I am trying to distribute a version of my Mac app outside the Mac App Store. I have duplicated my target, signed it with "Developer ID", removed iCloud capabilities, created a new entitlements file in which I removed the iCloud and APS entitlements and referenced this in the new target. The target builds and archives just fine, but when I attempt to validate it using "Validate a Developer ID-signed Application", I run into an error:
Just before the validation step, there is this screen:
So the app bundle has the correct number of entitlements, but the "A" folders are showing a different number, and do indeed contain the com.apple.developer.aps-environment entitlement. Where is this coming from, why is it different from the app's specified entitlements file, and how do I go about editing it?
EDIT: adding target's code-signing settings in Xcode, if that helps:
have you checked your app before=hand with using :
spctl -v -a ./myPath/To/MyApp
-v = verbosity
and -a = assess
That will check pretty much most things before presenting it to Apple.
On top of that, have you checked that your signing settings are correct?
Could you post the settings to us so we could see?
Cheers,
A
Related
I'm trying to submit a Mac Catalyst app for the first time, but the upload keeps failing with this error message:
ERROR ITMS-90283: "Invalid Provisioning Profile. The provisioning profile included in the bundle maccatalyst.com.arlomedia.setlistmaker [maccatalyst.com.arlomedia.setlistmaker.pkg/Payload/SetListMaker.app] is invalid. [Invalid 'com.apple.application-identifier' entitlement value.] For more information, visit the macOS Developer Portal."
This happens if I manually or automatically sign the app. With manual signing, I have a new macOS App Store provisioning profile that I created as a Mac Catalyst profile using the associated iOS app ID. This shows as valid in the provisioning portal, and I can build (archive) the app just fine with this profile selected:
When I go through the submission process in the Xcode organizer, I have to "Import" the provisioning profile every time (I downloaded the provisioning file, and just select the downloaded file here), which is odd:
But after I select the file, I can click its info icon and everything looks correct:
Then I proceed with the upload, and when the progress bar reaches the end, the error appears and the submission fails.
The error message indicates something is wrong with the application-identifier, but I've checked this everywhere I can find it and it looks correct. I'm using automatically derived bundle IDs, which prefixes "maccatalyst" onto my iOS bundle ID. In some places where this appears, the ID is also prefixed with the App ID Prefix from the apps Identifier record in the provisioning portal. The screen shot above shows the last letter of the App ID cut off, but I think that's just the display in Xcode; if I open the provisioning file, the full ID is listed.
I have another app I've been working on at the same time and I was able to submit it successfully. I opened the archived .app files for both projects and compared the embedded provisioning profiles, and the only differences are things I would expect, like the app name and export time. The application-identifers and bundle IDs are formatted the same way, with the correct app prefixes. I also compared the info.plist files for the two apps and didn't see any significant differences there, either. The other app also required me to select the profile during the submission process, so it seems like that's not a problem (although with my iOS submissions, the profile name appears there automatically).
When I turn on automatic signing, some upload steps are skipped, but I get the same error message at the end of the upload. If I use the Validate App button instead of the Distribute App button in the Xcode organizer, I go through the same steps and get the same error message.
I've compared the setup of the app IDs and profiles of both apps, the signing settings, the build settings, the App Information pages in iTunes Connect ... everything is set up the same way. Does anyone know what else I should check?
I finally got this to work by giving up on the automatically derived "maccatalyst" bundle ID and using a custom bundle ID. Here are the steps I took:
In Xcode, turn off the "Derive Mac Catalyst Product Bundle Identifier" build setting.
Edit the "Product Bundle Identifier" build setting and add a separate bundle ID for the macOS platform. (screen shot 1)
In the iOS Provisioning Portal, edit the App ID for the associated iOS app and turn off the Mac Catalyst option.
Create a new App ID for the Mac version of the app, and enter the new macOS bundle ID.
Create new development and distribution profiles using the new App ID. When creating the profiles, these must be Mac Catalyst, not Mac, profiles. Xcode would only accept Mac Catalyst profiles when validating. (screen shot 2)
In App Store Connect, edit the macOS app record and change the bundle ID from the maccatalyst ID to the custom ID. This was still editable because I hadn't yet successfully uploaded a binary.
My new profiles now appear as Eligible on the Signing & Capabilities tab in Xcode, but they do not appear as options on the validation page when submitting. However, as with my original setup, I can click the Import Profile option there and select the file downloaded from the provisioning portal.
Note that this is the setup to use if you do not want Universal Purchase. If you do want that, you would need to use the same bundle ID as for the iOS app, and you might need to wait until Xcode 11.4 is released in order to submit the app with that setup. I'm not sure about that, but I am sure that you cannot submit apps with the Xcode 11.4 beta, because I tried it. (screen shot 3)
I didn't try automatic signing with the custom bundle ID setup. I think that would work because I think somehow the problem was related to the automatically derived bundle ID. That is basically deprecated with the upcoming Xcode 11.4 and Universal Purchase capability, so I suspect that a change on Apple's end has broken the validation of that style of bundle ID, perhaps only in limited cases that affected my app due to some factor that neither I nor Apple were able to identify.
