently when I tried to submit my Mac application (not iOS) with Xcode 4.4.1
When I tried to validate my app's archive, validation fails with these two errors:
Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. According to the provisioning profile, the bundle contains a key value that is not allowed: 'com.(mycompany).(myapp)' for the key 'com.apple.application-identifier' in 'MyAppBundle.app/Contents/MacOS/MyAppExecutable'
Invalid code signing entitlements. Your application's bundle signature contains code signing entitlements that are not supported on Mac OS X. Specifically, value 'com.(mycompany).(myapp)' for key 'com.apple.application-identifier' in 'MyAppBundle.app/Contents/MacOS/MyAppExecutable' is not supported. This value should be a string starting with your TEAMID, followed by a dot '.' followed by the bundle identifier.
This bundle is invalid. Apple is not currently accepting applications built with this version of the OS.
I've tried the following but none of them worked:
re-downloading and re-generating code signing certificates.
Specifying my team ID in the code signing parameters:
-i "(TEAMID).com.(mycompany).(myapp)" --entitlements "(MyAppEntitlementFile).entitlements"
Anybody can help? Thanks in advance.
I've fixed this by editing my entitlements file using Xcode's property list editor (not the fancy-looking GUI in the target's Summary tab) and remove the key named com.apple.application-identifier along with its value.
I'm not sure how that key-value pair got there in the first place because I'm quite confident that I didn't put it in there myself. This project was originally coded for Snow Leopard without sandboxing and went through a number of Xcode versions. Perhaps an old version of Xcode put it there and it conflicted with the newer one.
I created an App and started to sandbox it. Now I did privilege separation using xpc-services. I downloaded the "SandboxedFetch" example from Apple, which shows two xpc-services like
an application (application-icon). In my App the xpc-services show the "pluggin"-icon. The summary tab in the project setting for my xpc-service is not available, which means that I cannot configure the entitlements like I can do on the main app. I copied a custom made entitlements-file to the xpc-service and referenced it in the project settings. But the service is running always without privilege restrictions applied to the service.
Do I need a new certificate for the service? If my app is named "com.mycompany.app" and my service is named "com.mycompany.app.service" I cannot apply my app certificate to the service. I am somehow confused about this sandboxing stuff. Do I need a new certificate for my xpc-service? If not, how can I apply the entitlements to it?
This seems to be a "bug" of Xcode. Maybe The XPC-service-template will have a summary-tab in future. Now you can create a entitlements plist file manually or use the application entitlement file and copy it into your xpc-service folder. In project settings type the path and name for this new entitlement file into the entitlement field. Change your entitlements inside this file. Sandboxing will run now.
For codesigning, select your "3rd Party Mac Developer" certificate (and not the Mac Developer certificate).