I 've created distribution certificate and 2 provisioning profiles for distribution one with explicit App-Id and one with wildcard. I can see it in project build settings (and in Preferences>Account) and choose it in build settings for release: provisioning profile with explicit App-id.
I built archive with xcode 5 and try to validate it in organizer. But in dialog "Choose a profile to sign with" I can't see provisioning profile with explicit App-id, only this with wildcard. If I use the wildcard-profile the validation failed with message: "The bundle identifier cannot be changed from the current value, ('App-id'. ..." (The message only shows the App-ID suffix without Team-id prefix)
Solved:
The validation error message from Apple was confusing. I tried many things. The reason was a hyphen ("-") within the App-ID. After I had removed the hyphen and had created the provisioning profile with explicit App-Id the validation passed through.
Related
I have a Mac app that was accepted to the Mac App Store when I built it using Xcode 13 (exactly the way I do it now, code signing set to automatic, uploading to the App store using the Organizer in Xcode), but now with Xcode 14.2, minutes after submitting it to the Mac App Store, I will receive a refusal mail with lots of "ITMS-90288: Invalid Code Signing Entitlements" and "TMS-90286: Invalid Code Signing Entitlements" errors, two for each embedded dynamic library.
TMS-90288: Invalid Code Signing Entitlements - The entitlements in your app
bundle signature do not match the ones that are contained in the provisioning
profile. According to the provisioning profile, the bundle contains a key value
that is not allowed: '(My team id).' for the key 'com.apple.application-identifier'
in 'Spatterlight.app/Contents/Frameworks/libc64diskimage.dylib'
ITMS-90286: Invalid Code Signing Entitlements - Your application bundle's
signature contains code signing entitlements that are not supported on macOS.
Specifically, value '(My team id).' for key 'com.apple.application-identifier'
in 'Spatterlight.app/Contents/Frameworks/libc64diskimage.dylib' is not supported.
This value should be a string starting with your TEAMID, followed by a dot '.',
followed by the bundle identifier .
The reply at https://developer.apple.com/forums/thread/710598 seems to indicate that dylibs shouldn't have entitlements at all, but apparently Xcode is adding them anyway, making the app unacceptable to the App Store.
I have tried cleaning the build folder, disabling and enabling automatic signing, signing manually when uploading the app (providing profiles from lists in Xcode rather than doing it automatically). The result is the same.
Note that there are plenty of questions here that may look like duplicates of this (usually with titles like "ERROR ITMS-XXXXX: 'Invalid Code Signing Entitlements'", but none of them seem to be about this problem, which makes me think I am doing something uniquely wrong.
To prevent Xcode from adding malformed entitlements to your dylibs, you can do the following steps:
Create a custom entitlements file: In Xcode, go to File > New > File and select "Entitlements" from the list of file templates. This will create a new .entitlements file in your project.
Specify the custom entitlements file: In your target's Build Settings, find the "Code Signing Entitlements" setting and set it to the name of your custom entitlements file.
Review and edit the entitlements file: Open the custom entitlements file and review the contents. Ensure that only the necessary entitlements are included, and that they are correctly formatted.
Build and sign your dylib: Build your dylib and sign it with your custom entitlements file. You can verify that the entitlements were correctly added by running the codesign command in the Terminal and examining the output.
First I apologise for my english.
could you help me with small problem :slight_smile:
I want to create *.ipa file from ionic project, but in indentify area xcode told me that I must "Fix Issue".
And if I click on the fix issue, so xcode show me modal window with text An App ID identifier "com.xxxxx.xxxxxx" is not available please enter the different sting, but I need use defined string, concretely defined string in "Bundle indentifier".
What can i do? Could somebody help me width this problem?
I try to change "Bundle indentifier" e.g. com.xxxxx.xxxxxx1. I add only 1 to end and it works but I need use Bundle identfier without 1 number in the end of bundle identifier string.
And one thing under Team item I have text "No provisionig profiles found", but if i add 1 to the end of identifier bundle and click to Fix Issue this text "No provisionig profiles found" disappear.
Thank you for any advice,
best regards Peter
You need to have an apple developer account with enough access to do the following:
Create a development/production certificate
Create provisioning profiles based on the above certificate
In order to be able to build an *.ipa file you need to do the following:
Create the development/production certificate
Add the UDID of all devices on which you want to run the *.ipa install
Based on your choice you need to create a provisioning profile for either Development or Ad Hoc distribution.
Archive your project
Time to create your distribution:
if you chose Development, it's rather straight forward, just follow the steps (disable "Rebuild from bitcode" for faster build) - after this you can e-mail the build, but the build will need to be installed through iTunes on a device whose UDID you've added above
if you chose Ad Hoc, you need to upload your build to a remote HTTPS location, along with the corresponding manifest (*.plist) file (if you need further instructions on this, I can help, don't want to go into too many details if this is not what you want)
The "Fix issue" shows every time when your device UDID has not been added to the provisioning profile of the app bundle ID that's been set within the app.
I have working application in AppStore. It has inApp Purchases.
Certificate and provision profile was expired.
I updated it, but XCode wrote:
"Code Sign error: No matching provisioning profiles found: None of the valid provisioning profiles allowed the specified capabilities: Features: inAppPurchase.."
I pressed "Fix Issue Automatically", XCode wrote
"An App ID with identifier 'com.mycompany.myproj' is not available. Please enter a different string."
This indefinier is bundle id of my application, and I did not change it.
How to fix this error?
I fixed this problem next way:
remove all provision profiles which links with problem project (using «iPhone Configuration Utility»)
generate new provision profile on developer.apple.com
download and install this provision profile (and updated expired provision profiles) on local computer
choose new provision in "Code Signing Identity"
build project
When I try to build and run the app on the device I get following error App installation failed: This application's bundle identifier does not match its code signing identifier.
