Unsigned app: (codesign woes)

Targets macOS
1

I’m at a loss for why my app is being seen by store agent as an unsigned app. I tried both using Sam’s AppWrapper and from the command line and I do get the “173 exit” message, but I then immediately get the line"

Here’s commands I entered into the terminal (obviously and “MyApp” are replaced with the actual cert/app name):

I ran the codesign verification on both the app and the entitlement and they look good. If I take out the certification request routine (so I don’t get the “173 exit”, the app actually runs in sandbox mode without any problem).

I’m stumped now. I have a few apps in the app store, but they were submitted over a year ago (using the same things above). Did something change? Did I miss a new step somewhere?

Thanks.

2

I’ve seen this a few times, and have no answer other than to trash all existing copies of the app, then try installing again from the command line with the same PKG.

3

Thanks Kem. I cleared everything out, re-imported my keys. Now I’m getting:

That’s progress, I think. Not sure where else to set my bundleid. It’s set in Xojo, it shows up in the Info.plist file. Is there a new key in the Info.plist that I need to specify the bundleid? Sam’s AppWrapper gave me a warning about CFBundleIdentifier being obsolete, is there a new key for the plist?

4

I don’t know about that. These are the keys that my script either adds, checks, or modifies:

  const kBundleVersion = "CFBundleVersion"
  const kBundleVersionShort = "CFBundleShortVersionString"
  const kBundleIdentifier = "CFBundleIdentifier"
  const kCopyright = "NSHumanReadableCopyright"
  const kAppCategoryType = "LSApplicationCategoryType"
  const kMinSystemVersion = "LSMinimumSystemVersion"
  const kRetinaEnabled = "NSHighResolutionCapable"
  const kPrincipleClass = "NSPrincipleClass"
  const kPrincipleClassValue = "NSApplication"
5

Time to take a break. No matter what I try, I keep getting this message. After installing, I checked the Info.plist and the CFBundleIdentifier is there. It is defined. It is also defined in Xojo. This makes no sense at all, other than perhaps I’m trying this on Mavericks. I guess I’ll downgrade my laptop and see if that fixes it.

6

I’ve got a feeling that’s it.

7

You could try the plutil command from terminal to verify the plist. If the OS can’t read the plist correctly, it won’t find the bundleid.

8

Jim, thanks for the suggestion. The OS can read it just fine, at least plutil has no problem reading it. I’m in the process of rebuilding my laptop so I’ll post an update when it’s done :wink:

9

Are you resetting the permissions of the application after updating the plist and before code signing?

Also make sure that you don’t have any code anywhere in your application that opens any file in the application bundle with read/write as this will break your codesignature.

10

I have determined that it is not because of Mavericks. As I was troubleshooting, I noticed that the codesigning stuff works. The code signature breaks after I package it via productbuild. So somewhere within the productbuild step, something got changed. Does that ring a bell to anyone?

11

Via command line:

After I run this and test run the package, the signature on the app is no longer valid:

12

Thanks for reminding me, Sam. I forgot to reset the permission. I get no more error message about code/signature having been modified, but it’s still showing up as “unsigned app” in the console right after the “173 exit”.

13

What command are you using to test the installer?
sudo installer -store -pkg [path] -target /
Also, are your certificates up to date? Seems like an expired cert could cause this…

14

My certs are up to date. And I used the command u noted.

[quote] Note: running installer as an admin user (instead of root) gives better Mac App Store fidelity
installer: myapp.pkg has valid signature for submission: 3rd Party Mac Developer Installer:
installer: Installation Check: Passed
installer: Volume Check: Passed
installer: Bundle com.lomation.myapp will be installed to /Applications/MyApp.app
installer: Starting install
installer: Install 0.0% complete
installer: Install 21.0% complete
installer: Install 96.4% complete
installer: Install 100.0% complete
installer: Finished install
[/quote]
But stills says:

Any other suggestions?

15

Have you tried applying the entitlements to the dylibs etc?
There aren’t any helper apps in there are there?

16

Does your application contain any resource forks? Just trying to think of any reason as to why the package would get modified at the packagebuild status.

Have you tried zipping it, the app not the package, then uploading it and re-downloading it. Does it work then? It would confirm if the productBuild step is screwing the code signature or something else is.

Again clutching at straws, you don’t have any unsanity haxies installed? I recent found that WindowShade can prevent a machine from accessing the internet!

17

Sam, thanks for the replies and suggestions. I actually contacted apple and they determined that my certificates were somehow corrupted. I had to revoke all my cents and rebuilt them from scratch. He also recommend that I stay away from Mavericks. :wink:

18

Ah - Interesting that Apple Engineers are advising staying away from Mavericks, when there is less than month before Apple are rumored to release it…

Glad to hear that you got it sorted however.

19

I’m sure he meant it as more of a joke. He did put a smiley at the end…

20

I don’t think so. Apple, like Xojo, really advises against using beta products in production environments.

Coding and compiling an app for release to the world int he App Store surely sounds like a production environment to me, so doing it in Mavericks sounds like a really bad idea.