Copy link to clipboard
Copied
Hi folks,
I wondering if any of you might be able to point me in the right direction on this. I'm likewise having issues trying to submit an ipa file to iTunes Connect via Application Loader, and got as far as zipping the .app file and submitting. I get an error in Application Loader that: "Unable to run the lipo command: ... Can't map input file ..." and "Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or was not signed with an iPhone Distribution Certificate.", and "Unable to extract codesigning entitlements from your application. Please make sure ... is a valid Mach executable that's properly codesigned".
Now, before posting here, I have done the following to no avail:
a) I've regenerated all certs and mobile provisions from the top, completely on the Mac once, and completely on Windows as well using openSSL. Both times, I started at the top, from the csr request.
b) I'm able to install and run my ipa file just fine on the test iPhones using the distribution.p12 file and the associated ad_hoc distribution mobile provision. It's always only when I compile for 'app store release', using the distribution.p12 file and the app_store mobile provision that this happens.
c) I'm using Adobe Flash Pro CS6 on Windows 7 64, with Adobe Air 3.3 SDK, and I am submitting on a real Macbook Air with OS X Mountain Lion.
d) I've also gone as far as trying both sets of cert/provisions (generated on mac and windows), by publishing the ipa from within Flash Pro CS6, and also using the adt command line, but still same.. works fine as ad_hoc on the test iPhones, but will not submit through Application Loader. Same codesign verification errors.
e) My app uses native extensions, but these compile and run perfectly fine on the ad_hoc builds.
I'm pulling out my hair at this point as to what I could possibly be missing or doing wrong, or if there is a bona fide bug with the combination of technologies I'm using? I would appreciate any tips/hints/suggestions from anyone who know what I am describing here.
If there is anyone at Adobe that can look at my ipa file build for the app_store submission, that would be wonderful as well.
with kind regards,
Alex
SOLUTION
-------------
I'm posting this so others with the same problem may benefit. This makes no sense at all, but when I changed the ipa file extension to .zip on my Windows machine first (not on the Mac), transferred the .zip file to my Mac, then unzipped it on my Mac, and re-zipped the .app file on the Mac, Application Loader accepted the submission.
I was previously sending the .ipa itself to my Mac, and renaming the file to a .zip file on the Mac as the first step. This is literally the onl
...Copy link to clipboard
Copied
Do you have the WWDC certificate installed?
When you generated your distribution certificate from the portal did you do it before or after you made the app id in the portal? App IDs are assigned to certificates, which makes me crazy. If I create a new app ID I need to re-download the new distribution certificate and re-generate a new .p12 or the app ID (com.example.whateverApp, etc) won't be valid.
If the latter was the issue you would also have ad-hoc issues, unless you downloaded your development certificate at a later time than distribution.
For a company that pureports simplicity as it's overall goal in life, the provisioning portal is an utter failure.
I simply make sure I follow these steps when I make a new app:
1. Make a new App ID
2. Download new certs to generate new dev/dist .p12s (I use a mac for it, keychain access, which generated the original codesign request)
3. Add devices if needed (ad-hoc dev testing)
4. Generate dev/dist mobileprovision for app ticking off all proper testing devices for dev (certificate should be auto-assigned to both)
It's not hard once you've done it a ton of times but anything out of order will upset Apple. Then you must absolutely make sure your apps ID conforms to the way you set your app ID up. Remember, don't put the first portion of the app id like SG93AX29Z1.com.example.*, drop the SG93AX29Z1 portion and make sure your app id is set to "com.example.someThingHere". Otherwise you'll fail codesign on both ad-hoc and store.
Don't forget the new 1024px icon you need to supply too..
Copy link to clipboard
Copied
Hi Sinious,
Thank you for your suggestions. Yes, I'm on page with you about not liking having to regenerate the certs and mobile provision files after adding a new appID, devices, etc. My problem still remains though: I can compile and run the ipa using the distribution cert and distribution adhoc mobile provision just fine on my iPhone, but when I compile for app store submission using the same distribution cert (and the app store mobile provision for it), when I load it using Application Loader (and I'm using v2.7 on Mountain Lion on my Macbook Air), I get first, that the .ipa or .zip is not a valid archive. So I did as some suggest, rename it as a zip, unzip it, and then re-zip the .app file within the Payload folder, and try submitting that. When I do, that's when I get the code sign validation errors I listed in the first paragraph.
