I'm trying to install a Xamarin watchOS app to a device using Visual Studio for Mac automatic provisioning but getting a "this app could not be installed at this time" error on the iPhone.
I'm on macOS Big Sur (11.6), Visual Studio for Mac (8.10.11), watchOS 8.0.1 on an SE (A2354), and iPhone 11 (iOS 15.0.2). I've verified that the iPhone and the watch are listed in devices in the Apple developer center, although I did have to add the watch manually as it doesn't appear that Xamarin automatic provisioning picked it up.
I can install and run the iPhone app from Visual Studio just fine by clicking the run button but the watchOS app is not automatically installed. The watch app is visible in available apps, but clicking the 'install' button results in the "this app could not be installed..." error. Everything runs fine on the simulator if I choose the watchOS project in VS for Mac and run using the simulator. If try to run on my watchOS device installation fails with this error:
ApplicationVerificationFailed: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.3e2xzs/extracted/WatchOSApp.app : 0xe8008029 (The code signature version is no longer supported.)
error MT1006: Could not install the application '/Users/scottmetoyer/src/WatchApp/bin/iPhone/Debug/device-builds/iphone12.1-15.0.2/WatchApp.app' on the device 'iPhone': AMDeviceSecureInstallApplicationBundle returned: 0xe8008029.
Are there additional troubleshooting steps or logs I can review to figure out what's going on?
After iOS 15/WatchOS 8, it is mandatory to sign the applications using the latest signature format.
See: https://developer.apple.com/documentation/xcode/using-the-latest-code-signature-format
All your .app files must be properly signed by XCode 13. However, it seems that it is not signing the WatchOS .app files bundled inside the iOS app.
To verify it, you can use the following command:
codesign -dvvvvv YourApp.app
You must execute that command in every .app file in your bundle (iOS app, WatchOS app and WatchOSExtension appex)
If CodeDirectory v=20500 everything is fine.
If CodeDirectory is less than 20400, you must resign
If CodeDirectory is 20400 or greater, you must check the the hash list under Pages size.
If you're in the last case, you must resign your app if -5 entry contains a value and -7 is not present or is zero.
To resign your app you must unzip your latest ipa and execute se the following command:
codesign -s "Your Codesign Identity" -f --preserve-metadata --generate-entitlement-der /path/to/MyApp.app
You have to resign every .app in your bundle (iOS, WatchOS and WatchOSExtension).
Once all .app are signed, you must re-zip the /Payload folder to an ipa file.
To sum up:
unzip myApp.ipa -d ./signed
codesign -s "Your Codesign Identity" -f --preserve-metadata --generate-entitlement-der ./signed/Payload/MyApp.app/Watch/PlugIns/MyWatchAppWatchOSExtension.appex
codesign -s "Your Codesign Identity" -f --preserve-metadata --generate-entitlement-der ./signed/Payload/MyApp/Watch/MyWatchApp.app
./signed/Payload/MyApp.app/Watch/PlugIns/MyWatchAppWatchOSExtension.appex
codesign -s "Your Codesign Identity" -f --preserve-metadata --generate-entitlement-der ./signed/Payload/MyApp.app
cd signed
zip -q -r -y myApp-resigned.ipa ./Payload
Related
While setting up Appium on Mac, I am stuck at a point where we have got .app file to automate on an iphone simulator.
I am able to launch app which comes with .xcodeproj on Xcode.
But now I have an MyApp.app file to use on a Simulator. if I try to open a simulator using UDID it always open latest iOS version on Latest iPhone Simulator using this command:
open -a "Simulator" --args -CurrentDeviceUDID 8A63E11E-BEE4-4A1A-B77B-205D19A3DEE3
I need to open this on a specific iOS version on specific device then install MyApp.app on it. (also I am not able to get bundle id of app; not sure at which step I can do this)
Moreover, it Would be great if you can also share settings for Appium Inspector and where to fetch values from ?
I am trying to submit a macOS app built with Unity to the Mac App Store. I followed the instructions mentioned in the Unity documentation, Delivering your application to the Mac App Store.
I am able to run the Build command for macOS and get a .app bundle for my app. I am also able to launch it and it runs fine. However, after running the following codesign command (as mentioned in the linked document above), the app freezes upon launch and has to be force quitted. This is the codesign command line that I am running:
codesign -o runtime -f --deep -s '3rd Party Mac Developer Application: DEVELOPER NAME' --entitlements "GAMENAME.entitlements" "/AppPath/GAMENAME.app"
I have a paid (Individual) developer license with Apple, and have properly set up the certificates in keychain as mentioned in the document. I also managed to check that the app bundle was signed by running the command line:
codesign -dv --verbose=4 GAMENAME.app
Running the above command displays that it's signed with my 3rd Party Mac App Developer certificate.
I have tried looking for a way to export the Xcode project out from Unity app, so I can attempt to build and sign it with Xcode, but after searching the Web, I realized that Unity doesn't have support for exporting the Xcode project for macOS app yet (it can do the same for iOS).
I am running the current latest version of all the software, and the same are mentioned below:
macOS Catalina 10.15.1
Xcode 11.2.1
Unity 2019.2.13
My questions are:
What is it that may be going wrong?
What other avenues do I have?
I am looking for distributing the app exclusively via the Mac App Store for the time being. This is going to be a paid app (if that's relevant).
If you are building the .app from the command line (using Unity's command line invocation), try building from the editor instead.
Confirm you are not building a 32 bit-only binary.
Try removing -o runtime from your codesign command, this is the only part of your process that differs from mine, and mine works fine.
Otherwise, when uploading to the App Store, I believe Xcode will sign for you. While this will not be different from codesign, Xcode may check if you accidentally blocked or otherwise misconfigured running binaries signed by you on your particular machine. You should test on a different machine or macOS VM.
