A sealed resource is missing or invalid - macos

I'm trying to deploy my game made with Unity on Mac Store, but got this error during the validation process. I don't know how to correct. Do you have any ideas please ?
Invalid Signature - The main app bundle Kissoro at path Kissoro.app
has following signing error(s):
--prepared:/Volumes/data01/app_data/dstr/mz_8224354388357841556dir/mz_8662652241696651587dir/com.masseka.game.studio.Kissoro.pkg/Payload/Kissoro.app/Contents/Frameworks/libcrypto.dylib
--validated:/Volumes/data01/app_data/dstr/mz_8224354388357841556dir/mz_8662652241696651587dir/com.masseka.game.studio.Kissoro.pkg/Payload/Kissoro.app/Contents/Frameworks/libcrypto.dylib
--prepared:/Volumes/data01/app_data/dstr/mz_8224354388357841556dir/mz_8662652241696651587dir/com.masseka.game.studio.Kissoro.pkg/Payload/Kissoro.app/Contents/Frameworks/libssl.dylib
--validated:/Volumes/data01/app_data/dstr/mz_8224354388357841556dir/mz_8662652241696651587dir/com.masseka.game.studio.Kissoro.pkg/Payload/Kissoro.app/Contents/Frameworks/libssl.dylib
--prepared:/Volumes/data01/app_data/dstr/mz_8224354388357841556dir/mz_8662652241696651587dir/com.masseka.game.studio.Kissoro.pkg/Payload/Kissoro.app/Contents/Frameworks/Mono/MonoEmbedRuntime/osx/libmono.0.dylib
--validated:/Volumes/data01/app_data/dstr/mz_8224354388357841556dir/mz_8662652241696651587dir/com.masseka.game.studio.Kissoro.pkg/Payload/Kissoro.app/Contents/Frameworks/Mono/MonoEmbedRuntime/osx/libmono.0.dylib
--prepared:/Volumes/data01/app_data/dstr/mz_8224354388357841556dir/mz_8662652241696651587dir/com.masseka.game.studio.Kissoro.pkg/Payload/Kissoro.app/Contents/Frameworks/Mono/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib
--validated:/Volumes/data01/app_data/dstr/mz_8224354388357841556dir/mz_8662652241696651587dir/com.masseka.game.studio.Kissoro.pkg/Payload/Kissoro.app/Contents/Frameworks/Mono/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib
/Volumes/data01/app_data/dstr/mz_8224354388357841556dir/mz_8662652241696651587dir/com.masseka.game.studio.Kissoro.pkg/Payload/Kissoro.app:
a sealed resource is missing or invalid . Refer to the Code Signing
and Application Sandboxing Guide at
http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html
and Technical Note 2206 at
https://developer.apple.com/library/mac/technotes/tn2206/_index.html
for more information.

All you have to do is to manually codesign every file in Contents/Frameworks and Contents/Plugins directories inside .app file and to delete all .meta files inside your plugin. After U do these steps, You codesigned once more the whole .app file and create a package which You can uploaded on iTunes Connect without warning mentioned above.
More info: https://forum.unity.com/threads/signing-mac-app-on-os-x-mavericks.206762/

Related

Relative framework paths, the Hardened Runtime and Notarization

After successfully notarizing my app around a dozen times and it working just fine, it now goes through notarization without a hitch and then crashes on launch with:
Dyld Error Message:
Library not loaded: #loader_path/../Frameworks/ShortcutRecorder.framework/Versions/A/ShortcutRecorder
Referenced from: /Applications/Vitamin-R 3.app/Contents/MacOS/Vitamin-R 3
Reason: no suitable image found. Did find:
/Applications/Vitamin-R 3.app/Contents/MacOS/../Frameworks/ShortcutRecorder.framework/Versions/A/ShortcutRecorder: code signing blocked mmap() of '/Applications/Vitamin-R 3.app/Contents/MacOS/../Frameworks/ShortcutRecorder.framework/Versions/A/ShortcutRecorder'
/Applications/Vitamin-R 3.app/Contents/MacOS/../Frameworks/ShortcutRecorder.framework/Versions/A/ShortcutRecorder: code signing blocked mmap() of '/Applications/Vitamin-R 3.app/Contents/MacOS/../Frameworks/ShortcutRecorder.framework/Versions/A/ShortcutRecorder'
/Applications/Vitamin-R 3.app/Contents/MacOS/../Frameworks/ShortcutRecorder.framework/Versions/A/ShortcutRecorder: stat() failed with errno=1
file system relative paths not allowed in hardened programs
Thing is I'm not sure where exactly the runtime path for a framework is determined.. I keep the framework in ~/Libary/Frameworks/ on my development machine, but then it's copied into the app bundle and I'm not quite sure what determines the path at runtime..
Any help would be appreciated.
This could be a codesign certificate issue... Fix it by:
Open Keychain Access: My Certificates > "Right Click" Certificate > get info > Trust > When using this certificates > Use System Defaults
I had exactly the same issue. The solution was to add the framework to the 'Copy Files' build step as well. There you can define the destination to 'Frameworks'.

