Sparkle Error: The update is improperly signed - macos

I am using sparkle for software update. I signed my app with Apple developer certificate and uploaded the build. Then I tried to update by calling 'checkForUpdates:' method. But I am getting an error saying "Update is not properly signed". What might be the reason? Did I miss anything?

You likely need to review the tips about how to codesign properly for Sparkle here:
https://github.com/sparkle-project/Sparkle/issues/216
Specifically, sign all binaries and frameworks, and do so with the proper codesign arguments.

Related

Error ITMS-90046 when using xcodebuild instead of Xcode IDE

I'm unable to get rid of "ERROR ITMS-90046" when building my app with xcodebuild and uploading using Application Loader. But it works fine if I archive and upload completely within Xcode.
The ITMS-90046 error message specifically complains about the "application-identifier" in my framework:
ERROR ITMS-90046: "Invalid Code Signing Entitlements. Your application
bundle's signature contains code signing entitlements that are not
supported on iOS. Specifically, value 'TEAMID.com.domain.Product'
for key 'application-identifier' in
'Payload/Product.app/Frameworks/MyFW.framework/MyFW' is not supported.
This value should be a string starting with your TEAMID, followed by a
dot '.', followed by the bundle identifier.
I tried all the solutions mentioned in This thread, but none of them worked for me. Luckily I am at least able to upload via Xcode, but this needs to happen frequently enough to become burdensome.
Any ideas what to try next? Anyone know if Apple is even aware of this issue?
Thanks!
The solution was to re define and download all apple developer certificates and import them all again to Xcode.

ITMS-90451:CFBundleIdentifier Collision Error

I have to modify the application that was submitted to the 3/24.
As a result of the modified the application tries to re-submit to 4/12, the following error appears in my Application Loader.
[2015-04-12 18:41:21 JST] ERROR: ERROR ITMS-90451:. "CFBundleIdentifier Collision The Info.plist CFBundleIdentifier value 'com.LespaceVison.RapidCopy' of 'RapidCopy.app / Contents / Frameworks / QtCore.framework 'is in conflict with the Info.plist CFBundleIdentifier value of' RapidCopy.app '. "
Because I thought I was wrong to modify something, but I tried to re-upload the build that was submitted to the 3/24 to try, same error was displayed.
Please tell me what to do or my mistake about this error.
This is a summary of my environment
Mac OS X 10.10.3
XCode 6.3 with CLI Tools 6.3
Qt 5.4.1
I do not use the Xcode.
QtCreator
make
codesign
productbuild
I have created a pkg for submission using these.
This error was resolved!!
I will show how to resolve for those who have the same problem.
In my case, two problem existed.
ITMS-90451 Error
It was caused CFBundleIdentifier that is in the FrameWork.
CFBundleIdentifier of FrameWork should not be the same as App.
This is a rule from the old days, but now checks in ItunesConnect recently.
I was sentenced to change from Apple's support.
So, you should write the contents other than what has been used in the App to CFBundleIdentifier.
It was okay if you use as it is what QtFrameWork generated by default in my case.
Maybe, or content is unique and I think that it does not become a problem.
2.ITMS-90334 Error
After I clear problem 1(ITMS-90451), I was suffering from this problem.
The cause of this problem is in the codesign.
I had been used to find a sample of QtFrameWork, in the sample when the codesign to FrameWork,
it was specify BundleID of App with the -i option. This is a mistake.
mistake example was here.
codesign -f -s "YOUR APP CERT" -i "YOUR APP BUNDLEID" "YOURAPP".app/Contents/Frameworks/QtCore.framework
answer is here
codesign -f -s "YOUR APP CERT" "YOURAPP".app/Contents/Frameworks/QtCore.framework
I was called to be any announcement regarding changes to the Apple,
But they explained would not add.
Is this information may useful for someone.
cheer up!
I fixed this issue by deleting values from info.plist of pods/dependencies. See detail answer here. : error itms-90451 "CFBundleIdentifier Collision Error"

Codesign of Dropbox API fails in Xcode 4.6.3: "code object is not signed at all"

