Xcode Error: Command /usr/bin/codesign failed with exit code 1 - xcode

I have no idea why I am getting this error. I believe that I have all the correct provisioning profiles and such. I did just move to a new computer but I did also bring over the private keychain developer key. I have my developer files synced with Dropbox so I didn't need to move over the Xcode project. Here is the error:
CodeSign "/Users/michaellindahl/Library/Developer/Xcode/DerivedData/Fraction_Calculator-cgirhuuvywfnsyenisucsuauquoz/Build/Products/Debug-iphoneos/Fraction Calculator Pro.app"
cd "/Users/michaellindahl/Dropbox/Xcode/lindahl studios/FractionCalculator"
setenv CODESIGN_ALLOCATE /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate
setenv PATH "/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
/usr/bin/codesign --force --sign "iPhone Developer: Michael Lindahl (MXXX0X0XXB)" "--resource-rules=/Users/michaellindahl/Library/Developer/Xcode/DerivedData/Fraction_Calculator-cgirhuuvywfnsyenisucsuauquoz/Build/Products/Debug-iphoneos/Fraction Calculator Pro.app/ResourceRules.plist" --entitlements "/Users/michaellindahl/Library/Developer/Xcode/DerivedData/Fraction_Calculator-cgirhuuvywfnsyenisucsuauquoz/Build/Intermediates/Fraction Calculator.build/Debug-iphoneos/Fraction Calculator Pro.build/Fraction Calculator Pro.xcent" "/Users/michaellindahl/Library/Developer/Xcode/DerivedData/Fraction_Calculator-cgirhuuvywfnsyenisucsuauquoz/Build/Products/Debug-iphoneos/Fraction Calculator Pro.app"
CSSM_SignData returned: 8001094A
/Users/username/Library/Developer/Xcode/DerivedData/Fraction_Calculator-cgirhuuvywfnsyenisucsuauquoz/Build/Products/Debug-iphoneos/Fraction Calculator Pro.app: unknown error -2070=fffffffffffff7ea
Command /usr/bin/codesign failed with exit code 1
Thanks for your insight.

You've almost certainly got corrupted certs :
Revoke old certs, generate new ones, new provisioning profile, the works, magic happens again

This seems senseless, but I simply locked and then unlocked the login keychain and the problem went away. On reflection, the problem occurred after I had added a new certificate to the keychain. Maybe the addition of this additional certificate (unrelated to the current project) caused the problem.

Try going through all of the steps in the Managing Devices and Digital Identities document. This should help you verify that your machine is correctly set up.

Related

Having problems getting electron builder to sign a mac build

I don't know why electron-builder cannot find a valid identity.
Using the environment variable to debug, I always end up with the same problem where it says there is no valid identity despite listing there to be 1 valid identity underneath.
I have tried specifying the cert name as the "identity" property of the top level key "mac" in package json and leaving it out.
I have tried specifying the keychain (CSC_KEYCHAIN) to login.
I have tried adding the "Developer ID Application: ****" cert to login, System, and custom keychains (I don't know why electron builder keeps making extra keychains called "1").
I have tried adding an "Apple Root CA" to all those keychains from the previous line.
I have tried specifying and omitting CSC_NAME, CSC_LINK + CSC_KEY_PASSWORD.
I have tried CSC_IDENTITY_AUTO_DISCOVERY as false.
Running the command line from this page appears to work (as running spctl -a -t exec -vv 'Appname.dmg' gives back "source=Unnotarized Developer ID" ), but I would like to follow the automatic notarization process suggested here which is based off of electron-builder #3870
When I specify the identity in package json, the closest I get to is saying
Identity name is specified, but no valid identity with this name in the keychain identity=***** allIdentities=
1) BBBBBBBBB "Developer ID Application: ***** (XXXXX)"
1 identities found
Valid identities only
1) BBBBBBBBBB "Developer ID Application: ***** (XXXXX)" <---lists the exact one above
1 valid identities found
at/........
When I run security find-identity -v, or security find-identity -v -p codesigning, the exact same cert appears again.
Have I missed anything?

