Application failed codesign verification, WTF part 2

Ok, I can't get even a trivial, from-scratch application to code-sign. Here's what I did:

  1. Launch XCode 3.2.3 on MacOS 10.6.3.
  2. File / New Project
    • iPhone OS Application
    • OpenGL ES Application
  3. Save As: DaliClockTest
  4. Build succeeds.
  5. Set "Active Configuration" to "Release".

  6. Add a 57x57 icon to the project ("DaliClockPhone57.png")
  7. Edit "DaliClockTest-Info.plist":
    • Set CFBundleIdentifier to org.jwz.iDaliClock
    • Set CFBundleIconFile to DaliClockPhone57.png
  8. Get Info on Target "DaliClockTest"
    • Set "Code Signing Identity / Any iPhone OS Device" to "iPhone Distribution"
      (currently matches "iPhone Distribution: Jamie Zawinski")
  9. Build. Fails the same old way:
    • Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate. (-19011)

In the Organizer window, Developer Profile lists "iPhone Distribution: Jamie Zawinski", Issuer "Apple Worldwide Developer Relations", and Provisioning Profiles lists "Dali Clock Distribution" with App Identifier "8Z7K4K7M89.org.jwz.iDaliClock". The popup menu for "Code Signing Identity" also shows "iPhone Distribution: Jamie Zawinski" as being a sub-item of "Dali Clock Distribution (for Application Identifiers org.jwz.iDaliClock)", so it does appear to be seeing all this shit.

Yes, Keychain Access has "login" as my default chain. Yes, the private keys are there:

    iPhone Distribution: Jamie Zawinski [certificate, login, valid]
        Jamie Zawinski [private key, login, RSA 2048, usage: any]
    iPhone Developer: Jamie Zawinski (Y5M82TL69N) [certificate, login, valid]
        Jamie Zawinski [private key, login, RSA 2048, usage: any]

Setting the signing identity on the project as well as the target changes nothing.

Any other ideas?

Previously.

Tags: , , , , ,

20 Responses:

  1. g051051 says:

    I followed your steps with my system and it worked. It sounds like you've got a problem in your keychain, have you checked that?

    • jwz says:

      If by "checked" you mean something other than everything I typed above, I have no idea what that would be.

      And yes, I also deleted and re-installed these exact same certs from apple over and over again.

    • g051051 says:

      oops, I see that you've checked. Do you see the "Apple Worldwide Developer Relations Certificate Authority" in the system certificates section?

  2. pixelfreak says:

    At this point, I'd try creating a new user on your system, download the certificates again, install them into the new keychain and try creating a trivial app. If this fails, I'd try reinstalling Xcode.

  3. You might be able to use codesign(1) to tell which of "The signature was invalid" or "not signed with an Apple submission certificate" is the problem. (Or both or neither.)

    • jwz says:

      Like last time, codesign says that it's signed just fine. I have no idea what /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/Validation is checking (and complaining about) that codesign is not.

      • endico says:

        My latest theory is that you're using XCode 3.2.3 which knows that its not supposed to be used for app store builds so it fails the Validation step is a spectacularly unhelpful way.

        Hopefully building with 3.2.2 will work.

      • Oh, I remember that now. Lazyweb is lazy.

        My other theory is that Apple hates iPhone(/iPad) developers and wants them to suffer, but this theory does not make any useful predictions.

  4. ltupps says:

    When you apply for your application profiles ask for org.jwz.* not org.jwz.iDaliClock, don't know why and the documentation isn't explicit but using a wildcard works, and as an added bonus when you go to create iDaliCalendar you won't need to re-apply.

  5. httf says:

    Actually I'm pretty sure this is the phase of the debugging process where we start jumping Apple employees as they leave work.

  6. hallerlake says:

    Ugh. That sounds familiar and I think it ended up as a path issue, but I don't remember the details. Will ask and get back to you and/or point people here.

  7. g051051 says:

    Do you get the same result if you run Validation from the command line? If you do try running it yourself, try the '-verbose' flag to see if it produces any better info.

    I tried a bunch of times to duplicate the problem with no luck.

    • jwz says:

      Yes. No additional diagnostics with -verbose.

      Can you email me a zip of the test-project you tried that signed properly for you? And were you using xcode 3.2.3?

  8. Hi did you ever solve this?