2 Replies Latest reply on Apr 23, 2013 8:13 AM by sinious

    Application failed codesign verification for AIR iOS app


      I hope this will help someone.


      I have been pulling my hair out for two days to find a solution to a number of errors within Application Loader on Mac while trying to publish an application that I had built in Flash Builder 4.6 on windows to the App store. The first error was:


      - 'unable to extract archive. please make sure myApp.ipa is a valid zip or ipa archive"


      To solve this:


      1. Change the extension of the myApp.ipa file to myApp.zip on the windows machine

      2. Move the myApp.zip file via thumb drive (not email) to the mac

      3. Decompress myApp.zip. You should see the Payload dir.

      4. Inside the payload there is a myApp.app file. Compress that file to myApp.zip

      5. Upload that new compressed myApp.zip via Application Loader


      Solved, new error:


      - 'Application failed codesign verification.The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate.'

      - 'Unable to extract codesigning entitlements from your application. Please make sure myApp is a valid Mach executable that's properly codesigned.'


      The new myApp.zip file is not signed correctly, fail.


      Next solution is to sign the payload correctly on the Mac:


      1. Take the original myApp.zip file from the thumb drive

      2. Decompress myApp.zip. You should see the Payload dir.

      3. Sign the myApp.app file inside the Payload dir.

            - Open terminal

           - codesign -f -s "the name of your distribution cert" myApp.app

      4. Compress the Payload dir into Payload.zip

      5. Rename the Payload.zip to myApp.ipa

      6. Upload that new myApp.ipa via Application Loader


      Solved, rejected by app store:


      The identifier "myApp" in your code signature for myApp in myApp.app must match its Bundle Identifier "my.app".


      Ok, now I'm starting to get cross. After all that the solution to the entire thing was quite simple. 'resources' IS A RESERVED DIRECTORY!!! I included a directory in my src called 'resources' that stored all the graphical assets. Flash builder obviously has a problem with this and corrupts the signing process of the app with no feedback what so ever. I simply renamed the resources dir, published the .ipa from Flash Builder, uploaded via Application Loader, and approved no worries. fml.


      I have absolutely no idea how I came across this solution but it worked. So forget everything you have read in this post and simply CHECK YOUR SRC DIRECTORY!.

        • 1. Re: Application failed codesign verification for AIR iOS app
          soremite Level 1

          For me it was as simple as simply not moving the cert, p12, and PP once they were created and downloaded. How stupid and unrelated is that to the error message?


          Whatever, it uploaded finally.

          • 2. Re: Application failed codesign verification for AIR iOS app
            sinious Most Valuable Participant

            Messy or improper /src/ folders and unintended "included" files in the package have been a long time tradition of failed apps. I think Flash Pro and a lack of strict folder conventions has always plagued people.


            Once Flash Builder became the primary desirable tool for building apps, people noticed and enjoyed the simple file structure. Even still, some people from a Flash Pro-only background go back to littering the /src/ folder with things that simply don't belong there and fail apps. 


            I'm a native iOS developer in obj-c and am familiar with the OS itself. The word 'resources' is pretty mighty in the Apple chain. They use it to loosely refer to just about everything. It's sort of like making a folder on Windows named "My Documents". While you can (in the right spot), you can probably assume how confusing it's going to be when the user sees "My Documents" as a place to skip to in Windows Explorer, Start menu, etc but it never takes them to the folder they created. Try a synonym like 'assets' and you're typically safe, or even better, make your own folder naming convention, and keep them CLEAN.