macOS kext with invalid signature

We have a kext-enabled Developer ID which we are using for code signing and I have verified that the certificate contains the 1.2.840.113635.100.6.1.18 extension required. However, kextutil -tn still shows:
Untrusted kexts are not allowed
Kext with invalid signature (-67050) denied: /Library/StagedExtensions/Library/Extensions/A0587A5A-52FC-46DC-832E-81919195902C.kext
After signing, I re-extracted the signature using 'codesign -d --extract-certificates' to verify that the correct kext-enabled Developer ID certificate was indeed used during the signing process.
I have "Apple Worldwide Developer Relations Certification Authority" and "Developer ID Certification Authority" certs in both the login and System keychains.
Any suggestions on where to go from here? Thanks!
I've figured it out. Turns out macOS 10.13+ denies kexts by default -- even those signed with a valid kex-enabled Dev. ID certificate (which we have). The solution is described in this tech note (and alluded to in the comments above):
https://developer.apple.com/library/archive/technotes/tn2459/_index.html
The first time an attempt is made to load the kext, macOS should present the user with a popup informing them that it was blocked. The user then needs to go to System Preferences > Security & Privacy in order to approve the kext. Note that the approval needs to happen within 30 minutes of the load attempt or it will disappear. Subsequent load attempts will be rejected silently but will reactivate the prompt within "Security & Privacy" -- giving the user another chance to approve the kext.
$ csrutil status
System Integrity Protection status: enabled.
$ sudo kextutil -v /Users/xxx.yyy/Library/Developer/Xcode/DerivedData/zzzz-dvqiwdodghcxydamtmpmffakjyrt/Build/Products/Release/zzzz.kext
Defaulting to kernel file '/System/Library/Kernels/kernel'
/Users/xxx.yyy/Library/Developer/Xcode/DerivedData/zzzz-dvqiwdodghcxydamtmpmffakjyrt/Build/Products/Release/zzzz.kext appears to be loadable (not including linkage for on-disk libraries).
Loading /Users/xxx.yyy/Library/Developer/Xcode/DerivedData/zzzz-dvqiwdodghcxydamtmpmffakjyrt/Build/Products/Release/zzzz.kext.
/Users/xxx.yyy/Library/Developer/Xcode/DerivedData/zzzz-dvqiwdodghcxydamtmpmffakjyrt/Build/Products/Release/zzzz.kext successfully loaded (or already loaded).
$ kextstat | grep xxxxxx
161 0 0xffffff7f83af6000 0x3c9000 0x3c9000 com.xxxxxx.driver.zzzz (1) 230E04D6-5C15-373F-8F73-E23566AE3C22 <22 15 5 4 3 1>

Xcode building application from command line

I'm using this script for building application from command line:
#!/bin/bash
TARGET="signtest"
CONFIGURATION="Debug"
SDK="iphoneos"
IDENTITY="iPhone Developer: Marcin Zyga (CLJR93MXJ6)"
KEYCHAIN="/Users/admin/Library/Keychains/login.keychain"
PASSWORD="admin"
security unlock-keychain -p ${PASSWORD} ${KEYCHAIN}
xcodebuild -target "${TARGET}" -configuration ${CONFIGURATION} -sdk iphoneos CODE_SIGN_IDENTITY="${IDENTITY}" PROVISIONING_PROFILE="94D99766-0268-4E0E-B8D1-053063BB2DA1" OTHER_CODE_SIGN_FLAGS="--keychain ${KEYCHAIN}"
I'm trying to compile application and sign it with my provisioning profile. I'm getting:
Build settings from command line:
CODE_SIGN_IDENTITY = iPhone Developer: Marcin Zyga (CLJR93MXJ6)
OTHER_CODE_SIGN_FLAGS = --keychain /Users/admin/Library/Keychains/login.keychain
PROVISIONING_PROFILE = 94D99766-0268-4E0E-B8D1-053063BB2DA1
SDKROOT = iphoneos5.0
=== BUILD NATIVE TARGET signtest OF PROJECT signtest WITH CONFIGURATION Debug ===
Check dependencies
[BEROR]Code Sign error: The identity 'iPhone Developer: Marcin Zyga (CLJR93MXJ6)' doesn't match any valid certificate/private key pair in the default keychain
** BUILD FAILED **
This is when I'm invoking as sudo su - probably I'm missing a valid configuration in my keychain.
When I'm invoking this build script as admin user I've got this:
Build settings from command line:
CODE_SIGN_IDENTITY = iPhone Developer: Marcin Zyga (CLJR93MXJ6)
OTHER_CODE_SIGN_FLAGS = --keychain /Users/admin/Library/Keychains/login.keychain
PROVISIONING_PROFILE = 94D99766-0268-4E0E-B8D1-053063BB2DA1
SDKROOT = iphoneos5.0
=== BUILD NATIVE TARGET signtest OF PROJECT signtest WITH CONFIGURATION Debug ===
Check dependencies
[BEROR]Code Sign error: Provisioning profile '94D99766-0268-4E0E-B8D1-053063BB2DA1' can't be found
** BUILD FAILED **
My provisioning profile definitly exists.
You've got two problems. The first is there's something in Xcode 4 and later that is changing what I believe is the search path or access rights of the command line build settings, because I, ALSO, am failing with the same codesign [BEROR] when building from command line but not Xcode directly.
I wish I knew the answer to the first problem. I've tried explicitly setting the developer identity, using the generic "iPhone Developer", updating the project settings to have the [sdk-iphoneos*]="", etc., and I have to yet discover the solution.
Did this used to work for you and then you did a Mac OS/Xcode update and now it doesn't? That's my dilemma.
ANYWAY, your second problem is easily fixable: Pass the entire path and filename for the PROVISIONING PROFILE, a-la "/Users/zyga/Library/MobileDevice/ProvisioningProfiles/94D99766-0268-4E0E-B8D1-053063BB2DA1.mobileprovision"
...A