Custom bundle ID settings:
"Profile is not a 'Mac Catalyst App Store' profile":
Cannot submit from Xcode beta:
I found this document:
Technical Q&A QA1710: Why do I get an "Invalid application-identifier Entitlement" error?
It states:
In modern versions of Xcode, you don't need to supply a value for this entitlement yourself, so the error can be avoided by simply removing the application identifier entitlement from your custom Entitlements.plist.
Xcode builds the application identifier entitlement for you based on the Bundle Identifier property defined in your Xcode project's Target > Info tab, so setting the correct Bundle Identifier in Xcode is imperative.
I don't have either of those problems, but maybe it will help someone else receiving this error.
I'm writing a Mac app in the sandbox, and can't seem to get code signing to work. I've selected "Developer ID" from the Info tab for my target, and I've tried letting Xcode set up my provisioning profile automatically as well as creating the profile myself. The app builds without any errors or warnings, but when I try to "build and run," it gives me the following error:
In console.app, I noticed I was getting the following message:
3/5/15 4:46:37.151 PM taskgated[73]: killed com.nateparrott.Boxcar[pid 27408] because its use of the com.apple.developer.ubiquity-container-identifiers entitlement is not allowed (error code -67050)
It turns out that the default entitlements file in my project included an empty list of iCloud container, which caused the sandbox to think the app needed iCloud permissions (which weren't included in the default provisioning profile). Removing the iCloud entry from the entitlements file solved the problem.
Try to regenerate your certificates from the Dev Center. This happens most of the times when you switch to a new mac or after upgrading to a newer OS X version.
You have downloaded and installed your cert (in Keychain Access) from the portal. If you created the cert today on the same Mac you're trying to run it on this won't be your issue.
Your cert from above is in the provisioning profile you imported into XCode.
You actually imported your provisioning profile into XCode. It should be selectable form your Build Settings drop-down.
The bundle identifier you created in the portal matches what you have designated in your project under the Target Info.
I tried Setting Build Settings->code signing identity to "Mac Developer" and Provisioning Profile to "Automatic". The debugger worked fine after that.
This also can happen when debugging on iOS Simulator, when developing for Mac Catalyst, when ENABLE_HARDENED_RUNTIME set to YES.
Below Xcode configuration helps to avoid this error:
ENABLE_HARDENED_RUNTIME[sdk=macosx*] = YES
ENABLE_HARDENED_RUNTIME[sdk=iphonesimulator*] = NO
ENABLE_HARDENED_RUNTIME[sdk=iphoneos*] = NO
modify targets>Build Setting>code signing identity to your sign development.
I am trying to set up iCloud within my iOS application, I have done the following:
Removed all old certs on mac.
Added iCloud to the App in Dev Console - created new container and added to app
Redone the dev provision and downloaded
Installed the provision
Added the iCloud Entitlement to the app
And this is where is all goes wrong...
I can't get the app running again, the app is building but I am getting an error saying:
The entitlements specified in your application’s Code Signing Entitlements file do not match those specified in your provisioning profile.
(0xE8008016).
Any ideas??
UPDATE: I have managed to be able to run the application to get everything programmed and put in place, everything is set up iTunes Connect end, all provisions are valid and sync'd.
Now I am getting errors during validation...
There are 4: Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported by iOS. Specifically, key 'com.apple.developer.icloud-container-identifiers' in Payload ------- not supported
Other 3 are similar for other containers!
Maybe it's a late comment, but I post it here in case that somebody is struggling for the same reason.
I encountered this issue on Xcode8 recently when I was trying to archive. Generally, I enabled iCloud with Xcode in following steps:
Enable iCloud inCapabilities panel in my target by setting the toggle to ON.
Check iCloud under my App Identifier in Member Center turns green automatically, and a iCloud container is created automatically with my App Identifier. (Apple's system does this for us.)
Regenerate my certificate with my App Identifier.
Create a new provisioning profile.
Download and install the new certificate and provisioning profile
Select the new provisioning profile in Signing(Release) section in General panel in my target.
Then I got errors like:
Provisioning profile "iCloud Test" doesn't include the com.apple.developer.ubiquity-container-identifiers,
com.apple.developer.icloud-container-identifiers,
and com.apple.developer.icloud-services entitlements.
Code signing is required for product type 'Application' in SDK 'iOS 10.1'
Code signing is required for product type 'Application' in SDK 'iOS 10.1'
At last I found that there were two options in iCloud section under my App Identifier in Member Center. By default, the Compatible with Xcode 5 was selected, but I succeeded by selecting the other option.
If you're just adding iCloud to an app for the first time or want to upgrade to use CloudKit after using an older iCloud container:
Go to the Apple Development Center.
Choose Certificates, IDs & Profiles.
Use the dropdown on the top left to switch between iOS/tvOS/watchOS or macOS
Choose App IDs under the Identifiers section.
Choose your app from the list.
Scroll down to iCloud and make sure it is enabled with a green dot.
