I have a Xamarin Forms application that supports Android and iOS. I've generated Jenkins builds to compile them. All of the Android builds work. The iOS Debug build compiles fine. The Ad-Hoc build, however, fails to build completely for an iPhone target. It appears to be failing during codesigning. It works if I target the iPhoneSimulator, but if I target iPhone device it fails.
Tool /usr/bin/codesign execution started with arguments: -v --force --sign 81088F8E194139DC4C6CE640716944E41FB0709F --entitlements "/Users/Shared/Jenkins/.jenkins/workspace/{project path}/obj/iPhone/Ad-Hoc/Entitlements.xcent" --deep "/Users/Shared/Jenkins/.jenkins/workspace/{project path}/bin/iPhone/Ad-Hoc/AppName.app"
bin/iPhone/Ad-Hoc/AppName.app : error : /Users/Shared/Jenkins/.jenkins/workspace/{project path}/bin/iPhone/Ad-Hoc/AppName.app: unknown error -1=ffffffffffffffff [/Users/Shared/Jenkins/.jenkins/workspace/{project path}/iDriverMobile.iOS.csproj]
If I open up the Solution in Visual Studio, right in the Jenkins workspace folder so it's using the exact same files, then compilations works fine, which is really frustrating.
Looking at differences between the two outputs, it seems that the working build (from Studio) has AOT output for all of the assemblies that looks like this:
Mono Ahead of Time compiler - compiling assembly /Users/Shared/Jenkins/.jenkins/workspace/{project path}/obj/iPhone/Ad-Hoc/mtouch-cache/32/Build/OpenNETCF.Google.Analytics.dll
The failing build has none of those. Instead, it has a couple lines that look like this:
MTOUCH : warning MT0095: Aot files could not be copied to the destination directory /Users/Shared/Jenkins/.jenkins/workspace/{project path}/obj/iPhone/Ad-Hoc/mtouch-cache/64/Build/Msym/Msym/tmp: Could not start process. [/Users/Shared/Jenkins/.jenkins/workspace/{project path}/AppName.csproj]
The worst part of all of this is that these builds did work, but then I restarted the Mac Mini that Jenkins is running on and things went downhill. I can't figure out what the difference is between what Studio is doing and the command line call to msbuild. They both point to the same binaries.
Additional Information
This still fails with the latest updates as of today (5/24/17). This is the environment:
Mac OS X 10.12.5
List item
XCode 8.3.2
Xamarin.iOS 10.10.0.36
Visual Studio 2017 Community for Mac 7.0.1 (build 24)
Mono 5.0.1.1
What doesn't fix it:
Creating a new Jenkins build
Changing the Jenkins workspace path
Opening up permissions (777) to the entire Jenkins folder
Enabling LLVM
Disabling all linking
Completely uninstalling and re-installing Jenkins
Using xbuild instead of msbuild
Swearing a lot
My middle finger
Try to delete the derived data folder in DerivedData of your app. It looks like YourAPP_ dasfdsfsdafdsasfdsaf, according to this from Apple Developer Forum.
The DerivedData data folder is located at ~/Library/Developer/Xcode/DerivedData/
If this does not work, all the symptoms point to a signing certificate (also called, signing identity) issue.
It seems like when it was compiled from command line, /usr/bin/codesign can not access signing identity 81088F8E194139DC4C6CE640716944E41FB0709F. It could be many different reasons, unfortunately:
keychain was locked
codesign is not allowed to access the signing
identity.
multiple identities exist in keychain and wrong signing
identity was selected
Wrong provision
profile was matched for Ad Hoc build.
Try to add following code snippets before running msbuild, assuming your signing identity is in keychain ~/Library/Keychains/login.keychain:
security unlock-keychain -p <password> ~/Library/Keychains/login.keychain
security set-keychain-settings -l -u -t 3600 ~/Library/Keychains/login.keychain
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k -p <password> ~/Library/Keychains/login.keychain
It is not a good idea to have keychain password stored in the build script, you can follow this guide to hide them.
Related
Steps I made:
Created a new blank Xcode Project for my MacOS Application
created .travis.yml file for CI setup
pushed unedited Xcode Project to my GitHub repo
Travis started to build my Project but it throw an Error:
No signing Certificate "Mac Development" found: No "Mac Development" signing Certificate matching ID "XXXXX" with a private key was found
My .travis.yml:
os: osx
language: swift
osx_image: xcode11.3
script: xcodebuild clean build test -project MyApp.xcodeproj -scheme "MyApp" -sdk "macOS 10.15" -destination "platform=macOS" ONLY_ACTIVE_ARCH=NO
I tried the trick with disable Code-Signing at all (https://stackoverflow.com/a/54296008) but thats more like a hack. But I want a clean solution.
