2
votes

I am trying to submit an app (using Qt 5.4.2 (doubt it matters but including just in case)) to the Mac App Store and for some reason I keep getting the following error:

Invalid Signature - This error occurs when you have signed your app's installer incorrectly. There are two certs required for this process: the "3rd Party Mac Developer Application" cert and the "3rd Party Mac Developer Installer" cert. When signing your package, you need to ensure that you are using the Installer cert to sign your package. Ensure that you are specifying this cert when submitting your app via the Xcode Organizer or when running productbuild from the command line.

When I was on 10.10.4 with Xcode 6.4, I was getting this error in Application Loader. After doing the usual searches, all the references I could find to this problem were 3-4 years old. In one of the old answers, someone mentioned that upgrading OSX and Xcode fixed it for them, so I figured what the heck.

I upgraded to OSX 10.11.13 and am compiling with Xcode 7.2.1 (along with Application Loader 3.4 (902)) and at first I thought "oh hey! the error is gone!" since Application Loader was no longer displaying it. However now I'm getting the same error in emails (as shown above) once Application Loader uploads it!

I have a Python script that does a lot of voodoo with copying in the Qt frameworks, fixes things up and signs the binaries, and then the last two things it does is creates the PKG file and signs it. At first I had that in two seperate steps. For giggles I tried adding the --signargument in productbuild step, but I got the same results. The commands look like:

print ("Creating the PKG")
subprocess.call([r'/usr/bin/productbuild', 
    r'--component',
    bundleFolder+ '/MyApp.app',
    r'/Applications',
    r'MyApp-Installer.pkg',
    r'--sign',
    r'3rd Party Mac Developer Installer: My Name (12345XXXX)',
])

#print ("Creating the Signed PKG")
#subprocess.call([r'/usr/bin/productsign', 
#   r'--sign',
#   r'3rd Party Mac Developer Installer: My Name (12345XXXX)',
#   r'MyApp-Installer.pkg',
#   r'MyApp-Installer-Signed.pkg'
#])

Also, FWIW, this is the first time I have tried to update the app in over year (I know :( ) and this is a new machine. So, I deleted the certs in Developer portal (developer.apple.com), recreated them and then imported/installed/downloaded them. Actually, I've done that several times trying to figure it out. The last time I created them through Xcode. So that Keychain Access looks like:

enter image description here

And my view in the Developer portal looks like:

enter image description here

However, another thing I might mention (I'm not sure if it's significant or not), every time I've added these new certs to Keychain, whether I do it in Xcode or whether I create, download and import the cert mainly, I've had to right-mouse click on the certificate and go to Get Info -> Trust and change "Code Signing" from "no value specified" to "Always Trust".

I've tried to give a lot of detail in hopes that someone can help me pinpoint what I'm doing wrong. If anyone has any suggestions or ideas, I would be very appreciative!

1
It turns out that my root certificates had expired! Which also explains (I think) why I had to do the "Get Info"-thing mentioned above. However, I followed the steps in the following link and so far it looks good: stackoverflow.com/questions/35390072/…Addy

1 Answers

1
votes

Two possible solutions

I encountered this issue, twice, each for a different reason.

The first time, I check certificates in keychain, I found duplicate certificates. I removed duplicates (leaving those with longest expiration time), issue solved.

The second time, I switched to a new laptop as my development machine, there are no relevant certificates in my keychain. I downloaded them from https://developer.apple.com/account/mac/certificate/ and installed them, issue solved.

So I guess this problem is about your certificates in your keychain. Just make sure you have the right set of certificates, no missing, no duplicates, no expiration.