My app is not targeting yet the app store so i'm building using my Developer ID Application certificate
I'm building now by xcode 13.2 a Unity 2021.1.28f1 produced xcodeproj on macOS 11.6.2
The produced app bundle is notarized during Archiving it (so using the -o runtime switch implicitely) and
running seamlessly on macOS 11.6.2 even if no entitlements exception is used
freezing on macOS 10.15.7 till the "Allow Unsigned Executable Memory" (com.apple.security.cs.allow-unsigned-executable-memory) entitlements is not added during the build
So now the solution was for me to add com.apple.security.cs.allow-unsigned-executable-memory to the app entitlements
We've made a game with Unity 5, which runs without any problems on Mac OSX. But for the Mac OSX App Store from Apple, the game must be codesigned.
I've done that a lot of times in the past and there I didn't have problems. But I have made a clean install of OSX on the Mac a few weeks ago. I installed all the certificates and they seem to work. But I can't check in the terminal, which codesign commands I used in the past, and there maybe the problem...
In Unity I build the app with the Mac Appstore Validation.
Then I edit the info.plist, add the icons, create the entitlements-file (do all which was listed in several documents) and go to the terminal.
There I type in the directory of the app:
chmod -R a+xr “APPNAME.app"
codesign -f -v -s "3rd Party Mac Developer Application: COMPANY-NAME" "APPNAME.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib"
codesign -f --deep -s '3rd Party Mac Developer Application: COMPANY-NAME' --entitlements "APPNAME.entitlements" "APPNAME.app"
productbuild --component "APPNAME.app" /Applications --sign "3rd Party Mac Developer Installer: COMPANY-NAME" "APPNAME.pkg"
Everything works fine, even with the libmono.0.dylib. There I get the result that the existing codesigning will be replaced. I am not sure, but I had in mind, that we have codesigned 3 lines in the past, but we didn't have used any more Frameworks or Plugins now.
Then I test the pkg. I install it and was asked about the login-details and I login with a iTunesConnect testuser-account. The app will be installed and when I try to run it, it will be closed after a few seconds. Then something curious happens. I must login again with the testuser and after that the game starts without problem (without trying to start it again!)
I upload the pkg with the ApplicationLoader 3.1 (3.6 didn't work, because it says to me, that I can't submit an IPA-file, even it is a pkg, a lot have that problem and use an old version of the loader) and that worked too. But I got the result of Apple with the rejection: "...launched app and immediately stopped from launching." So they can't start it.
When I check the codesigned app with spctl -a -t exec -vv <APPNAME> I got the result:
<APPNAME>: rejected
...
But I didn't know where I've done the mistake?!
Does anyone has an idea of what I am doing wrong?
You mean in the savety case to recreate the certificates? I am sure, that I have done that when setup the Mac new, but if there can't happen any wrong, I can do it again for going sure...
Edit: I've created new certificates for that mac and try to codesign again. When I make the check with spctl -a -t exec -vv <APPNAME> I got the rejected again.
For the Mac OSX App Store I only need the certificates
3rd Party Mac Developer Application
3rd Party Mac Developer Installer
Mac OS Developer
And in the certificates (dev area at developer.apple.com) I have additional:
Mac App Distribution
Mac Installer Distribution
I have a Qt 5.4 application with Sparkle framework. Gatekeeper on Mac OS X 10.11 will display "unidentified developer" error after downloading from our server. After some researches (codesign --strict shows missing file in sparkle), I removed broken symbolic links in Sparkle framework. Then I rebuilt the app, the check with both codesign and spctl
codesign --verbose --deep --strict myapp.app
The result is:
myapp.app: satisfies its Designated Requirment
spctl --assess --type exec --verbose myapp.app
shows: accepted
next I built dmg image, install from image, the app runs without issue.
Then I uploaded dmg to server, and downloaded from our server. MD5 checksum matches.
However, after I drag and drop the app to /Applications folder, ran it, OS shows the application is corrupted and must be moved to trash.The same codesign command still returns "Satifies its Designated Requirements", but the same spctl command shows:
code has no resources but signature indicates they must be present
Just by downloading the app from our server, spctl output changed. I don't think it has anything to do with resources (the app does have resources) since the same build script has created a few releases without this error. the script does modify qt framework structure but that works on 10.10.
I built a new Mac OS 10.11, installed xcode 7.0.1, Qt 5.5, rebuilt the app (without the script to modify Qt framework structure in App bundle). Exact the same result: the app passes both codesign and spctl before upload, and failed with the same error after downloading.
In essence, after removing broken link in Sparkle framework, the app bundle changed from "unidentified developer" to "corrupted image".
Can someone tell me where it went wrong?
I am using Install4j Multi-Platform 5.1.3 on Windows XP and I am attempting to code-sign my bundle for Mac OSX (Mountain Lion). I have installed Apple's intermediate certificates on both Windows XP and mac. I have followed directions on obtaining certificates through Xcode organizer and keychain. I have attempted to use certificates for both installer and application.
After I build I move the .dmg file to the mac and open it. I copy the .app file to another location in order to execute:
codesign -vvv -d myapp.app
It reports the message:
myapp.app: CSSMERR_TP_NOT_TRUSTED
I'm getting closer to a solution. It turns out that where install4j5 is installed there is a resource\macos\certs. This folder contains the Apple root certificate and Developer ID certificate. I deleted those and updated them from http://www.apple.com/certificateauthority/.
After my build CSSMERR_TP_NOT_TRUSTED is no longer being reported. Instead, it is the certificate info.
Now when I install with safari (using Gatekeeper) it is reporting "can't be opened because it is from an unidentified developer." Before with CSSMERR_TP_NOT_TRUSTED, gatekeeper was reporting that the file was damaged.