Asset validation failed (90284) Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile

There are limits to how much I can help you with third-party tooling. I can explain what our system is complaining about, but if you need help fixing that I recommend that you raise this via the support channel for your tooling.

The error you’re getting is pretty clear once you understand what a provisioning profile does. I recommend that you read TN3125 Inside Code Signing: Provisioning Profiles. In short:

1. Your tooling is embedding a provisioning profile for your app.

2. That profile authorises a list of code-signing certificates.

3. But your app is signed with a code-signing identity whose certificate is not on that list.

This is a serious concern:

Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1

It suggests that your tooling is passing an invalid entitlements file to codesign. I see that quite often with third-party tooling, which has a tendency to treat an entitlements file as text rather than as the complex structure it actually is. See Normalise the Entitlements Property List in Resolving Code Signing Crashes on Launch.

It’s possible that this error is the cause of your other error. If this error is causing to codesign to fail, and the tool you’re using doesn’t notice that failure, the copy of your app inside the installer package would still be signed with your development signing identity, which would trigger the App Store Connect failing you’re seeing when you submit it.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you for the information! I think my embedded.provisionprofile file is not correct, and I'm trying to use XCode to generate a fresh new provisionprofile, but am running into an issue.

My Xcode macos project keeps giving me an error saying:

Provisioning profile "BRandNewMebedded" doesn't include signing certificate "Apple Distribution: Martin Barker (LV6WXG529F)".

When I download the Provisioning Profile file "BRandNewMebedded" from online, I make sure it has "Mac App Distribution" checked, but even if i edit it to use the first option "Distribution" and re-download it, my XCode keeps saying the same error in red.

Can you explain more about your overall goal here?

The reason I ask is that, in the vast majority of cases, it’s best to leave automatic code signing enabled for both the Debug and Release configurations. You then build an Xcode archive and re-sign for your target environment when exporting from the archive. However, I’m not sure if that’ll work for your setup, and hence my question.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

My overall goal is to release a new version ( v1.1.5 ) of my electron app on the mac apple store.

I've been able to release multiple version in the past couple years, currently my app is sitting at v1.1.4 in the mac apple store.

Usually when I try to package, sign, and release a new mac / mas build, there's some difficulty with making sure all the entitlements and provision profiles are up to date and correct, like what I'm experiencing now.

And with coming back to release a new version after long periods of time It's always a little rusty on figuring out how to correctly setup my keys/profiles/certs so that a mas build can get signed and uploaded through transporter successfully.

So maybe xcode isn't needed at all in my case, and I shouldn't be trying to generate a provisioning profile on that page like in my last screenshot. I just know I've gotten through this process before successfully and a trying to do it again, while taking better notes, so I can release more upcomming versions faster and without troubleshooting like this.

Even after some more attempts I'm still facing the transporter error

Asset validation failed (90284)
Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile

Does this mean that maybe my file embedded.provisionprofile contains the wrong certificate? I did just generate a new MAS Developer Cert, but have been struggling trying to move past this issue.

My overall goal is to release a new version … of my electron app on the mac apple store.

There are two paths towards that goal:

• Working solely within Xcode

• Doing your own thing

If you’re working solely within Xcode, I recommend that you:

1. Enable automatic code signing in your project for all (Debug and Release) build configurations. This signs your day-to-day builds with an Apple Development code-signing identity.

2. Use Product > Archive to create your release build. The resulting archive will also be Apple Development signed.

3. Use the Xcode organiser for distribution. This re-signs your app based on the distribution channel you choose.

I’m not sure if this approach is compatible with your third-party tooling. For a definitive answer to that question, you’ll have to escalate this via its support channel.

Things get trickier if you’re doing your own thing. My advice is that you follow the same basic workflow, that is:

• Use Apple Development signing for day-to-day development.

• And for your release builds.

• And then re-sign that for distribution.

For specific advice on how to manually re-sign and and then package an app, see:

• Creating distribution-signed code for macOS

• Packaging Mac software for distribution

This is a very involved process, but I suspect that your third-party tooling has a script to help you with it. Again, I can’t advise you on that front, other than to recommend that you check that this script follows the rules described in the above-mentioned docs.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"