If it's not enabled or has a yellow dot, click the button at the bottom of the page to Edit and make sure you've checked iCloud service.
You may also need to create a container under the iCloud Containers section then associate it with this app.
After submitting a report to Apple, it turns out that Apple systems are useless AGAIN!
Ok, so if you are creating a NEW application or you are only just adding iCloud to your application - you will need to make sure the system doesn't pick up or create a iOS8 cloud container!
If it does you need to remove it from your app entitlements file, remove the selected containers in the Apple Developer Console and re-download certs again!
Thanks Apple again!
I got blamed for using pre-released software! I haven't touch Xcode 6 yet!!!
What I did:
- leave only com.apple.developer.icloud-services in entitlements file
- in Capabilities under iCloud marked key value storage and iCloud Documents (cloud kit EMPTY)
- Containers set to specify custom but do not select any of your containers
- This will probably give you RED warning sign under steps but leave it as it is DO NOT FIX
- Regarding provisioning profile Development and Distribution profiles have to have App ID which has iCloud enabled but NOT linked to any container
- In those provisioning profiles set under iCloud OLD version for Xcode 5 etc. not a new one related to iCloud containers
I had an error of "Add iCloud Containers to your App ID".
Automatic signing was unable to resolve an issue with target's entitlements.
I don't even use iCloud Containers, only Key-value storage(keychain).
I also switched in iCloud section under my App Identifier in Member Center from "Compatible with Xcode 5" to "Include CloudKit support (requires Xcode 6)" problem still remains.
So I fixed it like this:
Enable iCloud Capabilities panel in my target by setting the
toggle to ON.
Turn on "Include CloudKit support (requires Xcode 6)" in Member
Center (still got same error).
in Xcode in iCloud Capabilities TURN ON CloudKit (even if you don't
need it) and then turn OFF.
And then problem solved for me!
I am trying to submit an iOS app, but it fails showing "Invalid binary" in iTunes connect, and the submission feedback email shows:
Invalid Signature - Make sure you have signed your application with a
distribution certificate, not an ad hoc certificate or a development
certificate. Verify that the code signing settings in Xcode are
correct at the target level (which override any values at the project
level). Additionally, make sure the bundle you are uploading was built
using a Release target in Xcode, not a Simulator target. If you are
certain your code signing settings are correct, choose "Clean All" in
Xcode, delete the "build" directory in the Finder, and rebuild your
release target.
I am certain that I have used a distribution certificate.
I have ran the command codesign -d -vvvv /path/to/app.app and it showed Authority=iPhone Distribution: Company Name Inc (ABC1234) which is indeed a distribution certificate.
I used Xcode's application loader for the submission.
I also tried Xcode's Organizer - Archives to validate and submit the app. It passed validation (!) and then iTunes connect still decides it is an invalid binary with an invalid signature.
I should mention that I am using Xamarin, but I doubt that this is a Xamarin-related issue.
I have an OS X app targeting 10.7 (Lion) platform. I use XCode 4.4 on a development machine where iCloud is enabled. The OS X version on this machine is 10.8 (Mountain Lion).
I have an APP ID that I enabled iCloud using the Developer Certificate Utility: com.company.appname. The utility shows a green tick next to iCloud label under description of the App ID.
From XCode Target/Summary tab I enabled Entitlements and added iCloud Container com.company.appname. Of course internally it is preceded by the team id in the Entitlements file: teamid.com.company.appname.
I also have a valid (green ticked) provisioning profile on my Mac with the same id:teamid.com.company.appname.
Derived Data locations is set to Relative from XCode/Preferences.
The app builds OK. But when I run it I get "Could not launch "appname". Permission denied." error.
If I remove the iCloud container id com.company.appname from iCloud Containers list box under Entitlements and build the app, it runs OK. But of course I cannot access iCloud container enabled for the app.
I have been working on this problem for the past 24 hours. I have read the guides; Developing for the App Store, App Sandbox Design Guide, and Entitlement Key Reference inside out. Yet I am stuck. What went wrong?
I am desperate and I will be grateful if you can help me.
I think the most likely problem is that the AppID, the Entitlement and your provisioning profile do not match each other.
This can happen easily if you experiment a lot with those settings. It should work right out of the box if you create a fresh new project with valid settings, but it might get corrupted if you convert, change or edit existing projects.
Do not forget about the 10-digit prefix of your app bundle id. This is required, esp. for iCloud Key-Value-Storage!
Log into developer.apple.com, check the AppIDs tab
Create an AppID if necessary
Check the iCloud settings for this app
Note down the exact app identifier in the form ABCDE01234.com.domain.app
Switch back to Xcode, update your Provisioning Profiles and Entitlements in the "Teams" section of the "Devices" Tab in the Organizer
Go to the project settings, select the app target and search for "Code Sign"
Make sure the correct code signing identity is selected (see the application identifier above)
Go to the summary tab and put in your app ID
Open the Entitlements file and check if the right ID is in there as well.
Then it should work.
Hopefully.
Edit: thought it would be nice to add the link to the app id center:
https://developer.apple.com/certificates/index.action#bundlelist