However Xcode signs my Code but Travis doesn't. How can I let sign my MacOS App on Travis CI too?
Btw: I only have a free Apple Developer Account, so I can't download certificates from https://developer.apple.com
Builds signed with free Apple Developer Accounts won't run on machines that aren't connected to your developer account. You will need a Paid Developer account to sign software using either Developer ID (outside of the app store) or for the App Store.
That said, for macOS (but not iOS/tvOS/etc), your binary built with CI can be run by somebody who downloads it to a machine with Gatekeeper disabled (prior to 10.15 only and not recommended), or by using the File > Open command or the context menu's Open command to launch the application (with a warning).
It's fairly common in CI environments to build without signatures and then add the signature later (this prevents accidental shipment of a binary that hasn't been through final testing, for example, or allows the company to limit who can build official binaries and under what circumstances).
To be clear, without the signing certificate and key, you cannot sign the Application.
Ever since updating (against my will) to Xcode 11, I'm getting this error when I try to build my project:
CodeSign /Volumes/HDD/OpenFrameworks/of_v0.9.8_osx_release/apps/plus-pool-light/pplight-ofx-098/bin/pplight-ofx-098Debug.app (in target 'pplight-ofx-098' from project 'pplight-ofx-098')
cd /Volumes/HDD/OpenFrameworks/of_v0.9.8_osx_release/apps/plus-pool-light/pplight-ofx-098
export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
Signing Identity: "-"
/usr/bin/codesign --force --sign - --entitlements /Volumes/HDD/OpenFrameworks/of_v0.9.8_osx_release/apps/plus-pool-light/pplight-ofx-098/build/pplight-ofx-098.build/Debug/pplight-ofx-098.build/pplight-ofx-098Debug.app.xcent --timestamp=none /Volumes/HDD/OpenFrameworks/of_v0.9.8_osx_release/apps/plus-pool-light/pplight-ofx-098/bin/pplight-ofx-098Debug.app
/Volumes/HDD/OpenFrameworks/of_v0.9.8_osx_release/apps/plus-pool-light/pplight-ofx-098/bin/pplight-ofx-098Debug.app: code object is not signed at all
In subcomponent: /Volumes/HDD/OpenFrameworks/of_v0.9.8_osx_release/apps/plus-pool-light/pplight-ofx-098/bin/pplight-ofx-098Debug.app/Contents/Frameworks/GLUT.framework
Command CodeSign failed with a nonzero exit code
I've tried cleaning my project, resetting my login keychain, and restarting my computer, but I still get this error... what to do?
I am building an OSX App using OpenFrameworks, not an iOS App. When I build it in Xcode 10.3 works fine with no errors.
The parts of this question that are unique is that this is for Xcode 11, not 10, and none of the answers for that other question worked for me!
I've resolved the same exact problem by:
Add --deep to the "Other Code Signing Flags" in the "Build Settings".
In the "Signing & Capabilities" of your target click on "+ Capability" in the top left corner and choose "Hardened Runtime".
Then turn on "Disable Library Validation" in the list.
I don't really know if there's any drawbacks by using this capability, however my application compiles and works fine both on macOS and iOS.
You can get this error if you have added a folder to your project as a 'folder reference' (the project will have a blue folder logo in Xcode)
Remove the folder (Trash)
Add folder and select 'Create Groups' instead of 'Folder Reference' at the dialog
Add Folder Dialog
I got the same error after I upgraded to XCode-11 this morning. Builds in the simulator but not on device.
This thread helped fix the issue which I summarized below.
https://stackoverflow.com/a/52628909/9286768
Open keychain access.
Lock the 'login' keychain. (right clicking on "login" in the upper left
panel)
Unlock it, enter your PC account password.
Clean Project in the product menu.
Build it Again.
I fixed this by adding --deep to Other Code Signing Flags in the Build Settings > Signing
I had the same issue for all my Carthage Frameworks, the solution is:
Under Target-> [AppName] -> General -> "Frameworks, Libraries and
Embedded Content"
Select "Do Not Embed" for the option next to the problematic
framework.
More info are in this thread
NOTE: this might not fully solved the issue, never forget to try clean the project, restart Xcode even restart Mac sometimes.
