Can't submit Mac app via xcode4 - Invalid Signature - xcode

I keep getting this error:
Invalid Signature - This error occurs when you have signed your app's installer incorrectly. There are two certs required for this process: the "3rd Party Mac Developer Application" cert and the "3rd Party Mac Developer Installer" cert. When signing your package, you need to ensure that you are using the Installer cert to sign your package. Ensure that you are specifying this cert when submitting your app via the Xcode Organizer or when running productbuild from the command line.
I've googled, and have followed instructions but to no avail.
I have:
Projects > targets > build > code signing > 3rd Party Mac Developer Application:
Then when I go to archive and it opens up Organizer I go to submit I select the '3rd Party Mac Installer' key. But it still fails :(
Do I need to do anything else? Like clean and then build first? (Build for what? Or just select build? - Although I've tried pretty much all of them first, and then archive).
If it's of relevance I am using MacRuby, and had to do this first to set it up for xcode deployment: http://redwoodapp.posterous.com/macruby-and-xcode-4-build-a-self-contained-ma
Any help appreciated - I'm tearing my hair out here :(

I had the same problem lately. And this is a perfect chance to write down and share my own notes. :)
I am assuming you are using Xcode and Organizer (not application uploader)
Step 1: Check Keychain Access.app.
You have to have two certificates (That you download from mac dev center). Each of these has to be linked with a private key.
In the picture, I have only one certificate "nacho4..." linked with a private key "nac...". So I should go to the mac dev center and download my certificates in order to continue. Download them and drag them into the "login".
Step 2: Make sure you can build your app with the right configuration.
In my case, I setup three configurations.
Debug: can debug + no signing (for development)
Release: cannot debug + no signing (mainly for internal betas, etc)
Distribution: cannot debug + signing (for app store distribution)
Go to project "build info">"build signing">
Make sure that you are signing you code with the correct sign identity. Something like: "3rd Party Mac Developer Application. My Company Inc."
*If you can't see this then it means something wrong is with your certificates in Keychain Access.app. Check your certificate is linked with a private key
Step 3 Make sure you are building the right configuration.
(Yeah, kind of obvious but it happened to me the last time. This is the reason you could be getting "Invalid signature") In the "Edit Scheme" panel , make sure you have the right configuration in the "Archive" section. In my case is "Distribution" (The default is "Release ")
Note that if you don't do this correctly you will get be able to submit your binary to Apple but minutes later you will get an "Invalid Signature". Because the certificates are fine but the app is not signed.
Step 4: Build you app and submit it
Xcode>Product>Archive
The organizer will appear. Now just submit it.
I have found that validating the archive is useless because sometimes even the validation fails I am able to submit my app without errors. I read this from other threads too so not only me. So if you are sure this is the version you want to submit to Apple. just press the submit button.
You are asked your username and password.
Then, you get another menu to select the application (With has only one option, at least in my case) and then select the signing identity I think.
This is important! Make sure "3rd Party Mac Developer Installer" is selected and everything should work.
If you can't see "3rd Party Mac Developer Installer" option in the last menu then it means something is missing in your keychain. (The Installer certificate from the mac dev center)
Note that if you don't do this correctly you will be able to submit your binary but minutes later you will get an "Invalid signature" mail from iTunes Connect because the app probably could be well signed but the certificates Apple will se are incorrect.
I hope it helps.

The other two answers are good checklists, but it didn't work for me.
My problem was that I had installed Xcode 3.2.6 on Lion (it doesn't work anyway, but that's another story). This corrupted the productutil app.
To fix it: install the BSD.pkg in the Packages folder of your Lion Installer.
Thanks to Jacob Gorban to share his solution on Apple Devs Forums.

Think this is finally sorted - thanks to Daniel from the MacRuby mailing list. I actually ended up creating a ticket with Apple, but hopefully they won't charge me for it now it's been fixed without them.
You can view the solution here: http://astonj.com/uncategorized/invalid-signature-error-on-submitting-app-to-the-mac-app-store/

Related

Can't get my Mac App signed for testing receipt validation

I have my "Mac Developer: ..." certificate installed and it is valid.
I have the Apple Worldwide Developer Relations intermediate ceritficate as well.
I also have a "3rd Party Mac Developer Application" distribution certificate.
In my build settings I have chosen my "Mac Developer: ..." identity for code-signing.
When I built the first time, codesign asked for permission to sign my app and I clicked Always Allow.
Then I did a "Show in Finder.." to see the Product of the build. I found my .app and double clicked it. However, this is what is shown in the system Console:
10/13/11 8:40:44.531 PM storeagent: Unsigned app (/Users/kenny/Library/Developer/Xcode/DerivedData/MyAppName-gabpxiaypxtnikelsyzjwkperixq/Build/Products/Debug/MyAppName.app).
I'm not running the app from Xcode, I just opened the Console app and then double-clicked the app in my build directory.
Why is my app still unsigned? What am I missing?
What works for me everytime is killing the storeagent (thanks fubo). For me it only works with exact that command:
killall -KILL storeagent
It took me a long time to figure out what was causing this when I had the same issue myself a while back. I finally figured it out. You must set the Code Signing Identity (in your app's target & project settings) to 3rd Party mac Developer Application. Then, when exporting your app you must select the 3rd Party Mac Developer Installer certificate in the export wizard.
That's the only way that worked for me. Please correct me if I'm wrong.