Command /usr/bin/codesign failed with exit code 1

I am trying to test a app on my phone. I keep getting this error:
Command /usr/bin/codesign failed with exit code 1
I have added the Provisioning profile and went through the set up on the apple iPhone portal.
I have been looking at this for a little over an hour and a half and I still can't figure it out.
Any ideas why this isn't working and why I am getting this error? Thanks!
Edit:
Here's some information on my build:
CodeSign build/Debug-iphoneos/TableView.app
cd "/flashPics_iPhone BACKUP 2:27"
setenv PATH "/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
setenv _CODESIGN_ALLOCATE_ /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate
/usr/bin/codesign -f -s "iPhone Developer: Coulton Vento (LVEE98KDSF)" "--resource-rules=/flashPics_iPhone BACKUP 2:27/build/Debug-iphoneos/TableView.app/ResourceRules.plist" --entitlements "/flashPics_iPhone BACKUP 2:27/build/TableView.build/Debug-iphoneos/TableView.build/TableView.xcent" "/flashPics_iPhone BACKUP 2:27/build/Debug-iphoneos/TableView.app"
/flashPics_iPhone BACKUP 2:27/build/Debug-iphoneos/TableView.app: object file format invalid or unsuitable
Command /usr/bin/codesign failed with exit code 1
This is a good resource in figuring out how to setup the provisioning:
http://mobiforge.com/developing/story/deploying-iphone-apps-real-devices
You must download the provisioning profile, the certificate and make sure your iPhone's UDID is registered on those accounts. Then for the Distribution profile you need to specifically tell it in it's setting to use a Distribution Profile to make it build it.
Edit:
Under Project Settings > Select the Configuration your using (Debug, Release, or Distribution) and make sure under Code Signing your Profile appears there.
I fixed that error. The steps are:
GOTO project
select Edit Project setting
in genatel tab project Format select your current Compatible Xcode version and select based SDK for your currunt iPhone Device; for example (iphone device 4.0) then...
build tab:
configuration : Distribution
Base SDK : choose your latest xcode SDK Device
Code signing identity : choose your provisional portal that you alredy created in iPhone Devloper center and you installed so select that particular provisioning.
Any iPhone OS Device : select same as Code signing identity (as mentioned above)
Then next step is go scrolling at below that find Product Name
Product Name : give Product name exactly same as your prodoct name. That's it.
Follow the same steps in configuration :Debug and Release

How to solve "Application failed codesign verification" when uploading to iTunes Connect?

