Application failed codesign verification, WTF

Dear Lazyweb, I'm having two problems:

  1. This first problem is minor, but makes me wonder if it's indicative of something causing the second problem. When I build my app in "Debug" mode, using "Code Signing Identity: iPhone Developer", and I do "Build and Debug", the app is installed onto my iPhone, but gdb can't connect to it:

      Loading program into debugger...
      sharedlibrary apply-load-rules all
      Program loaded.
      target remote-mobile /tmp/.XcodeGDBRemote-3210-27
      Switching to remote-macosx protocol
      mem 0x1000 0x3fffffff cache
      mem 0x40000000 0xffffffff none
      mem 0x00000000 0x0fff none
      Ignoring packet error, continuing...
      Unknown packet reply: "timeout" to environment packet.
      Unknown packet reply: "timeout" to environment packet.
      The program being debugged is not being run.
      The program being debugged is not being run.

    However, the app is installed on my phone, and when I launch it manually, it runs fine. This suggests to me that the phone is in "developer mode" and has the proper provisioning profiles installed. So why can't gdb talk to it? I've rebooted both the Mac and the phone, restarted Xcode, all the usual things that the first several dozen google hits suggest. Nothing has helped.

  2. The bigger problem is that I can't seem to make a binary that is uploadable to the store. I constantly get "Application failed codesign verification". The googles suggest that this is a very common problem, but none of the suggestions I've found have done squat. (Deleted and re-installed my certs and both my development and distribution provisioning profiles, rebooted everything, etc.) Here's how the last part of the build log goes:

      /usr/bin/codesign -f -s "iPhone Distribution: Jamie Zawinski" --resource-rules=/Users/jwz/src/xdaliclock/OSX/build/Release-iphoneos/ --entitlements /Users/jwz/src/xdaliclock/OSX/build/ /Users/jwz/src/xdaliclock/OSX/build/Release-iphoneos/

      /Users/jwz/src/xdaliclock/OSX/build/Release-iphoneos/ replacing existing signature
      Validate build/Release-iphoneos/
      setenv PRODUCT_TYPE
      /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/Validation /Users/jwz/src/xdaliclock/OSX/build/Release-iphoneos/

      warning: Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate. (-19011)

    So, as you see, it is signing the app (correctly using my Distribution cert, not my Development cert) and then it immediately claims that it is signed incorrectly. But, codesign says that the signature is valid, using my cert and Apple's CA:

      codesign -dvvvv build/Release-iphoneos/

      Format=bundle with Mach-O universal (armv6 armv7)
      CodeDirectory v=20100 size=2087 flags=0x0(none) hashes=96+5 location=embedded
      Signature size=4277
      Authority=iPhone Distribution: Jamie Zawinski
      Authority=Apple Worldwide Developer Relations Certification Authority
      Authority=Apple Root CA
      Signed Time=Apr 22, 2010 11:14:02 PM
      Info.plist entries=27
      Sealed Resources rules=3 files=8
      Internal requirements count=1 size=144

    The "Application Loader" application gives the same error message and no additional clues.

    Any ideas?

    Xcode 3.2.3 on 10.6.3, but I was also having these problems with Xcode 3.2.2. My phone is running 4.0 beta now, but was also failing with 3.1.3.

Tags: , , , , ,

15 Responses:

  1. pmb7777 says:

    WIth problem #1: Are any of iTunes,, or Software Update running?

    • jwz says:

      No, quitting iTunes first doesn't fix it.

      I've also now uninstalled and re-installed Xcode. No change to either.

  2. I dunno why but Xcode, as nice as it can be to develop with, almost always seems to go through this herp-derp-I-don't-know-how-to-sign-apps bullshit when readying a new app for submission.

    For Problem 1, have you tried deleting the developer provisioning profiles from your phone and re-installing them? You may have to re-get them from the iPhone dev portal.

    If Problem 2 is related, which it very may well be, have you tried re-downloading the distribution profile from Apple and re-installing it? Other semi-dumb question, did you create an org.jwz.iDaliClock App ID and associate it with your distribution profile?

    • Other bullshit things that could cause Problem #2 are outlined in this post.

      The first reply about the Entitlements.plist is essential if you don't have it set up yet, also check out at what level you have your code signing identity set. It's important to have it set at the specific Distribution level, not at the All Configurations level.

      • jwz says:

        I thought Entitlements.plist was only for ad-hoc builds, not distribution builds? I don't have one, and I thought that was right.

    • jwz says:

      Yes, yes, I have done all of these things.

      Note that if any of these were actually the problem, the error message would be different than the one I am seeing. For example, without a provisioning profile, the app won't run, and with an app id that does not match the one in the distribution key, it actually says that.

      • Good point. At least I admitted they were potentially stupid questions?

        In the meantime are you attempting to submit a build of what's available on or have you made any further modifications? I only ask because I could try and do the same as you are with my own credentials to see if it's a settings thing.

        • jwz says:

          I've made a bunch of changes. Anyway, I don't think you can submit it with my app id. The fellow who was helping me before registered "org.jwz.daliclock" and you can't ever delete those, so now I'm trying to convince the Apple autoresponders to reassign that to me. In the meantime (perhaps permanently) I went with "org.jwz.iDaliClock". (And "org.jwz.DaliClock" is also taken, but he says he didn't do that. Yes, they are case sensitive, wtf.)

  3. jerronimo says:

    If you have an Entitlements.plist file in the project (for AdHoc distribution builds) the accidental inclusion of that into your Development build would cause problem #1:

    Under Groups & Files, right click your project icon at the top of the list, "Get Info"

    "Build" tab
    Configuration dropdown: Debug
    under the "Code Signing" heading make sure that the value for "Code Signing Entitlements" (or "CODE_SIGN_ENTITLEMENTS") is blank.

    Also do this for Configuration: Release. (That should only be defined for Ad Hoc distribution)

  4. shephi says:

    * do you see the embedded.mobilprovision file in the build log (or go to finder->Inspect package contents of the app, you should see the file in that directory)?
    * sometimes the project and the executable info get out of sync. go to get info at the project level, look at the codesign stuff in both.
    * start from scratch-create a new provisioning profile with a new app and bundle id. optionally with a new user on your computer
    * I always have an Entitlements.plist file, didn't realize this was an ad-hoc build specific thing. maybe things have changed or this was an unnecessary file from the start.
    * phone-a-friend. I think if you are a registered developer you have a free support call to apple. this sounds painful but eh.
    * the nuclear option: I once was having trouble even compiling a hello world project from apple's sample code after an XCode upgrade. googling showed a few others having similar trouble but no solution. finally decided to deinstall/reinstall XCode. this did not work. two complete XCode nuking cycles later (first with a by the book deinstall script, second with an rm -rf of all related files I could find), and a day of background work in, in addition to trying the "create a new user" trick among any other sliver of hope I could find on the internet, I did an OS X reinstall, then an XCode reinstall. and yep, that worked.