I have an OS X app that's distributed through the Mac App Store, and recently updated to Xcode 4.6.3.
When I run my regular build now, I receive:
Command /usr/bin/codesign failed with exit code 1:
/Users/Craig/Library/Developer/Xcode/DerivedData/Mac-dxcgahgplwpbjedqnembegifbowj/Build/Products/Debug/MyApp.app: code object is not signed at all
In subcomponent: /Users/Craig/Library/Developer/Xcode/DerivedData/Mac-dxcgahgplwpbjedqnembegifbowj/Build/Products/Debug/MyApp.app/Contents/Frameworks/DropboxOSX.framework
Command /usr/bin/codesign failed with exit code 1
I can't seem to discern any other changes in my project, so I can't tell if it's an issue related to the 4.6.3 update, or something else.
I have tried restarting Xcode, running a clean build, and cleaning the build folder.
I think I may have figured this one out. I've been running Xcode 4.6.3 on OS X Mavericks, under the impression that any build-specific tools were bundled in the Xcode application.
But, it seems codesign is in /usr/bin. Whether it's put there by one of the Xcode installers or comes with a vanilla system install, I'm not sure. But reading through the man page for codesign, I found this nifty option:
--deep When signing a bundle, specifies that nested code content such as helpers, frameworks, and plug-ins, should be recursively signed
in turn. Beware that all signing options you specify will apply, in turn, to such nested content.
When verifying a bundle, specifies that any nested code content will be recursively verified as to its full content. By default,
verification of nested content is limited to a shallow investigation that may not detect changes to the nested code.
When displaying a signature, specifies that a list of directly nested code should be written to the display output. This lists only
code directly nested within the subject; anything nested indirectly will require recursive application of the codesign command.
And then I found this post (https://alpha.app.net/isaiah/post/6774960) from two weeks ago (~June 2013), which mentions (albeit second-handedly):
#isaiah I asked a guy in the labs about it. He said codesign now
requires embedded frameworks to be signed separately before code
signing the app bundle as a whole.
Manually re-running the codesign command that Xcode normally runs, while adding the --deep flag to the end, signs the application properly.
I'm not yet sure exactly what ramifications this manual signing has, or whether I can tweak the Xcode build to add the --deep flag automatically, but this seems to be the underlying issue. (codesign no longer automatically deeply signs your app bundle.)
As highlighted in other answers, there is a change to the way code signing works. If you've installed any of the Xcode 5 DP's then the new tools will be being used even if you are using Xcode 4.6.X.
All you need to do at this stage (in Xcode 4.6.X) is take the --deep flag suggested above and add it into your code signing flags (Target, Build Settings) see image below.
For me, this problem was caused after dragging a folder named "resources" in my project. After changing its name into anything else(like "resourcessss" for example), the error disappeared.
I had the same problem, but the answer was simple: the code signing identity on my app was set to "-", so simply setting that to "Don't Code Sign" fixed me up.
"-" seems to be the default setting when you carry out some set of actions, although I can't tell you what those are.
This might help somone:
I finally figured out the solution by trial and error. In my case I had a folder name that matched the “Product Name” variable under build settings. This also matched the entire project name! So I simply changed one field. I changed the “Build Settings” -> “Product Name” . The value of MySpecialApp was changed to My-SpecialApp. That was simply it! I then logged back into the Apple developer portal and created a new App ID and mobile provisioning profiles for development and distribution and the rest is history. My releases now work when deployed via the Ad Hoc distribution.
A final note on this. This is definitely a bug that Apple should either alert the user that they have done something wrong and enable some sort of automated corrective action.
- See more at: http://www.chrisdanielson.com/2012/08/29/codesign-ipa-and-the-code-object-is-not-signed-at-all-problem/#sthash.F0nF3BbC.dpuf
For me it was a corrupted Framework PaddleMAs which:
1. I removed from my Cocoapods File
2. Ran pod install
3. Restarted my Xcode
and it solved the problem. For some reason a corrupted framework will prevent it being signed unfortunately XCode doesn't show this error really clearly and give you a good fix suggestion. Have raised a bug with Apple to fix.

osx - Invalid binary when upload mac app on Appstore

I have error when uploading mac app on app store. This error in below:
Invalid Executable or Signature - Your app could not be re-signed by
the App Store for distribution, because of an issue with the app's
executable (MyApp.app/Contents/Resources/file.o) or its
signature. The app may have been built or signed with non-compliant or
pre-release tools.
Though you are not required to fix the following issues, we wanted to
make you aware of them:
Invalid Signature - the executable at path MyApp.app/Contents/Resources/file.o is not
signed. Refer to the Code Signing and Application Sandboxing Guide for
more information.
I use xcode tool validate this package and it's successful. But when uploading this package on appstore, it notices "Invalid binary".
Do you know what the error is? I checked the provisioning profile and bundle id are valid.
The file mentioned in the error message (Contente/Resources/file.o) probably doesn't belong in your application bundle. Unless it's something important, you should remove it, as it's unlikely to be doing anything useful for you. (It's probably only in your project by mistake.)