What's different between open App.app file and App.app/contents/MacOS/Electron on MacOS?

I have an electron application.It is an updater with download another application and toolchain.I can't open it with open Updater.app.However, I can use Updater.app/contents/MacOS/Electron to open it.
Here is the log:
Non-fatal error enumerating at <private>, continuing: Error Domain=NSCocoaErrorDomain Code=260 "未能打开文件“PlugIns”,因为它不存在。"
UserInfo={
NSURL=PlugIns/ -- file:///private/var/folders/xn/08sc_nts0n11yyw_3ddlngdh0000gn/T/AppTranslocation/A0F3B185-B4AB-4CC8-A3C5-86DAA22043D5/d/Updater.app/Contents/,
NSFilePath=/private/var/folders/xn/08sc_nts0n11yyw_3ddlngdh0000gn/T/AppTranslocation/A0F3B185-B4AB-4CC8-A3C5-86DAA22043D5/d/Updater.app/Contents/PlugIns,
NSUnderlyingError=0x7fd1d2d13fe0 {Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"}
}
I would like to know the difference between Updater.app and Updater.app/contents/MacOS/Electron.
Updater.app is a macOS App Bundle. App Bundles are Apple's way of packaging a program - each one is basically just a folder containing an executable program and all the configuration files, helper executables, images, shipped libraries, and other resources the program needs to run.
In your case, Updater.app/Contents/MacOS/Electron is probably the main executable of the app - <App>/Contents/MacOS/ is usually the location of an App Bundle's main executable.
For further reading, look over this answer which further explains the general concept of a macOS App Bundle.

Xcode 10, WatchKit app and distribution error ITMS-90334 with com.apple.wk

I have a project with WatchKit app inside.
It used to work smooth with Xcode 8 and Xcode 9 with automatic signing and distribution. Xcode 10 broke something.
What I have at the moment is this
The main point here is "com.apple.wk"
It has been added somewhere at the re-signing stage by the organizer as far as I can understand.
I checked my project quadriple and I'm 100% sure it doesn't contain "com.apple.wk" string anywhere.
I switched to manual signing. Created new iOS Distribution certificate. Generated 3 Provision profiles with the correct bundles for app, watch app, watchapp extension. The same error is here.
I tried to clean the project, open\close Xcode, reboot the system. No luck.
I'm unable to dilever my IPA to iTunes with the error above.
I tried to export IPA and distribute it with Application Loader. No luck.
The only one place I found "com.apple.wk" string was in packaging log
2018-09-21 06:54:33 +0000 /var/folders/gg/jxvtgf9n07s9m0z_vzqlx0c00000gn/T/XcodeDistPipeline.4mX/Root/Payload/myApp.app/Watch/myApp Watch App.app: replacing existing signature
2018-09-21 06:54:34 +0000 /var/folders/gg/jxvtgf9n07s9m0z_vzqlx0c00000gn/T/XcodeDistPipeline.4mX/Root/Payload/myApp.app/Watch/myApp Watch App.app: signed app bundle with Mach-O universal (armv7k (33554444:1)) [com.apple.WK]
the same time main app and extension have resigned with the correct bundle ids
2018-09-21 06:54:34 +0000 /var/folders/gg/jxvtgf9n07s9m0z_vzqlx0c00000gn/T/XcodeDistPipeline.4mX/Root/Payload/myApp.app: replacing existing signature
2018-09-21 06:54:34 +0000 /var/folders/gg/jxvtgf9n07s9m0z_vzqlx0c00000gn/T/XcodeDistPipeline.4mX/Root/Payload/myApp.app: signed app bundle with Mach-O universal (armv7 arm64) [com.myAppBundleName]
&
2018-09-21 06:54:33 +0000 /var/folders/gg/jxvtgf9n07s9m0z_vzqlx0c00000gn/T/XcodeDistPipeline.4mX/Root/Payload/myApp.app/Watch/myApp Watch App.app/PlugIns/myApp Watch App Extension.appex: signed bundle with Mach-O universal (armv7k (33554444:1)) [com.myAppBundleName.watchkitapp.watchkitextension]
Any ideas how to deliver my app are greatly appreciated.
There are two options:
a.
Open EACH target of your project and change Architectures to $(ARCHS_STANDARD)
clean build folder and try to upload as usual. This should allow you to send it automatically via organizer as usual.
b. If above does not work try next:
Click "Archive" with XCode and get xcarchive file
Open archive in Finder
Start distributing to App Store archive through organizer distribute button
Got the error above
Export created ipa file
Open packaging.log file from the export directory
Search for "com.apple.wk" string to find one
Analyze and play a lot with the codesign request from packaging log here it is
/usr/bin/codesign '-vvv' '--force' '--sign' 'B5152DB7C8BC97C444D44341275F5E1B3336BA3B' '--entitlements' '/var/folders/gg/jxvtgf9n07s9m0z_vzqlx0c00000gn/T/XcodeDistPipeline.vsk/entitlements3uMHR5' '--preserve-metadata=identifier,flags,runtime' '/var/folders/gg/jxvtgf9n07s9m0z_vzqlx0c00000gn/T/XcodeDistPipeline.vsk/Root/Payload/myApp.app/Watch/myApp Watch App.app'
Figure out that if i remove this '--preserve-metadata=identifier,flags,runtime' and rerun this code in bash all is going well and binary is signed with the correct bundle id and not with this com.apple.wk
Copy this signed embedded (the path you are able to find in this request above) watch app binary into the xcarchive file created on the first step with replacing the old one.
Start distributing it back with organizer to App Store
Voila it has been uploaded.
Hope it will help someone.