Code Signing in Xcode

I was going to turn on code signing for my mac app so I'm able to submit the app to the mac app store. But when I select the 3rd party mac application cert for code signing it says that there were no profiles matching.
And when I'm trying to build the app like that I'm getting the error:
Code Sign error: The identity '3rd Party Mac Developer Application'
doesn't match any valid certificate/private key pair in the default
keychain
And I can't figure out why. I've tried to revoke and reinstall my certificate but that doesn't seem to help.
Here's 2 screenshots. Of the code signing part in the build settings and one from keychain access.
Maybe your able to see what's wrong?
If you need any more info please let me know! :)
Go to Build Setting --> Code Signing Identity --> Select Don't Code Sign.
it will not show Build & Error. (This will work only when you don't want to sign in).
It seems you have a missing key. I'm not sure on the reason why it's missing, but creating a new certificate will likely work.
(For other users, this solution was discussed in chat, this answer was posted here as reference.)

Before signing a mac app and uploading it to the app store

I've been dealing with an issue for a while. The issue is that when I submit my mac app to the app store I'm always getting invalid binary and they are saying it's because of an invalid signature. And that I should make sure it's signed with the installer certificate which it is.
Here is the complete message from them:
Dear Developer,
We have discovered one or more issues with your recent binary
submission for "Mini Week". The following issues will need to be
corrected in order for your application to proceed to review:
Invalid Signature - This error occurs when you have signed your app's
installer incorrectly. There are two certs required for this process:
the "3rd Party Mac Developer Application" cert and the "3rd Party Mac
Developer Installer" cert. When signing your package, you need to
ensure that you are using the Installer cert to sign your package.
Ensure that you are specifying this cert when submitting your app via
the Xcode Organizer or when running productbuild from the command
line.
Once you have corrected these issues, go to the app's version details
page (found in the Manage Your Applications module of iTunes Connect)
and click Ready to Submit Binary. Proceed through the submission
process until the app's status is Waiting for Upload. You can then use
Application Loader to upload the corrected binary.
Regards,
The iTunes Store Team
I've revoked and reinstalled my certificates and development providing profile but that doesn't seem to help so I'm assuming that's not the issue.
Is there something else that could cause this? Maybe I need to make sure something is correct in my build settings or something like that? But if so what? :)
Thank you in advance!
Actually, the signing process does not happen when you submit the app from Code Organizer. Conversely, it may happen when you build your app for deployment, but only if you selected the appropriate cert on the "Code Signing Identity" in the target build settings.
Note that you could also manually sign an existing app via command line:
codesign -s "<name of your signing cert>" -fv "<path/to/your/app/bundle>" -o kill,hard
where <name of your signing cert> is the canonical name of your 3rd Party Mac Developer Installer cert. The optional -o kill,hard enforces the code signature for the OS to allow user to launch the application: if you omit this option, an user could open the app bundle, delete the code sign folder, and copy the app on a different machine. With this option, your app bundle will only launch on the authorized machine, and will not run when the signature folder is not present.

Can't submit Mac OS X Binary: Apple claims the "wrong" certificate was used to sign the binary

Following Apple's instructions, I cannot upload my app to the Mac App Store.
Symptoms:
When I submit my app, I get an automated email from Apple that claims I signed it with the "wrong" certificate. The email says I must use the "3rd Party Mac Developer Installer" certificate - which I did.
Xcode4 forces me to use the "Installer" certificate - it has no other options in the drop-down
If I run codesign from the command line, I actually get an error message: "this identity cannot be used for signing code"
Things I've tried, with no success:
Asking Apple for help (after 1 week, I got an email saying they would get back to me)
Deleting all my certificates, rebooting, creating new certificates from Apple, trying again
Exporting UNsigned from Xcode4, signing with codesign on the commandline, and submitting with Application Loader
Signing inside Xcode4, then submitting with Application Loader (fails because Xcode refuses to even TRY to sign with the Installer cert)
NB: the app itself works fine and is tested on multiple machines - if I do "Share..." and save to disk as a mac .app, I can email that to friends etc and everythign works fine.
Finally, Apple's automated-email:
Invalid Signature - This error occurs when you have signed your app's
installer incorrectly. There are two
certs required for this process: the
"3rd Party Mac Developer Application"
cert and the "3rd Party Mac Developer
Installer" cert. When signing your
package, you need to ensure that you
are using the Installer cert to sign
your package. Ensure that you are
specifying this cert when submitting
your app via the Xcode Organizer or
when running productbuild from the
command line.
Ah, found the problem: Apple's error message is wrong :).
What they meant to say (correction in italics) was:
"When signing your package, you need
to ensure that you are using the
Developer cert during the Xcode4 build phase, and then the Installer
cert to sign your package"
Also, with Xcode4, the binary you upload will ONLY use the settings for "Release", so make sure that you've set "Release" to "Codesign using Developer cert", and then when you go to submit (from inside Xcode4), ALSO select "Codesign using Installer cert" (should be the only option - Xcode4 knows it cannot use a Developer cert at this point)
when Xcode tell you to use the "3rd Party Mac Developer Installer" certificate but you can't find it in "Build Settings" --> "Code Signing Identity", you're going to the wrong place.
Select it when submitting app in Organizer.
In Xcode 4, when you're at the step choosing Application name and Identity, you select "3rd Party Mac Developer Installer" as Identity. Check this post and see #nacho4d's answer.
In Xcode 5, when selecting Identity, if you're one of the team developer, you should select the Your Company Name as the installer certification.

How to make Mac app archive signed?

I want to publish my Mac app to Mac App Store.
So I've tried to sign my app and archive with Xcode 4.
I got the process to sign the app - build settings.
However, I don't know how to sign archive(package).
In Organizer, when I tried to submit with archive, identity drop box shows that "No valid signing identities found" and others aren't showed.
You need to create installation package certificate here: http://developer.apple.com/certificates/index.action
download newly created certificate and double click it to install
Restart XCode if it was launched
UPDATED: And guys! One more thing! Don't use beta SDK. The itunes connect wouldn't accept such binary.
You need the INSTALLER and the APPLICATION certificate for this. And restarting is important, Remizorrr is right!

Resources