I've got a problem that I couldn't solve with a deep search in different resources as most of the "similar" points out to be an error with Icon.png size, etc...
I've tried to upload my application after verifying that:
Correctly builds and run on my device
That my certificates are installed properly
That my certs / profiles are not expired.
That the Icon.png has the proper size and format of 57x57 PNG.
And several other things.
Ran codesign --verify -vvvv MyApp.app which worked fine.
My ZIP File was properly done
When I've tried to upload through the iTunes connect interface I got the simple error above, and that's why I tried with ApplicationLoader, to try and find out what's causing the error looking at the console.
The console showed the following:
16/02/10 13:25:52 ApplicationLoader[549] *** Codesign error (please ignore invalid option comments): got requirements(0x800000, 534)
Executable=/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app/MyApp
Identifier=com.realtimed.MyApp
Format=bundle with Mach-O thin (armv6)
CodeDirectory v=20100 size=829 flags=0x0(none) hashes=33+5 location=embedded
Signature size=4333
Authority=iPhone Developer: My Name (XXXXXXXXX)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=16/02/2010 13:22:24
Info.plist entries=17
Sealed Resources rules=3 files=28
Internal requirements count=1 size=144
Executable=/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app/MyApp
got entitlements(0x800400, 317)
codesign_wrapper-0.7.3: using Apple CA for profile evaluation
codesign_wrapper-0.7.3: Caling codesign with the following args:
codesign_wrapper-0.7.3: /usr/bin/codesign
codesign_wrapper-0.7.3: --verify
codesign_wrapper-0.7.3: -vvvv
codesign_wrapper-0.7.3: -R=anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and certificate leaf[field.1.2.840.113635.100.6.1.4] exists
codesign_wrapper-0.7.3: --entitlements
codesign_wrapper-0.7.3: /var/tmp/signingbox/codesign_wrapper_entitlements.plist
codesign_wrapper-0.7.3: /var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app
**/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app: valid on disk
/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app: satisfies its Designated Requirement
test-requirement: failed to satisfy code requirement(s)
codesign_wrapper-0.7.3: failed to execute codesign(1)**
Any help / feedback or ideas on how to solve the situation would be highly appreciated.
I found the solution to this problem after deeply looking at the log file.
Although I created my own Distribution Profile and assigned to the CODE SIGNING IDENTITY the correct value for the developer certificate, it didn't work giving me an error: "Application failed codesign verification".
The problem is at the following line:
Authority=iPhone Developer: My Name
(XXXXXXXXX)
Despite the correct selection in the project settings for the Distribution profile, XCode was compiling it with the developer certificate.
I finally solved it: Right click on the "Targets" -> Get info -> and there it was selected (don't ask me why) the wrong distribution certificate instead of the right one.
I corrected that and it finally was accepted.
Related links (you need a developer account): https://devforums.apple.com/message/147964
Excellent post. I too was having this trouble and after much headache realized that both the Project AND the Target should be checked for using the correct Code Signing Identity. Somehow Xcode was reverting back to the Developer Provisioning Profile instead of the Distribution Provisioning Profile. It even did so on a build right after I had deliberately selected the correct one!
I. To be safe, first do the following:
Clean all builds.
Delete contents of build folder in finder.
Delete existing code signing identities from the project and target settings.
Restart Xcode.
II. Then check the Project for the correct Provisioning Profile:
Go to Project Settings > Build Tab > Code Signing Identity
Select the appropriate Distribution Provisioning Profile
III. Now check the Target:
Target > Get Info > Build Tab > Code Signing Identity
Select the appropriate Distribution Provisioning Profile
IV. Cross fingers and hope you never see that blasted little yellow triangle again.
Cy took the right approach for solving this problem - When "Application failed codesign verification" is a build warning, expand that item in the build log and scan for the root cause of the failed signature verification.
In the case of Cy.'s original post you'll see that the root issue was "test-requirement: failed to satisfy code requirement(s)", and in my experience this is almost always caused by signing with the wrong certificate i.e. an iPhone Developer profile instead of iPhone Distribution.
The root cause is not always an obvious explanation, but should guide you at least with additional search terms or troubleshooting ideas.
For others experiencing the "Application failed codesign verification" during Xcode Archive Validation or Submission, look to the build log at Product > Archive time for a build warning by the same title and expand that for the root cause. Then take a look at Apple's complete list of potential causes of this error at the following URL "How do I resolve the error: Application failed codesign verification?"
Check that the TARGET (and not only the Project) is setup with the correct Code Signing Identity for Release

Resources