We're trying to submit our desktop app for gallery making "jAlbum" to the AppStore. However, after submitting our app, we eventually receive an email reply with errors messages we don't understand how to work around. Apple has directed us here for support:
Dear Developer,
We identified one or more issues with a recent delivery for your app, "jAlbum" 19.1 (19.1). Please correct the following issues, then upload again.
ITMS-90238: Invalid Signature - The executable at path jAlbum.app/Contents/Java/lib/libjcocoa.dylib has following signing error(s): code object is not signed at all In architecture: x86_64 . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.htmland Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.
ITMS-90238: Invalid Signature - The executable at path jAlbum.app/Contents/runtime/Contents/Home/lib/libawt.dylib has following signing error(s): code object is not signed at all In architecture: x86_64 . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.htmland Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.
ITMS-90238: Invalid Signature - The executable at path jAlbum.app/Contents/runtime/Contents/Home/lib/libawt_lwawt.dylib has following signing error(s): code object is not signed at all In architecture: x86_64 . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.htmland Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.
...
That list goes on with the same errors for around 40 items. As this is a Java based app we don't develop within XCode. We instead rely on Apple's command line tools to package and sign the code. We have downloaded the certificates (developer, application and installer certs) from the Developer Center. Here's how we sign and package our app. What are we doing wrong?
codesign -a x86_64 --entitlements Entitlements.plist -s "3rd Party Mac Developer Application: Jalbum AB" -f jAlbum.app/Contents/runtime/Contents/Home/lib/jspawnhelper
codesign --deep -a x86_64 -s "3rd Party Mac Developer Application: Jalbum AB" -f jAlbum.app/Contents/runtime/
codesign -a x86_64 -s "3rd Party Mac Developer Application: Jalbum AB" -f jAlbum.app/Contents/MacOS/libapplauncher.dylib
codesign -a x86_64 --entitlements Entitlements.plist -s "3rd Party Mac Developer Application: Jalbum AB" -f jAlbum.app
echo "Creating pkg"
productbuild --sign "3rd Party Mac Developer Installer: Jalbum AB (TQ748SBU4V)" --component jAlbum.app /Applications jAlbum.pkg