Uploading iPhone app to App Store fails with CodeSign validation error

I’ll be writing this up in more detail soon, but here’s a bad error message from Apple’s App Store process (summer 2009) that I found zero hits for on a google search, so I thought I’d quickly throw up this page now that I’ve found out what the cause is. Hopefully it will help anyone else who hits the same problem.

If you’re using the new Apple Uploader to send your binary to the App Store (don’t! I’ve discovered it has at least one critical bug where it claims to upload the binary but it actually hasn’t!), you might hit this error before the upload starts:

“Application failed codesign verification. Please see the console log for additional details”

Assuming you know enough about OS X to know how/where to view the Console, at the end of the log you may see something like this pair of entries:

ApplicationLoader[18609] *** Codesign error (please ignore invalid option comments): got requirements(0x805a00, 525)
Executable=/var/folders/0o/0oFmipSKGvqwVZcVZJPOgU+++TI/-Tmp-/starcatcher.app.zip/starcatcher.app/Star Catcher
Identifier=no
Format=bundle with Mach-O thin (armv6)
CodeDirectory v=20001 size=1587 flags=0x0(none) hashes=72+5 location=embedded
Signature size=4274
Authority=iPhone Distribution: Adam Martin
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=10 Aug 2009 16:55:51
Info.plist entries=18
Sealed Resources rules=3 files=24
Internal requirements count=0 size=12

Executable=/var/folders/0o/0oFmipSKGvqwVZcVZJPOgU+++TI/-Tmp-/starcatcher.app.zip/starcatcher.app/Star Catcher
got entitlements(0x805e00, 299)
codesign_wrapper-0.7.3: using Apple CA for profile evaluation
AssertMacros: binary, file: /data/conrad/security/codesign_wrapper/codesign.c, line: 205
AssertMacros: code_signatures, file: /data/conrad/security/codesign_wrapper/codesign_wrapper.c, line: 903

ApplicationLoader[18609] *** Error: /Users/adam/Desktop/starcatcher.app.zip: validation failures: (
“Application failed codesign verification. Please see the console log for additional details”
)

What’s the error message?

Ah, well, despite the second entry claiming that the console log will have an error … the error itself is missing (like so much of Apple’s documentation ;)). With a bit of imagination and “creative interpretation”, I spotted that:

Line 1:

ApplicationLoader[18609] *** Codesign error (please ignore invalid option comments): got requirements(0x805a00, 525)

Line 16:

got entitlements(0x805e00, 299)

and inferred that there was a problem with a checksum, whereby it was expecting something that looked like X, but found something that looked like Y.

(NB: Apple’s appallingly bad lack-of-error-message may mean something completely different, but this guess lead to me trying something that ended up fixing the problem)

Looking carefully at my App, looking for signed things not being what were expected, I realised that my app was importing a static library that had been signed by someone else (partly because the new version of Xcode defaults to signing everything, all the time – which it should do, but I hadn’t got used to that new “feature” yet). With bad code-signing implementations, that can often be a problem (although I naively expected Apple to have a sensible implementation of code-signing, and it had never occurred to me this would be a problem with Xcode. Oops).

Speaking to the person who built that library, I found that the build config they’d used had been set to sign using a Developer provisioning profile. I re-built it using my Distribution provisioning profile, re-added the static lib binary it to my project, re-built my app … and the App Store upload finally succeeded.

Anyway … followup post coming soon on how to make static libraries work on iPhone with iPhone OS 3.0 / Xcode 3.1.3 and above (hint: Apple broke some of the things that used to work, and so sometimes you have to do it differently since OS 3.0 came along)

3 Replies to “Uploading iPhone app to App Store fails with CodeSign validation error”

  1. I’ve got the same problem. I use Phone Gap (a wrapper so that I can be developing in js, css and html) and perhaps it uses a library? I am really frustrated by this, because I lack the objective C experience to discover the source of the error for myself.
    How can I check if my project uses a library which is signed by somebody else?

  2. @Jan – hmm. Well, it depends how Phone Gap is packaged (I’ve never used it myself). But, essentially, you’re looking for any file in Xcode that has a name “libSOMETHING.a” (the lib and the .a are required, the SOMETHING could be anything).

    You could try temporarily deleting that file from the Targets section (it doesnt delete the file, just stops including it) and see what happens. Probably your app wont compile any more (because it needs it!) so you’d need to cut your app down to something VERY small which isnt actually using the library first, so you can compile, and THEN attempt to sign it.

    Or … ask the person who gave you the library?

  3. Thanks, Adam for the response! I also asked this question on the PhoneGap google group, but up to now there is no response at all :( This despite the fact that recently there have been some PhoneGap apps approved in the appstore, so some people must have had it signed properly.

    I found out that there is a library used by PhoneGap, libjson.a by Stig Brautaset. Can’t find it in the targets but it is included by #include directives in the source, and deleting the files physically indeed causes the build to fail.

    So I am really eager to learn about your trick to build static libraries anyway, because I cannot submit my app (which I already thought to be finished!) to the appstore. Even tried this morning to build my own UIWebView app from a tutorial source. But although this program compiles and even shows the html, half of the javascript doesn’t work in this Webview, and I haven’t found out yet why. ( I did not use PhoneGap specific extensions, only normal safari code).
    So I am pretty desparate now… if only I could codesign the already working app!

Leave a Reply

Your email address will not be published. Required fields are marked *