I've build a new application which is going to support IOS 7. I got the new XCode 5 GM and tried to sign my apps using my fresh provisioning profile and distribution certificate, but i'm having trouble with distribution. I constantly get the following error:
"Invalid Code Signing Entitlements. The entitlements in your app
bundle signature do not match the ones that are contained in the
provisioning profile. According to the provisioning profile, the
bundle contains a key value that is not allowed:
'[XXXX.com.sample.company ]' for the key 'keychain-access-groups".
Also the same error for a key value called application-identifier.
Screenshot of the errror:
The solution lies in the new option in Xcode 5 which says provisioning profile. Just set the project target's provisioning profile to the right one and it'll work.
If you are like me and you think you tried EVERYTHING, archived your project over ten times, banged your head on the keyboard and still get this error. Please do yourself a favor and simply Restart XCode, it worked for me. Sometime Apple... I hate you.
I went through many of the steps above but what finally worked for me was refreshing my profiles in Xcode. Not sure why it was necessary since my app's distribution profile was showing up in the list already. Here are the steps:
Xcode Preferences
Accounts tab
Select your Apple ID
Hit the View Details button in the Apple ID detail panel
Hit the Refresh button in the lower left corner
In my case, i activated the same capabilities in Xcode that in Application services in developer.apple.com. Thats works for me
In my case (sorry) I switched "Team" to "None" in -> General -> Identity
In another case I needed to switch this identity from "None" to the developer account managing the identities and profiles.
Xcode sometimes messes up greatly with code signing, it seems. Or, we mere mortals simply aren't clever enough to understand what it is doing, of course. Don't give up, we're all going through some code signing torture at times!
In my case, I had to set correct Provision Profile for Release, and then had to restart Xcode. Before restarting, it had same provision profile, and didn't work. So, sometimes a restart can do miracles. Maybe this helps somebody.
If someone uses a GameCenter then check this section in your target. I worked with some old project and there were 2 errors (but everything worked fine). Disabling and enabling it back solved this problem.
Most likely this action adds Game Center entitlement to App ID and and handle it itself.
1.Go to project folder, delete *.entitlements files.
2.Then go yo in xcode project target -> build settings -> code signing entitlements - delete values
3.Clean
4.Run
Ah, this glorious error. For me whenever I see this error I check the following things:
1. Allow XCode to access your provisioning profile info all the time - If XCode keeps asking when you start it up to have access to your computer's private files so that it can get provisioning profile information with the options to allow access always, not now, or just one time - set it to ALWAYS ALLOW access
2. If you have any old entitlement files kicking around your project get rid of them and any sign of them - if you see a .entitlements file in your project delete it (or at least remove the reference to it if you aren't sure you are ready to outright delete it), then make sure the 'Code Signing Entitlements' line under the 'Code Signing' section in Build Settings is empty
3. Check your Application Services online and match them up with your Services in XCode for the app - Go to the Apple Member Center and check the App ID for your app, click on the app to see its 'Application Services' and see what you have checked, then go to XCode and check your 'Capabilities' section to make sure the two have the same list of Apple services on both
4. Make sure you assign a valid Provisioning Profile to your app before validating - double check your provisioning profile for your app in the Apple Member Center, make sure it isn't expired, has the right App ID with the correct bundle id and distribution. Download and click on the new provisioning profile to make sure XCode has it, or go to XCode > Preferences > Accounts > click on your account and 'View Details' then click the bottom corner button to Sync all the profiles to XCode. You should have the profile available to select now in the 'Code Signing' section. Once you have the correct provisioning profile then you can set the 'Code Signing Identity' lines to the correct option for that provisioning profile.
Note - if doing a distribution certificate it can help to set all the 'Code Signing Identity' lines to the identity you use for distribution including the debug lines
5. IF ALL ELSE FAILS - Clean your project and Restart XCode and some Apple magic may just work fine the next time you open your project and try to Validate
If you're building an old 3.1.5 project, Xcode 5 has some bugs which unfortunately makes Benjamin's answer impossible, as there are no Provisioning profiles to pick from. After many a late hour of tormented reading of Xcode project files I came up with this solution that worked for me:
In the Utilities pane (to the right) in Xcode 5, under project Document, change from Xcode 3.1-compatible to Xcode 3.2 compatible.
Enter your organization name.
Close project.
Open your project file, e.g. open -a TextEdit path/to/name.xcodeproj/project.pbxproj
Remove the two Distribution clauses (isa=XCBuildConfiguration).
Remove the two accompanying lines in buildConfiguration (one in PBXNativeTarget and one in PBXProject XCConfigurationLists)
Now you're ready to re-open, archive and submit to App store - voilà! It works again!
How I think it works
I assume this works because Apple somewhere along the line decided to drop the need for any separate distribution config, which is a good thing. When I archive, Xcode automatically code signs for distribution. That's the way it should have been implemented in the first place, it's just a shame that Apple can't make auto-migration part of the IDE; instead they force us developers to spend man-decades to make this stuff work.
I have been struggling with this problem for more than a day now, trying all kinds of solutions suggested here and elsewhere on the internet. Nothing worked...