I checked the signing certificates, bundle ids, provision profile, entitlements and everything is correct.
Any Ideas ?
Go into Building Phases
Click the + sing and add script in New Run Script Phase
Add /usr/local/bin/carthage copy-frameworks to the script box.
In Input Files add a line for each Carthage framework you're using in your app: $(SRCROOT)/Carthage/Build/iOS/FrameworkName.framework
If you're still having problems, also add this under Output Files for each framework: $(BUILT_PRODUCTS_DIR)/$(FRAMEWORKS_FOLDER_PATH)/FrameworkName.framework
This process fixed it for me. It can be found under Carthage documentation. You can see this process here in items 4, 5, 6.
https://github.com/Carthage/Carthage#adding-frameworks-to-an-application
In the end the error was caused by Carthage.
After removing and rebuilding all frameworks it fixed the problem.
To fix this, I had to set framework's Product Bundle Identifier to anything with a dot.
In my case it was because of framework, not Carthage's, but the one as target dependency in Workspace.
Before the fix Product Bundle Identifier was something like "FrameworkName", andXcode would automatically append some autogenerated ID, and Signing Identifier would become "FrameworkName-5555494493d11a8e5f473d1cb2a5d781973d171e".
When I set Product Bundle Identifier to something with dot, like "com.organization.frameworkName", Xcode stopped to auto-append anything, and everything works because ids match.
It seems that it wasn't an issue before Xcode 11 and Catalina. This debug was crazy.
Are you using custom .xcconfig files?
Sometimes custom .xccofigs can override the default code-sign settings.
1) See if the project has a custom config by:
--- 1) Click on project whatever the project name is called in Xcode (usually at the top)
2) On the right you'll see your project settings. In here, you can set the identifier.. If not, then you're on the wrong view. This is what you should see:
3) Change the "bundle Identifier" to something to the effect of "com.yourcompany.yourAppName".
--- The com.yourcompany is your website domain name reversed.. Apple Recommend this.
--- After the com.yourcompany is the app name or "nickname' your give it so. com.yourcompany.myCoolApp would be the full identifier.
4) Once you've done this, make sure that under the "Build Settings" as below:
--- That your "Code Signing Identity" is set to whatever Identity you want. For Debugging on iOS or OSX you use "iPhone Developer: Your Name xxx" or "Mac Developer: Your Name xxx".
Code signing resources path: reserved for advanced / command line tools
Other Code Signing Flags: Not sure, never had to use this
Provisioning Profile: IDEALLY set this to "Automatic" so Xcode handles the setting. Otherwise, when you've set a provisioning profile on the Member Centre, then specify it here (make sure you've installed it first though).
in iTunes they changed it to have a flag for each role if he will have
Access to Certificates, Identifiers & Profiles.
and by default its false.
All i had to do is to:
go to iTunesConnect -> Users and Access -> edit my role by checking the box of "Access to Certificates, Identifiers & Profiles"
This issue is only related to CODE SIGNING
But, the key point to note here is, if you are using XCode 11.x version.
Not only the code signing in your project, but we should check the code signing in Thirdparty SDKs or dependencies that we add to our project.
Steps to verify the Code Signing of 3rd party SDks:
Download the source code of framework you need
Open the .xcproj file from the source code using XCode 11.x
Go to Targets -> Signing & Capabilities -> Select all tab -> Bundle Identifier
If you see any unevenness in the identifier like, identifier with 4 seperators (Eg: com.company.mac.app)
Change it to com.* and enter.
Make sure your XCODE COMMAND LINE TOOLS is set with XCode 11.x
Now, use below command to rebuild the SDK, with the changes done in above step-3
carthage build --no-skip-current --cache-builds --platform iOS
Now copy the framework generated from, carthage folder of source code, and replace the existing SDK in your project.
Repeat the same for process for all the 3rd party SDKs, in your project.
NOTE: Make sure you marked all the 3rd party SDKs as Embed & Sign in
Targets => General => Frameworks, Libraries, and Embedded Content
Your app is signed by a Provisioning Profile, which in turn is linked to a Certificate (which can be either for development or distribution).
Now certificates have a Bundle ID, which can be:
A wildcard, such as "com.mydomain.*"
OR
An explicit ID, such as "com.mydomain.myapp"
Either way, the bundle identifier of your app has to match the Bundle ID of the certificate tied to your provisioning profile.
A mismatch would trigger the error you're encountering.
Our company is setting up another development station for the same app that will be sent away. I installed Xcode and tested the app in the simulator. I downloaded the Certificate and Provision that worked fine on my other computer. I selected the correct code signing identity and when I build it for a release to my iPad I get an error:
Code Sign error: The identity 'iPhone Developer: Person's Name (XXXXXXXX)' doesn't match any valid certificate/private key pair in the default keychain
In organizer, I click on Provision Profiles and the provision profile I downloaded. Underneath I get the warning:
A valid signing identity matching this profile could not be found in your keychain
I've looked up many, many other people that had this problem, but all seem to resolve it by deleting the cert and provision, which I never want to do! i.e., what if I want to use the same provision and cert on two different machines, or many?
I also went through deleting, recreating, deleting, rinse-repeat - but the answer was simple.
I had the same problem and solved it very simply in XCode Organizer - I'm using Version 4. All I did was go to the top Library section and select Provisioning Profiles, and import the downloaded profiles that I had received in my Safari downloads named "name.mobileprovision".
I think you just have to export the valid certs from the working computer, explained in this doc.
http://developer.apple.com/library/ios/#qa/qa2008/qa1618.html