Cannot sign OS X app with Developer ID certificate properly

Question

Created Aug ’16

Replies 3

Boosts 0

Views 5.3k

Participants 3

I've read almost anything and everything there is about signing Mac Application for distribution outside the Mac App Store.

Basically - I have a valid "Developer ID Application..." certificate (created a new one just in case) and I made sure all other Apple certificates are there and valid.

O set things up in XCode so that my Developer ID Application... certificate is used for code signing in the relase mode and then archive the app.

After archiving - I even do "Validate" and select the proper team. It goes through it's thing and says that it validated everything without issues.

I then export the app using the same team and everything looks fine, but ... I cannot run the app - says that Code sigining is invalid in the crash log and if I do codesign -dv myapp.app it comes back as myapp.app : no signature and TeamIdentifier=not set etc..

I am starting to pull my hair out!

Any suggestions on what to do? This should work right?

Thanks!

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’16

Just FYI, I ran through this process on my machine (OS X 10.11.6, Xcode 7.3.1, standard Developer ID) and it worked fine for me. So AFAICT there’s nothing fundamentally broken here.

What version of Xcode are you using?

if I do codesign -dv myapp.app it comes back as myapp.app : no signature and TeamIdentifier=not set etc

Please post a copy of that output.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

djogon OP

Aug ’16

Figured it out - it may help someone else...

Turns out that I had one of the Apple Intermediate certificates "Developer ID" set to "Always trust". Apparently - this is what was responsible for the issue. Changing it back to "Use system default" fixed the issue.

I wish the validation process in XCode would catch this.

0

Answer 3

vytasz OP

Jan ’17

Thanks a lot, that's exactly what I have. Build and signed on XCode without problem, but when I try to submit to iTuneConnect I got error:

ERROR ITMS-90035: "Invalid Signature. Code failed to satisfy specified code requirement(s). Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). ....

codesign --display --requirements - --verbose=4 myapp.app

I saw : TeamIdentifier=not set

After half day research step onto your solution to check certificate permission and find out that I have `Always trust` set (with idea for CI builds not to promot). Then I change back to system default option (same as all other) and rebuild / sign, I got all signed ok. TeamIdentifier got set and ipa was accepted by iTunesConnet !

0