Some more things I've also done since my above post----
a) I've tried to build for app store using AIR 3.4 SDK using Flash Pro CS6, but same thing.
b) I've also tried building from adt command line with AIR 3.4 SDK, same thing.
c) I've tried command line adt build on the Mac itself with AIR 3.4 SDK, same thing.
d) On all of the above scenarios, if compiled for the ad_hoc mobile provision, and loaded on my iPhone through iTunes, it runs fine. So it seems to me, that somehow the application is not getting signed properly for whatever reason.
I'm about out of options and really would appreciate some folks from Adobe giving us some pointers on this....
thank you again,
Alex
Copy link to clipboard
Copied
Can you share your adt compile line? For example when I submit an iPad app I use:
adt -package -target ipa-app-store -storetype pkcs12 -keystore dist-cert.p12 -provisioning-profile dist.mobileprovision MyAppName.ipa MyAppName-app.xml -extdir extensionsDir MyAppName.swf dat AppIconsForPublish Default-Landscape.png iTunesArtwork iTunesArtwork@2x
Everything after MyAppName.swf being folders or files. That includes some ANEs. I also let it default to IOS4 (it's complaining about not suppling min OS version). I enter my password, IPA generates and my apps get accepted just fine.
Between the MyAppName-app.xml app ID, your app ID on the portal or cert there's definitely something that's simply not meshing. I don't do the "unzip, grab Payload/MyAppName.app and rename to IPA" thing.
Copy link to clipboard
Copied
Hi sinious,
My adt line looks almost exactly the same as yours. I likewise use native extensions and mine looks like:
adt -package -target ipa-app-store -storetype pkcs12 -keystore distribuion.p12 -provisioning-profile distribution_appstore.mobileprovision myappname.ipa myappname-app.xml -extdir C:\extensiondir myappname.swf iconsfolder Default@2x.png
What version Air SDK are you using? And do you use Flash Pro, Flash Builder, etc. for building writing the app itself? One thing that piqued my curiosity, what do you mean by "I also let it default to iOS4"? How do you do that... 😃
thank you again,
Alex
Copy link to clipboard
Copied
I use AIR SDK v3.4. After 3.3 the adt command line utility now warns me I haven't chosen a minimum OS version and auto-assigns iOS 4 as the minimum.
I use Flash Builder to code, Flash Pro if I want to make some quick graphics/animations and export those via SWC into Flash Builder. Only problem with Flash Builder is it still cannot export ANEs without getting hung up on any errors. I can't believe they didn't fix it but I continually check help->updates and it never has a patch. Therefore I must use the command line. There's even an "Ignore Errors" checkbox but it still hangs during export.
I tell Flash Builder to Export Release Build, pick a folder, fill out the usual credentials and inclusions and let it run. It builds a bin-release-temp folder containing everything necessary to build the IPA. I run the adt command line in that folder and it builds the IPA for me.
Copy link to clipboard
Copied
Hi sinious,
Thanks again. Maybe I should look into switching to Flash Builder already. I've been in my Flash Pro comfort zone (I'm much more articulate with AS3 than Flex).. I did, however, find this in the 'known issues' release notes for Air 3.4: "[iOS] On some content, Installing an .ipa file with AIR 3.4 occasionally fails with Installation Error: PackageExtractionFailed(3220974)" http://helpx.adobe.com/en/flash-player/release-note/fp_114_air_34_release_notes.html#known_issues
Hoping this isn't what I'm experiencing through it sounds a lot like it. Specifically, I'm seeing 'code sign validation errors' when I try to submit to iTunes Connect using Application Loader... what to do... sigh...
Alex
Copy link to clipboard
Copied
You can make pure ActionScript projects in Flash Builder as well, Flex is optional. I've done 90% AS3 projects. A note on that is, you either use Flex or go all ActionScript. There is no usable bridge between them. While the language for Flex scripting is AS3, you can't simply start an ActionScript project and try to use Flex components. It must be a Flex project to really use them.
Once you try Flex, you'll probably actually like it. I code a bit of c#.NET and it's pretty similar. I also do Xcode/obj-c and it's like that to (although not at all syntactically). I mean in a drag-and-drop component, WYSIWYG kind of way. The XML-esque way you create things is very efficient as well.