I solved the problem as follows:
After adding 2 ".png" files, Xcode (Version 13.2.1 (13C100)) would not compile anymore. I integrated these 2 files in a .rtf file (generated from Xcode) and I succeeded in compiling again. That's how it goes.
I fixed the problem by making sure the Code Signing Identity in Build Settings was correct - not just general Apple Development and then cleaned the Build Folder in in the Product Menu. When I ran it again it built without error.
I resolved a similar error in Xcode 13 by only changing my Base SDK to the latest SDK (i.e. iOS 15).
Ive been trying to create a build of my program signed with my mac developer ID but i keep getting the error message "Multiple binaries share the same codesign path". I have checked the code signatures on each of the attached frameworks using the codesign terminal ultity and there doesnt seem to be any codesigning issues.If it helps the frameworks which seem to causing the problem are SDL2, SDL2_image, SDL2_mixer and SDL2_ttf. Also i am running Xcode 6.1.1 on yosemite 10.10.2
Open your Archive folder and delete all previous built version before your code signing was made. Try again after.
When compiling my application I'm getting the following error:
CodeSign /Users/pupeno/Library/Developer/Xcode/DerivedData/ProjectX-cynmgyozflnwbpamwnpsnhgshuyq/Build/Products/Debug/Project\ X.app
cd /Users/pupeno/Projects/ProjectX
export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
Signing Identity: "Mac Developer: José Fernández (G4PM7K38JH)"
/usr/bin/codesign --force --sign A21FB31766DDCBB28FBB4E4DD86E3743024A45F3 --entitlements /Users/pupeno/Library/Developer/Xcode/DerivedData/ProjectX-cynmgyozflnwbpamwnpsnhgshuyq/Build/Intermediates/ProjectX.build/Debug/App.build/Project\ X.app.xcent --requirements =designated\ =>\ anchor\ apple\ generic\ \ and\ identifier\ \"$self.identifier\"\ and\ ((cert\ leaf[field.1.2.840.113635.100.6.1.9]\ exists)\ or\ (\ certificate\ 1[field.1.2.840.113635.100.6.2.6]\ exists\ and\ certificate\ leaf[field.1.2.840.113635.100.6.1.13]\ exists\ \ and\ certificate\ leaf[subject.OU]\ =\ \"XHT4M2DATL\"\ )) /Users/pupeno/Library/Developer/Xcode/DerivedData/ProjectX-cynmgyozflnwbpamwnpsnhgshuyq/Build/Products/Debug/Project\ X.app
/Users/pupeno/Library/Developer/Xcode/DerivedData/ProjectX-cynmgyozflnwbpamwnpsnhgshuyq/Build/Products/Debug/Project X.app: code object is not signed at all
In subcomponent: /Users/pupeno/Library/Developer/Xcode/DerivedData/ProjectX-cynmgyozflnwbpamwnpsnhgshuyq/Build/Products/Debug/Project X.app/Contents/Frameworks/Paddle.framework
Command /usr/bin/codesign failed with exit code 1
I'm using two frameworks, Paddle and Sparkle and they are configured to sign on copy:
Looking for a solution to this problem I found many recommendations to do a --deep sign, which is officially discouraged by Apple (Using the codesign Tool's --deep Option Correctly).
I also found the article Code Signing and Mavericks which also explains that using --deep is wrong and offers an alternative: using a script to generate signatures for each framework. I think this is something that was needed before Xcode had the option to sign on copy, but I gave it a try anyway. It made no difference, I still get the same error. Looking at the logs, the bundles are getting signed with the "Sign on copy" option, so, adding that script caused them to get signed twice.
My code signing identity is configured as follows for the whole project and each target just inherits it:
I understand that's not the appropriate signature for Release, but for now, we are just trying to get this to build and run locally.
Any ideas what's wrong? Any ideas how to fix it?
I understand that
For me I had to go to the Project build settings and set Other Code Signing Flags to --deep. The problem was that my framework in the project was not signed.
For All who still are facing this issue, Please make sure 'Product Name' in build setting matches with 'Executable file' set in info.plist.
Generally when we duplicate exiting code, we simply change either product name or Executable file, and this mismatched creates a issue.
The problem was that the Framework, Paddle.framework, became corrupt. The symlinks were resolved to the files they were pointed to, so, compilation worked just fine, but signing didn't.
Re-downloading the framework and copying it into the project fixed the problem.
For me the solution was to re-Add a resource folder (checking Create groups instead of create folder references).