But, I finally managed to solve the problem!
The problem I had was with an old app that I haven't touched in over 3 years, and now I was about to release a long awaited update. Since the time I released the app, Apple has been updating how the certificates and App Id works. They have introduced the concept of Team Id which seems to be recommended to use.
In particular, the Apple's "Certificates, Identifiers & Profiles" site, has seen a lot of changes since then.
There I realized that the Provisioning Profile I was using for App Store Distribution were connected to the App Id ED8xxxxxxx.com.rostsolutions.* but looking at the App Id for the game I was about to submit I notice that the App Id was ATMxxxxxxx.com.rostsolutions.Swisch. So the App Id prefix did not match!
That seemed to be the root of the problem. So what I did was to create a new Provisioning Profile connected to the App Id ATMxxxxxxx.com.rostsolutions.Swisch instead. Using that Provisioning Profile I successfully submitted my app to App Store and now I just keep my fingers crossed that everything else works fine at Apple's side.
(I first tried to connect to new Provisioning profile to the wildcard Id ATMxxxxxxx.com.rostsolutions.* instead, but that didn't seem to work).
But what puzzles me is that when I look at the old App in iTunes Connects and goes to Binary Details, it says that the App Id is ED8xxxxxxx.com.rostsolutions.Swisch. So why is the "Certificates, Identifiers & Profiles" page listing the App Id as ATMxxxxxxx.com.rostsolutions.Swisch?
My problem was solved by removing my Apple ID from Preferences->Accounts and then adding it back again. Then all my provisioning profile files showed up on the View Details utility panel. I was mistakenly choosing "Mac Team Provisioning Profile:*" instead of the actual distribution provisioning profile for the project thinking that it was a generic selection. Provisioning files must be specific to the project. Oh, and BTW, make sure your provisioning profile has the correct entitlements (for example, Maps). I managed to release an app with OSX Maps without the entitlement and Apple approved it -- but no Maps showed up on the production version!
In my case, I had the same problem, my solution was to change the 'Release Provisioning Profile' in the Build Settings before doing Archive. I do this twice, once for App Store distribution, and another one for Ad Hoc distribution. I also add a comment on my archives. My conclusion is that there is something broken about the "archive re-signature".
There is a very good tutorial for solving that problem on this website.
It says that this problem can occur when your Projects Bundle Identifier is different to the one you entered on the iTunes Connect Website.
I think xcode 5 uses "release" instead of "distribution" that you may created yourself.
If all above didn't work (in my case after couple of days no luck trying everything) I have only one Mac application. BE CAREFULL WITH REVOKE!
1) Revoke by hand all "Mac App Distribution" & "Mac Installer Distribution"
2) Clean relevant certificates and open-keys in Keychain (Warning: export before delete)
3) Restart Xcode
4) Go to (in Safari) developer.apple.com -> certificates etc.
5) Create CertificateSigningRequest.certSigningRequest in Keychain->Certificate assistant
6) Create by hand on developer.apple.com both "Mac App Distribution" & "Mac Installer Distribution" with your *.certSigningRequest
7) Provisioning Profiles -> Distribution -> create/fix custom provision for AppStore (I'm specially named it as "Mac provision profile for AppStore"
8) Xcode -> Settings -> Account -> Your account -> Refresh
9) Xcode Clean -> Archive -> Validate
I have been struggling with similar problem (I was building for Ad-Hoc distribution). Only thing that has changed since last successful deploy, was adding two devices to provisioning profile.
After double- and triple- checking all build settings, I regenerated provisioning profile (without changing anything), re-downloaded and it worked fine.
So note to self: if there is no logic explanation, you can always try good old IT voodoo.
I also recommend iPhone Configuration Utility, which despite its name, is useful for checking what provisioning profiles you have on computer.
ERROR ITMS-9000: “This bundle is invalid. New apps and app updates submitted to the App Store must be built with public (GM) versions of XCode 5.1.1 or higher and iOS 7 SDK. Do not submit apps built with beta software.
If multiple developers are using the same member center account. One of them can't use a certificate created by others cause they used a certificate request created using their computers.
You need to use a certificate created by you (certificate request
created using your computer).
Alternative, told them to send you the Developer Profile. not sure of the name. to use a certificate created on another computer.
Code signing Entitlements occur because of your resource does not contain Entitlements file in resources,Just go to build setting and search code signing Entitlements delete entry for debug and release, build project again you will see there is no error. Cheers
I had the same problem, but nothing written here worked for me. However, I found a simple way that worked for me. Here's how to do it:
1) In your Project and your Target(s) build settings, choose "None" for all Provisioning profiles, and choose "Don't Code Sign" for all Code Signing Identities.
2) Now, choose your Target and go to build settings. In Code Signing Identity Release setting, choose "iOS Distribution" for "Any iOS SDK". And then, in Provisioning Profile Release setting, choose your distribution profile for "Any iOS SDK". After that your Code Signing Identity Release setting should automatically change to "iPhone Distribution".
3) Archive your build and validate. Now it should work fine. That's it!
In my XCode project, I have 4 different Build Configurations: Production, Development, Staging, and Staging2.