Main reason I grabbed FB was built-in ANE support (CS6 added that later) and the code IDE has excellent completion, decent refactoring, a great debugger and memory profiling to find those nasty memory leaks.
That aside, I read that error a bit differently. It seems like an error you'd get after downloading an app from the app store and it fails to install on your device. Your error is the app store itself can't read your package. But who knows.
Wish I could help more but I haven't seen this issue unfortunately.
Copy link to clipboard
Copied
Hi sinious,
Do you know if I can simply take my entire .fla project file, import it into Flash Builder, and compile the ipa? It's entirely in AS3, no flex, as you say. Just curious to see if that may be a solution...
thanks again,
Alex
Copy link to clipboard
Copied
How's that WWDC certificate to be installed? / How can I check for it?
Do you mean on the development pc or on the mac used for upload?
Thanks in advance
Copy link to clipboard
Copied
Just double clicking on a .cer file will install it on either Windows or Mac (after you agreeing to install it). It's found in Keychain on Mac and use certmgr on Windows (found under Other People->Certificates).
Copy link to clipboard
Copied
Ok, clear.
I,ve followed the sequence you adviced: AppID, obtain dev/distr .cer files,
then, as you mentioned using Keychain Access to generate the .p12 certificates,
I used that program, the developer and distribution .cer files were easily obtained.
(osx mountain lion).
However, the certificates only appear in the "Certificates" section of Keychain Access,
not in the "My Certificates" section.
When I right-click on them to select "export", the .p12 export option is grayed out.
Next link was not helpful, because the certificates don't appear in the "My Certificates"
section:
https://support.urbanairship.com/customer/portal/articles/93846-exporting-the-push-certificate-and-k...
Do you have any idea on what I should do?
I already tried the alternative openssl route - but using the AppLoader that resulted in the "Application failed codesign verification.
The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate."
Trying all ways suggested above to pass the ipa (rename to zip on windows side or not, use dropbox or usb key,unzip, rezip on mac) - all the same result.
Flash Pro CS5.5 was used used to generate the ipa. Builds using the developer certificate were succesfully tested on devices - only uploading of build with distribution certificate fails. All .cer files were added to KeyChain before trying the upload.
Copy link to clipboard
Copied
Hi Marius,
This past week, I also had the same problem appear again, but this time, the steps that let me properly code sign and submit to iTunes didn't work. I was pulling my hair out and about to smash my Macbook Air when I noticed, while doing the unzip, and zip (the .app file) routine, that I saw a bunch of folders flash by that I recognized should not be part of the app. This particular app I created used both the Milkmangames' goViral ane as well as another by darkredz for his uiwebview ane. Since I ran into the ld duplicate symbols error trying to compile on my Flash Pro CS6, I was using the adt command line with the -hideAneLibSymbols flag. Anyway, to put a long story short, the -extdir folder I was using for this app had a bunch of other files (i.e. php and jquery stuff for the website, etc.) and somehow, when compiled for app store submission, it failed code sign... *even though* the adhoc one compiled perfectly fine and ran on all the test iOS devices.
I ended up creating fresh directories with just the files needed for the compilation, renamed the .ipa file to .zip on my Windows 7 machine, transferred to my Macbook Air, unzipped it there, then zipped the .app file in the Application Payload, and voila, it went through fine this time. Moral of the story: it may be something totally unrelated to anything logical with the programming aspects... all these little undocumented little 'gotcha's... sigh.. 😃
hope it helps,
Alex
Copy link to clipboard
Copied
Thanks Alex, that gives an other angle of attack.
Perhaps you could give me next few details (to reduce the amount of try-cases for me)-
1. Did you create the p12 files on windows entirely using openssl? Or using KeyChain only?
2. Just to be 100% sure regarding the zipping process, is this what you did ?
a. on the mac, inside finder, find the zip, right click on it->uncompress.
b. the result is a directory called payload.
c. zip that directory, again inside finder, richt click the dir ->compress. result: payload.zip.
d. is there no need to rename this zip to the original zip name (that was not payload in the first place)?
e. startup ApplicationLoader and select that zip for upload. (or should I somehow "zip the .app file in ApplicationLoader" ? how exactly?)
