Search code examples
iosapp-storecode-signingappstore-approval

Weird error validating code-signing for apps-store distribution

When building my app for distribution to the app store, I get the following warning:

warning: Application failed codesign verification.  The signature was invalid, or it was not signed with an Apple submission certificate. (-19011)  
Executable=/Users/tijszwinkels/Dropbox/Documents/projects/iphone/BatteryLogger Pro/build/App-store distribution-iphoneos/BatteryLogger Pro.app/BatteryLogger Pro
codesign_wrapper-0.7.10: using Apple CA for profile evaluation    
Illegal entitlement key/value pair: keychain-access-groups, <CFArray 0x104270 [0xa0376ee0]>{type = mutable-small, count = 1, values = (
    0 : <CFString 0x104170 [0xa0376ee0]>{contents = "eu.TinkerTank.BatteryLoggerPro"}
)}
Illegal entitlement key/value pair: application-identifier, eu.TinkerTank.BatteryLoggerPro
 - (null)

Upon submission, I get the same 'Application failed codesign verification' error.

This is the file that is said to be in error:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>eu.TinkerTank.BatteryLoggerPro</string>
    <key>keychain-access-groups</key>
    <array>
        <string>eu.TinkerTank.BatteryLoggerPro</string>
    </array>
</dict>
</plist>

However, I haven't configured any 'manual' Entitlements.plist file. Therefore, this file is automatically generated from: /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.1.sdk/Entitlements.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
    <key>keychain-access-groups</key>
    <array>
        <string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
    </array>
</dict>
</plist>

Any ideas on what could be wrong here?

Solution

  • In my case the keychain-access-groups was wrong. Easy to miss, Filemerge had to hand it to me.

    Incorrect:

    <key>keychain-access-groups</key>
<array>
    <string>$(TeamIdentifierPrefix)$(CFBundleIdentifier)</string>
</array>

    Correct:

    <key>keychain-access-groups</key>
<array>
    <string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
</array>

    The complete correct file:

    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.developer.ubiquity-container-identifiers</key>
    <array>
            <string>$(TeamIdentifierPrefix)$(CFBundleIdentifier)</string>
    </array>
    <key>com.apple.developer.ubiquity-kvstore-identifier</key>
    <string>$(TeamIdentifierPrefix)$(CFBundleIdentifier)</string>
    <key>keychain-access-groups</key>
    <array>
        <string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
    </array>
</dict>
</plist>