Search Unity

Invalid Code Signing Entitlements

Discussion in 'macOS' started by Wriggler, Dec 10, 2015.

  1. Wriggler

    Wriggler

    Joined:
    Jun 7, 2013
    Posts:
    133
    Hi there,

    I am trying to submit an update to an existing app on the Mac App Store. The goal posts keep moving and it's already a bit of a nightmare. Now I've reached an issue which I can't seem to get beyond.

    My game is developed in Unity 5.3f4, and I'm using the combination of codesign/productbuild in terminal to build the installer, then Application Loader to deliver it. I'm running OS X 10.11.2, XCode 7.2 (7C68) and Application Loader 3.4 (902). Here are the two errors from Application Loader:

    ERROR ITMS-90287: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.game-center' in 'org.COMPANY.GAMENAME.pkg/Payload/GAMENAME.app/Contents/MacOS/GAMENAME'."

    ERROR ITMS-90287: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.application-identifier' in 'org.COMPANY.GAMENAME.pkg/Payload/GAMENAME.app/Contents/MacOS/GAMENAME'."


    On the Apple developer portal I can verify that my provisioning profiles do indeed have the required keys (From dev portal: "Enabled Services: Game Center, In-App Purchase"). My certificates seem to be installed correctly, and XCode reports that it has all of the provisioning profiles downloaded. The basic setup is correct, as Apple have already approved several versions of this app and it is currently live on the Mac App Store.

    Can anybody advise: is it possible to see which provisioning profile is actually being used here? I suspect that the wrong profile is being selected somehow, but I'm not sure how to tell which is actually being used. Can anybody give any suggestions on what to try next?

    Thanks for your help.

    Ben
     
  2. thestringer

    thestringer

    Joined:
    Aug 7, 2014
    Posts:
    70
    It is about time unity had these settings built in, the 3rd party tool i used before has gone wrong with the updates to unity and xcode over time and the manual method of creating just does not work for me anyway.

    The manual methods to sign and package seems to vary and the unity docs just do not work for me.

    So if you managed to get this working please let us know how ?
     
    VIC20 likes this.
  3. MrEsquire

    MrEsquire

    Joined:
    Nov 5, 2013
    Posts:
    2,712
    Agree, Unity really need to have there own setting added for MacOSX to aid the upload process, there is only one proper OSX tool on asset store and the developers have abandoned it, but it has always worked for myself. I not released anything to MacOSX for some time and hope the tool still is working with latest Unity..
     
    thestringer likes this.
  4. sirnameless

    sirnameless

    Joined:
    May 15, 2014
    Posts:
    8
    I feel like I've gotten closer but it still fails to work for me. I've been using the command line. I enter:

    codesign -f -v -s "Mac Developer: My Name" NameOfApp.app
    codesign --verify --verbose NameOfApp.app


    And that gives me...

    (My app) "satisfies its Designated Requirement"

    but when I open it on another computer, I still get an error message with:

    (My app) "was blocked from opening because it is not from an identified developer"

    So... has anyone gotten this to work?
     
  5. Nabren

    Nabren

    Joined:
    Mar 7, 2014
    Posts:
    61
  6. sirnameless

    sirnameless

    Joined:
    May 15, 2014
    Posts:
    8
    Thank you for the reply.

    I tried compressing it, but same issue. The ditto command seemed really promising, but that did not help either. Am I missing something?
     
  7. Nabren

    Nabren

    Joined:
    Mar 7, 2014
    Posts:
    61
    You might try reading this for more detail: http://stackoverflow.com/questions/...same-format-as-the-finders-compress-menu-item

    The ditto command that ended up working for me was: ditto -c -k --keepParent name.app name.zip

    The -k is important to make the zip in PKZip format and --keepParent is important to make sure the files are added with the name.app as the parent, rather than Contents.

    I haven't needed --sequesterRsrc, but from the man pages, it might not be a bad idea to add it:
    --sequesterRsrc
    When creating a PKZip archive, preserve resource forks and HFS meta-data in the subdirectory __MACOSX. PKZip extraction will automatically find these resources.

    Depending on what you use to extract the files, you may need to run "dot_clean -m name.app" after extraction.