Adding ANOTHER thing to check if you get this error:
In the Build Phases pane for your Project's application target, make sure the Embed Frameworks phase comes before the Link Binary With Libraries phase:
I'm running macOS 11.2.3 and Xcode 12.4.
An Aside:
It's utterly ridiculous how fragile and broken code-signing remains. It's 2021 and this post alone has 87 different "fixes" to solve the same damn error message. There's just no excuse for wasting developers' time like this. Fix your IDE, Apple.
For me this problem was resolved by a simple "clean build folder" action, keyboard shortcut: shift+option+command+K.
I'll admit codesigning is still a black art to me, but in Xcode 6 I found that removing all of my signing scripts (which were necessary in Xcode 5, along with --deep flags) and additional signing flags, and just using the "codesign on copy" option in the Framework's Copy Files phase of the build worked flawlessly for me.
For me, it turned out that I had inadvertently added a bash build script to the target. Making sure I had no sneaky scripts accidentally copied into the target fixed the issue.
Product -> Cleanup build folder
Build/Compile project
for me, one of the frameworks I was including, had another of the frameworks marked as "embed and sign"... which you can't do... only the app should be doing that.
marking the grandchild framework as "do not embed" in the child framework, removed this issue.
I faced this problem after adding fastlane to upload screenshots to App Store Connect automatically. I had to remove fastlane from the project and clean the build folder to make it work again.
Using CocoaPods in the project it helped me to go to the Pods project, select a problem framework and set the correct developemtn team on Signing & Capabilities page or Build settings with All levels set.
In my case I both had a subproject and a subproject of that subproject (i.e. a sub-subproject) to which I had added the same Swift package dependency. Keeping it in the sub-subproject and removing it from the subproject solved the issue.
As shown by the number of answers here the causes for the error can be many.
In my experience building a complex project with multiple level of Frameworks, Static libraries from Swift packages and Pods you should follow these rules:
A Framework can't embed and sign another framework: only and App can do that.
A Framework can use a static library (from a Swift Package for instance) but the library must be present only in the Framework and not in the main App. If the same library is embedded in both Framework and main App, in some unknown circumstances, this error occurs.
Be sure to clean the build folder after each change to frameworks and library structure/embed
Until now, all of my experience compiling PhoneGap apps has been via the excellent PhoneGap:Build service. However, I now find myself in a situation where I need to compile locally, because I need to use a plugin that includes a binary file, which precludes it from being included for use with PG:B.
So for these reasons, I need to compile locally. "Great!" I thought, I'll just use the new CLI...
I have developed my app, and I can test it on-device via deploy over USB from Xcode, but trying to get a release build, and sign it, with the provisioning profile embedded, has been a nightmare.
For completeness, this is the basic outline of everything I've done, aside from the app development itself.
$ pwd
/users/adam/dev/myapp/mobile/
$ cordova create build_local com.foo.bar MyApp
Creating a new cordova project with name "MyApp" and id "com.foo.bar" at location "/Users/adam/DEV/myapp/build_local"
$ cd build_local
$ cordova platform add ios
Creating ios project...
$ cordova platform add android
Creating android project...
Creating Cordova project for the Android platform:
Path: platforms/android
Package: com.foo.bar
Name: MyApp
Android target: android-19
Copying template files...
<snip>
Project successfully created.
$ cordova plugin add https://github.com/hazemhagrass/BackgroundJS
Fetching plugin "https://github.com/hazemhagrass/BackgroundJS" via git clone
Installing com.badrit.BackgroundJS (android)
Fetching plugin "https://github.com/apache/cordova-plugin-device.git" via git clone
Installing org.apache.cordova.device (android)
Installing com.badrit.BackgroundJS (ios)
Installing org.apache.cordova.device (ios)
$ cordova plugin add de.appplant.cordova.plugin.local-notification
Fetching plugin "de.appplant.cordova.plugin.local-notification" via plugin registry
Installing de.appplant.cordova.plugin.local-notification (android)
Installing de.appplant.cordova.plugin.local-notification (ios)
$ cordova plugin add https://github.com/kdzwinel/phonegap-estimotebeacons
Fetching plugin "https://github.com/kdzwinel/phonegap-estimotebeacons" via git clone
Installing pl.makingwaves.estimotebeacons (android)
Installing pl.makingwaves.estimotebeacons (ios)
For what it's worth, this last plugin is the reason that I have to compile locally.
