Codesign check fails Xcode 4

Question

I just created all new dev and deployment certs and I'm getting this weird error when I try to validate the application in the archive manager:

error: Codesign check fails : /var/folders/w_/dvqfkh916k12c5hn639qvvqw0000gn/T/oqhxIfU87c/Payload/TestUpload.app: valid on disk
/var/folders/w_/dvqfkh916k12c5hn639qvvqw0000gn/T/oqhxIfU87c/Payload/TestUpload.app: satisfies its Designated Requirement
test-requirement: code failed to satisfy specified code requirement(s)

I've looked all over to see how to fix this error but nothing seems to help for Xcode 4. I've followed the setup on the provisioning profile, however it doesn't seem to be updated for the newest Xcode 4 software (I've gotten this to work with previous versions of Xcode before archive manager was set in place)

Any help would be appreciated

Answer 1

scoured this GUI looking for a "comment" but finding nothing - apologies if this gets posted as an answer.

I have spent the last 5 hours with that exact same error. Googling everything. Recreating certificates. Everything works when archiving, but then at the end I get the yellow triangle indicating the error. Using both wildcard and app specific distribution profiles that are recognized in Organizer as valid - I always get the error. You're not alone on this one and it is driving me insane - today was supposed to be the day we submit our app we've spent the last year on...

Will be watching this thread closely, can offer any further information from my end also if it will help any. If you find a solution Paradox, please post here as I am at my wits end and would be extremely grateful.

Answer 2

I was testing using an old certificate cerated while ago and it did worked fine, but creating a new certificate using a new apple dev account wont work.

It seems like new certificates are created with issues from apple provisioning portal.

So, I guess there is not a problem on your app, and we just have to wait until they fix the bug.

Answer 3

If you're building dependent projects or libraries as part of the archive process, make sure that those targets are also being built with the App Store distribution certificate.

Answer 4

Are you sure you signed this with your Distribution profile and not your Developer profile? I think XCode 4.2 will give an error if you're trying to share an archive code signed with the wrong type of profile.

Some (old) information in this thread: http://forums.macrumors.com/showthread.php?t=659607

Answer 5

I am having the same problem. Spent hours redoing certs, changing machines, changing versions of Xcode, making random changes that people have suggested, rebooting, changing icons you name it.

In Console there is a big dump of data related to the validation, if you're lucky it says something meaningful in there, it doesn't for me. Or at least nothing that I can understand :/

EDIT: The console outputs the command it runs but slightly butchered. It has a parameter R= but the output neglects the quotation marks around the argument. Running this command only outputs the just as helpful:

/var/folders/_x/XXXXXXXX/T/XXXXXXXX/Payload/XXXXXXXX.app: valid on disk
/var/folders/_x/XXXXXXXX/T/XXXXXXXX/Payload/XXXXXXXX.app: satisfies its Designated Requirement
test-requirement: code failed to satisfy specified code requirement(s)

Answer 6

Valid But Mismatched Certificates

This error can occur when submitting an application to the Mac App Store. The error occurs because one or more code signatures are valid but not signed by Mac App Store appropriate certificates:

Invalid Signature - The nested app bundle FRAMEWORK at path APPNAME.app/Contents/Frameworks/FRAMEWORK.framework has following signing error(s): valid on disk /Volumes/data01/app_data/dstr/mz_4939925606610311185dir/mz_6704668226144376567dir/eu.miln.beyond.mas.pkg/Payload/APPNAME.app/Contents/Frameworks/FRAMEWORK.framework/Versions/A: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.

The solution is to re-codesign the application bundle making sure to use a Mac App Store application certificate.

Codesign

Use the codesign -d -vvvv <app.path> to check the signing certificate is correct.

If you have a complex signed application with mixed certificates or non-Mac App Store certificates, you can use the codesign flag deep to recursively resign the entire bundle:

codesign --force -o library -s '3rd Party Mac Developer Application: Your Organisation (000AAA000A)' --keychain '/absolute/path/to/mac-app-store.keychain' --preserve-metadata=identifier,entitlements,flags --deep '/absolute/path/to/APPLICATION.app'

Note the --preserve-metadata=identifier,entitlements,flags options. These are important to avoid overwriting or changing the associated entitlements and bundle identifiers.

Ideally, the deep flag should not be used but it can be useful to fix problems.