After uploading to apple Error: ITMS-90284: Invalid Code Signing

Question

Created Nov ’20

Replies 2

Boosts 0

Views 4.5k

Participants 2

After uploading our 3rd party app for shipping to the Mac App Store, we always receive a message from apple with this issue, but i cant find a good answer how to solve it: "ITMS-90284: Invalid Code Signing - The executable 'com.xy.xy.pkg/Payload/xy.app/Contents/MacOS/xy' must be signed with the certificate that is contained in the provisioning profile."
I changed and renewed the certs but no chance to solve it. Im using latest catalina macOS. Not using Xcode for code signing, using terminal as this is a unreal engine game: codesign -f -v -s "3rd Party Mac Developer Application:" --entitlements entitlements.plist xy.app/ and for packaging: productbuild --component xy.app/ /Applications --sign "3rd Party Mac Developer Installer:" xy.pkg
thank you for ideas

Boost

Answer 1

DTS Engineer OP

Apple

Nov ’20

Accepted Answer

Not using Xcode for code signing, using terminal as this is a unreal
engine game

Yeah, lots of folks who manually sign their app run into odd problems like this. My Signing a Mac Product For Distribution contains a whole bunch of general advice on this topic but, unfortunately, it doesn’t cover your specific issue (one day!).

The error you’re getting, The executable 'com.xy.xy.pkg/Payload/xy.app/Contents/MacOS/xy' must be signed with the certificate that is contained in the provisioning profile., is actually pretty clear. When you submit an app to the store you must:

Embed a provisioning profil within your app.
Sign the app with a certificate that’s covered by the profile.

Clearly you’re doing the latter but are having problems with the former. Just before you sign your app, do this:

Code Block  % security cms -D -i xy.app/Contents/embedded.provisionprofile

That dump should include a list of the certificates covered by the profile. I expect you’ll find that this list doesn’t not include the certificate from the 3rd Party Mac Developer Application signing identity that you’re passing to codesign.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

1

Answer 2

redocto OP

Nov ’20

Thanks your for this great tipp and i could figure out the error now.
My embedded.provisionprofile cert file was not for "3rd Party Mac Developer" ... .

For all those with a similar problem or error Message, its quite simple: just preview the embedded.provisionprofile if the "3rd Party Mac Developer" is listed below - if not, it will throw out this error.
You need to go to "profiles" + (new Profile) and select "Distribution/Mac App Store". Here the right "3rd Party Mac Dev" Cert with your Bundle id for the app will be generated.

1