In my case, I created the certificates using openssl on the windows machine and entered them in KeyChain.
For the generation of the certificates I used a key that was genereated on the windows machine as well.
However, KeyChain lists the presence of a key as well, for which I don't know how it got there
(probably it got generated during a tryal where I tried to use KeyChain to generate the .p12.)
I was wondering, perhaps the fact that the key that was used to generated the .p12 on windows
is another key than the one installed on keychain might give the error message.
My third question thus becomes (only if you were using openssl on windows):
3. What did you do with the key after generating the .p12 files?
Many thanks in advance,
Marius
Copy link to clipboard
Copied
@sinious
At the last attempt, the distribution certificate has appeared in the "My Certificates" section of KeyChain
after all, enabling it to be exported as .p12 file from KeyChain.
Probably it was because of applying:
1. For keychain:
"In the Preferences dialog box, click Certificates. Then set Online Certificate Status Protocol and Certificate Revocation List to Off. Close the dialog box."
and/or
2. I generated the CSR via the context menu from right-clicking my private key.(request a certificate from a certificate authority with "Marius Versteegen")
and/or
3. Select "My Certificates" in KeyChain, and then import items -> select downloaded certificate. (instead of double clicking)
So, that's nice. Unfortunately, keeping the certificate generation stuff entirely on the mac side like this, and refraining from
using openssl did not remove the code sign failure during the submission, so the hypothesis that it was caused by using a different key in openssl
than the one in KeyChain is "a busted myth" now.
Copy link to clipboard
Copied
SOLUTION
-------------
I'm posting this so others with the same problem may benefit. This makes no sense at all, but when I changed the ipa file extension to .zip on my Windows machine first (not on the Mac), transferred the .zip file to my Mac, then unzipped it on my Mac, and re-zipped the .app file on the Mac, Application Loader accepted the submission.
I was previously sending the .ipa itself to my Mac, and renaming the file to a .zip file on the Mac as the first step. This is literally the only difference, and it would have saved me 3 days of wasted time.
hope this helps,
Alex
Copy link to clipboard
Copied
Mac must treat .zip differently when it un/compresses? Not sure but glad you got that solved.
On the Flash Builder question, no there's no real "Auto-import" from Flash Pro to Flash Builder. The workflow is very different.
The single thing you lose is the documents main timeline. If you animated things along that timeline you need to embed everything you did on the FLAs main timeline into its own MovieClip. When you export from Flash to use in Flash Builder, you typically export a SWC. When you import that SWC you access library items the same way you do in Flash Pro via code:
var someLibraryObject:MyClass = new MyClass(); // grabbed a library item with the AS linkage ID "MyClass"
This is why you don't want to use the documents main timeline A SWC won't contain that timeline, just library elements. Now technically you don't have to stay away from the main timeline, you could export a SWF of your main timeline and load that, but this is a bunny trail of possible failures all over the place.
Grab the trial and you'll see the workflow is much more code-centric. You get used to thinking of Flash Pro as an application that lets you quickly create complex objects and animations inside MovieClips and Sprites, but then you import them into Flash Builder and utilize them strictly with code.
And of course the whole other side of Flash Builder, besides top notch refactoring, code completion and profiling, is Flex/MXML. That is an entirely different beast. It's really what it is designed for.
MXML is a very simple markup language that makes it a cinch to create AS3 objects. For example to make a new Arial TextField that's bold at x position 100, y position 200, width 300, height 26, font size 24 with the text Hello World, here's the difference:
AS3:
var tf:TextField = new TextField();
addChild(tf);
tf.x = 100;
tf.y = 200;
tf.height = 26;
tf.width = 300;
var fmt:TextFormat = new TextFormat();
fmt.font = "Arial";
fmt.size = 24;
fmt.bold = true;
tf.text = "Hello World";
tf.setTextFormat(fmt);
Or MXML:
<s:Label text="Hello World" fontFamily="Arial" fontWeight="bold" fontSize="24" x="100" y="200" width="300" height="26"/>
It waters down a bunch of lines of code into a simple to understand markup language. It also has a lot of premade mobile-optimized (hence the s: spark namespace on "<s:Label") components that are drag and drop. More importantly there's a pretty good layout system built into flex. It becomes important so your interfaces can expand and collapse from device to device in an intelligent way.