Unzip/zip ipa file causes install problems

I have been wrestling with resigning an iOS app (ipa file) provided by a third party. As documented in many other places I am following the process:
unzip
copy embedded.mobileprovision
codesign
zip
Sometimes it works and sometimes it doesn't. The same file will load sometimes and not others. In trying to isolate the problem I have simply unzipped the ipa, then rezipped it. The new ipa file is slightly different to the original but everything inside the original and the new ipa is identical. When I try to install the new ipa file it fails with:
Could not install application on device. Error: A signed resource has been added, modified or deleted.
Looking in the console log of the device I get the following messages:
iPad1 installd[843] : 00403000
verify_signer_identity: Could not copy validate signature: -402620393
iPad1 installd[843] : 00403000
preflight_application_install: Could not verify executable at
/var/tmp/install_staging.VEviVe/BlahBlahBlah.app
iPad1 installd[843] : 00403000
install_application: Could not preflight application install
iPad1 mobile_installation_proxy[876] :
handle_install: Installation failed
Given that nothing inside the ipa file has changed, which is where I thought all the signing information was, why won't the rezipped file install?
Some more info, the error above occurs installing the rezipped ipa file using the iPhone Configuration Utility running under Windows. The rezipped ipa file installs using iTunes but gives the following errors in the console log for the device:
iPad1 installd[918] : entitlement 'aps-environment' has value
not permitted by a provisioning profile
iPad1 installd[918] : entitlement 'application-identifier' has
value not permitted by a provisioning profile

can't share an archive in Xcode due to missing icon\r file

I put my Xcode project within my dropbox folder and now it seems like every time i try to share my archive from within the organizer it keep giving me the following error:
error: Codesign check fails : /var/folders/7l/l93zzs6n4h14qb7rmj5r7zn00000gn/T/GtLyx05w1O/Payload/stryker.app: a sealed resource is missing or invalid
In architecture: armv6
resource added: /private/var/folders/7l/l93zzs6n4h14qb7rmj5r7zn00000gn/T/GtLyx05w1O/Payload/stryker.app/www/Icon
resource missing: /private/var/folders/7l/l93zzs6n4h14qb7rmj5r7zn00000gn/T/GtLyx05w1O/Payload/stryker.app/www/Icon
I believe this error is caused by the fact that Xcode can see the icon/r file associated with drop box.
Is there a way i can delete this file?
I was able to share my archive after I deleted the icon\r file. Please refer to the following post for more info
https://apple.stackexchange.com/questions/31867/what-is-icon-r-file-and-how-do-i-delete-them/31877#31877

Resources