Now, here's one other potential monkey wrench: This app is actually two apps. It's the same core codebase, merged into two different deployment branches of the repo, one for each client. So each app will have its own id, name, and config stuff. Because of this, I actually have more than one cordova project folder (1 for each final app) and after creating each project through the steps above, I remove the generated www folder and replace it with a symlink to the shared www folder that exists outside of these phonegap project directories.
This is supported behavior; the CLI allows you to generate your app with a symlink via the --link-to flag (see cordova help create for details). However, doing so seems to have issues; so I've resorted to doing all of the app config up front and then replacing the generated www folder with a symlink after everything is ready to compile.
At this point, I can deploy to either the iOS simulator or Android emulator, and I can deploy to devices over USB, and everything works just fine; all of my plugins are available and function as expected. So I'm ready to compile a release build. Android is easy. iOS, not so much.
$ cordova build ios
<snip>
** BUILD SUCCEEDED **
However, this is a DEV build. The generated file is in the build/emulator/ folder, and when I attempt to sign it, I'm told that it's not signed because of the I386 architecture (which indicates that it's a development build).
$ xcrun -sdk iphoneos PackageApplication -v "platforms/ios/build/emulator/MyApp.app" -o "/users/adam/dev/myapp/MyApp.ipa" --sign "iPhone Distribution: {our cert name} ({our cert id})"
<snip>
Codesign check fails : platforms/ios/build/emulator/MyApp.app: code object is not signed at all
In architecture: i386
<snip>
I've attempted to generate a release build from the cordova CLI. I haven't been able to find the --release flag documented anywhere, but the CLI doesn't complain, and it usually does if it doesn't recognize a flag.
$ cordova build ios --release
<same result as previously>
Attempting to sign this build results in the same problem.
At this point, I started attempting to work directly in Xcode. I've set the .mobileprovision file and the signing credentials up appropriately, to the best of my knowledge:
With these values set, Xcode no longer allows me to build:
So I'm stuck: I have no choice but to build locally, and I can't figure out how to get it to build for release and sign! Please help!
Additionally, if I attempt to embed a provisioning profile, that fails because of an issue with entitlements. I'm not exactly sure what this means, but I'm hopeful that it's a result of working with a dev build, and resolving that will resolve this as well.
$ test -e ~/.ios/DEV.mobileprovision && echo exists
exists
$ xcrun -sdk iphoneos PackageApplication -v "platforms/ios/build/emulator/MyApp.app" -o "/users/adam/dev/myapp/MyApp.ipa" --embed "~/.ios/DEV.mobileprovision"
<snip>
error: Failed to read entitlements from '/var/folders/zs/j2hmt69n12sbjm6gyn0m_q4c0000gn/T/tyYvYPQKf3/Payload/MyApp.app'
Update 1:
This SO question helped in one regard. I don't know how the active scheme (I'm not really sure what that means, but that's the tooltip when I hover over the control) got changed as part of specifying keys/etc, but clearly it did. Changing this back to an iOS Device, like iPhone, allows me to build my project, and even Archive (which, to the best of my understanding, means it's creating the .ipa file I need to submit to the app store), but I can't find the archived file. Where should it be? Can I define this in a setting somewhere in Xcode?
Update 2:
By fiddling with certificates and provisioning profiles I've finally been able to create an archive from Xcode, which I've been told is a release build (is it?). Ideally I would like to be able to build from the command line so that I can automate it as much as possible, so that's where I'll be picking up in the morning. Any advice on that front would be quite welcome!
If you managed to create an archive in Xcode, then your signing certificate and provisioning profiles are known to Xcode, so cordova build ios --release --device should make it.
The steps are:
1) Import your iOS developer certificate for production to the keychain by downloading and double clicking on it in Finder (or get it via Xcode)
2) Download your provisioning profile (with the App ID set to the id attribute of the widget element in config.xml) and double click it on Finder so it goes to the Xcode provisioning profile store
3) cordova build ios --release --device
it looks like you're trying to sign the app with a wildcard provisioning profile (the XCode screenshot). Can you try creating and downloading a distribution certificate and provprofile to your Mac? Then import the .cer file in the keychain access app (doubleclicking should suffice) and doubleclick the provprofile as well.
Now you should be able to select the appropriate values from the release dropdowns in the XCode build settings.
Hope this helps somewhat...
Eddy
One other issue I am seeing from your screenshot is I don't think you can Build an Archive (Release) version using the Developer Signing Idenetity, you would need to create a Distribution certificate and use that one for the Release (Archive) version.