Copy link to clipboard
Copied
Almost exact problem here. I was using Flash Builder and everything seemed to work fine with development certifications but when uploading the release version with Aplication Loader it gave me the same errors saying that the file wasn't correctly signed.
In my case the solution was to transfer the file from Windows to Mac using a pendrive instead of through email which was what I was doing before. I'm not sure what exactly happened, but it seems that the process of uploading/downloading through email changed the file in some way.
May be someone who uses Macs and Windows rutinely can explain me why this strange thing happened.
Copy link to clipboard
Copied
Hi LostInCrossCompilation,
Seems like you and I both had something in common with the process: email. I was likewise, sending myself my app-store release .ipa file via gmail to myself to submit through my Macbook Air. When I changed the file extension to .zip on Windows before I sent it to myself, it worked fine. It worked for you, as you say, when you transfered using your pen drive. Seems like in some cases, sending the .ipa file via email attachment does something to the archive when it's downloaded on the Mac!
hope this helps anyone else who encounters the same,
Alex
Copy link to clipboard
Copied
While pictures and maybe even a small phone video is a decent idea for passing files via e-mail, the e-mail client and server must encode your files contents. Typically if compression headers are detected it will also uncompress and run a quick virus check on it as well.
You can always use a free https://www.dropbox.com/ to transfer files between, well, anything. Computers, devices, etc.
Copy link to clipboard
Copied
I've got the exact same problem. It's now 02/11/2012 and this issue seems to be persistent.
"Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or was not signed with an iPhone Distribution Certificate."
the original app was built with Flash Pro 5.5 and the Air SDK etc, and works fine. It's in the app store.
So I have loaded up CS6, AIR 4.5 and the Flex libraries etc (combined package) and it all compiles fine and works on the iPhone no problems.
However - try and upload it to the app store - and there comes the problem.
Now - to confuse the issue a bit, there is another problem with CS6, that MAY be causing errors.
The application's xml file contains lines at the top like this.
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<application xmlns="http://ns.adobe.com/air/application/3.4">
<id>au.com.chalmers.pinpointpremium</id>
<versionNumber>1.5.3</versionNumber>
<filename>PinPointPremium</filename>
<description/>
<!-- To localize the description, use the following format for the description element.<description><text xml:lang="en">English App description goes here</text><text xml:lang="fr">French App description goes here</text><text xml:lang="ja">Japanese App description goes here</text></description>-->
<name>
<text xml:lang="en">Pin Point Premium</text>
</name>
<!-- To localize the name, use the following format for the name element.<name><text xml:lang="en">English App name goes here</text><text xml:lang="fr">French App name goes here</text><text xml:lang="ja">Japanese App name goes here</text></name>-->
<copyright/>
Now, you can't enter text into the Application Name field in the Publish Details popup.
If I do not wrap the name tag in the <text .... thing, the Geolocation service on the iPhone is seen as inactive. and of course doesn't work.
That is. If I leave it like this, so that it shows up in the Publish Settings,
<name>
Pin Point Premium
</name>
This breaks the Geolocation service.
Is this breaking the Loader? Who knows.
I don't see anyone actually adressing this issue. Lots of people fiddling at the edges - but no definitive fix.
Copy link to clipboard
Copied
I'll chime in that I updated to the new localized version of <name> and it disabled my ability to edit it in the publish panel in CS5.5. However I can simply open the XML and edit it so I don't see that as a big deal. Localize everything they suggest and also set your supported languages.
Also make sure you're exporting with distribution, development, to the store.
Copy link to clipboard
Copied
The interesting thing about the localization in CS6, is that if you don't do it - it breaks the Geolocation API, and any app that uses it. And it breaks it silently. You don't know until you run your app. You then notice of course that your app can no longer get Geolocation data from the iPhone/iPad etc.
Also checked the distribution/development situation. Not this time. I continue the hunt for a solution to this.
Thanks
Copy link to clipboard
Copied
It's probably not as much of a CS6 thing than it is AIR3.4. AIR updates the .xml schema here and there and one of the updates was the addition for language support. That changed happened a long time ago.
Copy link to clipboard
Copied
as far as i can tell it's an ios6 api change. my app worked fine on ios5, but geolocation failed on ios6. recompiling with the language bit updated worked for all ios's.