Codesign check fails Xcode 4

I just created all new dev and deployment certs and I'm getting this weird error when I try to validate the application in the archive manager:
error: Codesign check fails : /var/folders/w_/dvqfkh916k12c5hn639qvvqw0000gn/T/oqhxIfU87c/Payload/TestUpload.app: valid on disk
/var/folders/w_/dvqfkh916k12c5hn639qvvqw0000gn/T/oqhxIfU87c/Payload/TestUpload.app: satisfies its Designated Requirement
test-requirement: code failed to satisfy specified code requirement(s)
I've looked all over to see how to fix this error but nothing seems to help for Xcode 4. I've followed the setup on the provisioning profile, however it doesn't seem to be updated for the newest Xcode 4 software (I've gotten this to work with previous versions of Xcode before archive manager was set in place)
Any help would be appreciated
I was testing using an old certificate cerated while ago and it did worked fine, but creating a new certificate using a new apple dev account wont work.
It seems like new certificates are created with issues from apple provisioning portal.
So, I guess there is not a problem on your app, and we just have to wait until they fix the bug.
If you're building dependent projects or libraries as part of the archive process, make sure that those targets are also being built with the App Store distribution certificate.
scoured this GUI looking for a "comment" but finding nothing - apologies if this gets posted as an answer.
I have spent the last 5 hours with that exact same error. Googling everything. Recreating certificates. Everything works when archiving, but then at the end I get the yellow triangle indicating the error. Using both wildcard and app specific distribution profiles that are recognized in Organizer as valid - I always get the error. You're not alone on this one and it is driving me insane - today was supposed to be the day we submit our app we've spent the last year on...
Will be watching this thread closely, can offer any further information from my end also if it will help any. If you find a solution Paradox, please post here as I am at my wits end and would be extremely grateful.
Are you sure you signed this with your Distribution profile and not your Developer profile? I think XCode 4.2 will give an error if you're trying to share an archive code signed with the wrong type of profile.
Some (old) information in this thread:
http://forums.macrumors.com/showthread.php?t=659607
I am having the same problem. Spent hours redoing certs, changing machines, changing versions of Xcode, making random changes that people have suggested, rebooting, changing icons you name it.
In Console there is a big dump of data related to the validation, if you're lucky it says something meaningful in there, it doesn't for me. Or at least nothing that I can understand :/
EDIT: The console outputs the command it runs but slightly butchered. It has a parameter R= but the output neglects the quotation marks around the argument. Running this command only outputs the just as helpful:
/var/folders/_x/XXXXXXXX/T/XXXXXXXX/Payload/XXXXXXXX.app: valid on disk
/var/folders/_x/XXXXXXXX/T/XXXXXXXX/Payload/XXXXXXXX.app: satisfies its Designated Requirement
test-requirement: code failed to satisfy specified code requirement(s)
Valid But Mismatched Certificates
This error can occur when submitting an application to the Mac App Store. The error occurs because one or more code signatures are valid but not signed by Mac App Store appropriate certificates:
Invalid Signature - The nested app bundle FRAMEWORK at path APPNAME.app/Contents/Frameworks/FRAMEWORK.framework has following signing error(s): valid on disk /Volumes/data01/app_data/dstr/mz_4939925606610311185dir/mz_6704668226144376567dir/eu.miln.beyond.mas.pkg/Payload/APPNAME.app/Contents/Frameworks/FRAMEWORK.framework/Versions/A: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.
The solution is to re-codesign the application bundle making sure to use a Mac App Store application certificate.
Codesign
Use the codesign -d -vvvv <app.path> to check the signing certificate is correct.
If you have a complex signed application with mixed certificates or non-Mac App Store certificates, you can use the codesign flag deep to recursively resign the entire bundle:
codesign --force -o library -s '3rd Party Mac Developer Application: Your Organisation (000AAA000A)' --keychain '/absolute/path/to/mac-app-store.keychain' --preserve-metadata=identifier,entitlements,flags --deep '/absolute/path/to/APPLICATION.app'
Note the --preserve-metadata=identifier,entitlements,flags options. These are important to avoid overwriting or changing the associated entitlements and bundle identifiers.
Ideally, the deep flag should not be used but it can be useful to fix problems.

Resources