In my Build Settings, I noticed Validate Built Product is set to No for all configurations. If I switch them to Yes, I then get a warning each time I try to build:
Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate. (-19011)
I'm still able to build on to the phone and create Archives though.
At least for production, I'd like to turn Validate Built Project to Yes, but I don't want to see that error each time.
How can I make codesign happy?
Note: I recently upgraded to XCode 4.6, reinstalled the command line tools, and updated my project settings when XCode prompted me to do so. I confirmed that I had Production set to Yes all along, which tells me something with this upgrade is causing this error.
Also, I've read this support doc pretty thoroughly, followed all the steps, and it seems as though everything was correct to begin with.
Hello all I am new to the Xcode etc... I made a app now I am trying to distribute it ad-hoc I paid for the enterprise license, I see this is a problem with other people I just am too new to find out what to change. A valid provisioning profile matching the application's Identifier '4R7B8RY6Z1.com.LaneBob' could not be found is the error I created a provisioning profile '4R7B8RY6Z1.com.LaneBob.*' what do I change in the code or Xcode to fix this so I can build it? I am building to archive not to a device so I am not sure what to do.
Thanks for any help!
EDIT
I have checked these places:
1) info.plist
Make sure that your Bundle identifier matches what you have in your Provisioning portal. It should have what you entered online, not the yourcompanyname stuff.
2) Your target
Right click on your build target and select "get info". And then under the Build tab, find the Code Signing section. There should be one item that says Code Signing Identity. This is where you pick which signing identity to sign with and you want to make sure it matches the intended provisioning profile. If you don't see your provisioning profile listed, you didn't install it correctly. Your provisioning profile needs to be installed on the device for it to run, and in Xcode so it can sign the app with the provisioning profile.
Still not working
I had the same error message when I was trying to build an app on my iPhone. Everything seemed to be in order, I.e. the certificates were all valid and present and so on, but I just couldn't get it to work.
I just couldn't find the option "iOS team provisioning profile" in Project > Build Settings > Code Signing > Code Signing Identity - this was the main clue to a solution. If you can't see that option there, check your Xcode Organizer.
Inside it, go to Library > Provisioning Profiles:
Now what you should see if everything were right is this:
But if on the other hand you see an empty list, click the Refresh button in the lower right corner of the Organizer:
After said procedure, Xcode started churning out wonderful messages of "adding" and "finishing" and then my app appeared on my iPhone. The End.
Good luck!
For your two points:
1) You should have com.LaneBob.yourappName in the info.plist file. For Ad-hoc distribution you can't have 'generic' names with wildcard characters. You don't need the beginning HASH part (4R7B8RY6Z1. in your case)
2)You pick code signing identity in XCode target preferences. 'LEFT' click on project, then go to the target of your app. Inside there, there are 'code signing identity' for different configurations. When you build and archive you typically build release mode and use distribution certificate.
All this can not solve your problem if you don't have provisioning profile installed in your mac. Just download it from the portal and double click on it to install it. Also with newer XCode you can just download all provisioning portals from organizer, by entering the user/password there.
Incidentally, I found you need to restart xcode sometimes to 'get' the keychain updates.
Hope it helps!
In my case, I had to first BUILD the app with Cmd-B.
This popped up a keychain window access asking me to "Allow" (or "Always Allow") Xcode to access the keychain.
Only THEN could I actually run the program to launch it on my iPhone.
Apparently, hitting only run didn't do the trick.
(Btw, remember to first sign your app with the "iPhone Developer: Your Name ()" key.
I am about to publish my first free app on the appstore. Following the instruction on the developer portal, I have added an "Entitlements.plist" file, and referenced this file in the "code signing entitlements" project setting. After I did this I can no longer test the app on my Ipod, with this error message "Executable was signed with invalid entitlements". If I remove the reference to the entitlements file, everything works fine.
I have already done this:
- re-downloaded my provisioning profile and installed it in organizer
- Tried making a new provisioning profile and installed that
- unchecked "get-task-allow" in the plist-file.
- Tried "clean all targets"
Can any of you shed any light on this one? Is this critical when publishing to the appstore? I have my distribution profile ready, but I suppose I have to solve this isssue first. I am thankful for any thoughts on this matter!
It sounds like you have accidentally set the project to use the entitlements file instead of just the distribution build. The entitlements file should not be used when compiling against your developer certificate ie for your iPod. It should only be used for distribution.
What you have most likely done is edit the global version of the setting (by double clicking on the project file in the groups and files section) instead of the target version.
Here is how to fix that.
open your project in xcode
under project set the active sdk and the active build configuration to whatever you use for your ipod
open the target tab under groups and files
Double click on the target you are trying to build. Target icons look like an A made out of tools
scroll down to code signing and remove the code signing entitlements
If your company (or homepage anyway) is called for example stackoverflow.com, then it's good practice to have your app identifier: com.stackoverflow.myAppName. And You generic app identifier in your certificate should be ***com.stackoverflow.****. This has to be defined in the iPhone dev centre. And then make sure to edit your app's bundle identifier in the Info.plist to reflect those changes. After you do that you can test on a device and also publish for the AppStore.