Hello,
I am normally a windows programmer, but I am trying to get my PySide/Qt app into the app store. I'm almost there, I just have a couple of questions about the signing process.
I have two laptops, one intel silicon, one mac silicon. I created 2 CSR's, one on each laptop and used them to generate 2 Mac Installer Distribution certificates and 2 Mac App Distribution certificates.
When it came to downloading the provisioning profile, I selected one Mac App Distrbution Certificate on the interface at developer.apple.com, saved it and then downloaded to the appropriate laptop. I then switched the provisioning profile to the other Mac App Distribution Certificate and downloaded it to the other laptop. I then built the app and uploaded everything using xcrun altool.
On the intel machine only(which has the first provisioning profile) I successfully uploaded the package but I get an email identifying lots of similar errors of the type (Lets call it error1):
ITMS-90284: Invalid Code Signing - The executable XXXXX must be signed with the certificate that is contained in the provisioning profile.
On the ARM machine only i get the following error (Lets call it error2):
ITMS-91109: Invalid package contents - The package contains one or more files with the com.apple.quarantine extended file attribute, such as XXXXXXXX embedded.provisionprofile”. This attribute isn’t permitted in macOS apps distributed on TestFlight or the App Store. Please remove the attribute from all files within your app and upload again.
On both I get the following error lets call it error3:
ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at XXXXX is missing an application identifier but has an application identifier in the provisioning profile for the bundle. Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight.'
My first inclination is that all the error1's are coming from having two sets of CSRs, Mac Distribution certificates, provisioning profiles etc. Should I have only used one CSR and made one each of the Certificates?
I don't know why I have error2. I don't know where the quarantine attribute is coming from and why it would affect the mac silicon and not the intel. Any ideas? my entitlements file has the following:
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.device.bluetooth</key>
Error3 is the one where I need to try a few things but knowing what is expected will help. In the provisioning profile when viewed at developer.apple.com it has the APP ID listed as the 10 digit id followed by the bundle ID
but I sometimes see just the 10 digit app ID being used and sometimes the bundle ID. I know that it's up to me to figure out how to get it into the build, but knowing what it should be would be helpful.
On the other hand the text "Bundles with application identifiers in the provisioning profile ..." indicates that if the application identifier was not in the provisioning profile i might get away with it, but this might be grasping at straws.
If you have made it this far, thank you for reading.
Glad to hear you’re making progress on this.
To be clear, the remaining error, your error 2, is the ITMS-91109 error related to the com.apple.quarantine extended attribute, right?
If so, note that this isn’t an entitlement key but a file system extended attribute key. We added this check relatively recently. Previously, developers would sometimes ship App Store apps that were pre-quarantined, which didn’t end well.
I expect the basics of this in this thread. Please read that and reply back here if you have follow-up questions.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"