Able to sign and notarize app, but verifying for app store results in error: The Info.plist indicates a Mac app, but submitting an ipa

App Store Distribution & Marketing General
the__host OP
Created Nov ’20
Replies 15
Boosts 0
Views 2.4k
Participants 3
I've seen this issue in several other posts that all suggest different solutions (most of which are no longer valid).

I have an application developed in Go (for macOS only-no mobile) that has a directory structure like this:

Code Block 
myapp.app
└── Contents
    ├── Info.plist
    ├── MacOS
    │   └── myapp.app
    ├── README
    ├── Resources
    │   └── icon.icns
    └── _CodeSignature
        └── CodeResources


The app installer looks and works very nicely after going through
code-signing process. The .app (and contents) are first signed with the Developer ID Application cert with --options=runtime for hardening.

The productbuild command is used to build the installer, and the productsign command is used to sign with the 3rd Party Mac Developer Installer cert.

The installer package that is created works as expected. I am able to notarize the application/staple it if the Developer ID Installer is used to sign the package.

But in this case I am using the 3rd Party Mac Developer Installer to sign the package for the app store. After the signing is completed, I use this command to validate the package:

Code Block 
xcrun altool --validate-app -f file -t platform -u username [-p password] [--output-format xml]

This is where the problem occurs. Despite a package installer that works fine, I am unable to validate the app:

Code Block 
<plist version="1.0">
  <dict>
    <key>os-version</key>
    <string>10.15.7</string>
    <key>product-errors</key>
    <array>
      <dict>
        <key>code</key>
        <integer>-20008</integer>
        <key>message</key>
        <string>The Info.plist indicates a Mac app, but submitting an ipa.</string>
        <key>userInfo</key>
        <dict>
          <key>NSLocalizedDescription</key>
          <string>The Info.plist indicates a Mac app, but submitting an ipa.</string>
          <key>NSLocalizedFailureReason</key>
          <string>Unable to validate your application.</string>
        </dict>
      </dict>
    </array>
    <key>tool-path</key>
    <string>/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework</string>
    <key>tool-version</key>
  </dict>
</plist>

I also tried adding the app with the Transporter tool. That tool results in the error:

Code Block 
Failed to create the .itmsp for 'myapp.pkg'. Failed to get the app's bundle id.



Here is the Info.plist:


Code Block 
<plist version="1.0">
  <dict>
    <key>CFBundlePackageType</key>
    <string>APPL</string>
    <key>CFBundleInfoDictionaryVersion</key>
    <string>6.0</string>
    <key>CFBundleName</key>
    <string>myapp</string>
    <key>CFBundleExecutable</key>
    <string>MacOS/myapp.app</string>
    <key>CFBundleIdentifier</key>
    <string>name.myapp</string>
    <key>CFBundleVersion</key>
    <string>1.0</string>
    <key>CFBundleGetInfoString</key>
    <string>myapp by my co</string>
    <key>CFBundleShortVersionString</key>
    <string>1.0</string>
    <key>CFBundleIconFile</key>
    <string>icon.icns</string>
  </dict>
</plist>


Any suggestions are greatly appreciated.
Replies  15
Boosts  0
Views  2.4k
Participants  3
DTS Engineer OP
Apple
Nov ’20

I have an application developed in Go (for macOS only-no mobile) that
has a directory structure like this:

You should move the README into Contents/Resources. That’s unlikely to be the cause of your current problem, but it’s worth fixing.

Here is the Info.plist:

Your CFBundleExecutable property is wrong. It should just be myapp.app. The leading MacOS is implied.

I’m not sure if that’s the only problem you have. Fix this, try again, and let us know how you get along.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
the__host OP
Nov ’20
Thanks Quinn I'll give that a shot momentarily!
0
the__host OP
Nov ’20
Hmmm unfortunately the same error persists. Here is my current Info.plist (I moved the README as suggested too):

Code Block 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>CFBundlePackageType</key>
		<string>APPL</string>
		<key>CFBundleInfoDictionaryVersion</key>
		<string>6.0</string>
		<key>CFBundleName</key>
		<string>myapp</string>
		<key>CFBundleExecutable</key>
		<string>myapp.app</string>
		<key>CFBundleIdentifier</key>
		<string>name.myapp</string>
		<key>CFBundleVersion</key>
		<string>1.0</string>
		<key>CFBundleGetInfoString</key>
		<string>myapp by my name</string>
		<key>CFBundleShortVersionString</key>
		<string>1.0</string>
		<key>CFBundleIconFile</key>
		<string>icon.icns</string>
	</dict>
</plist>


Also as a side note... the CFBundleIdentifier is taken from my Identifiers found in Certificates, Identifiers & Profiles

0
Brigitte OP
Nov ’20
Can the executable itself be an app? In my projects, the executable is just an executable file.

Greetings
Brigitte

0
DTS Engineer OP
Apple
Nov ’20

CFBundleIdentifier is taken from my Identifiers found in
Certificates, Identifiers & Profiles

That’s correct.

Looking at your Info.plist, you have both CFBundleExecutable and CFBundleIdentifier set to the same value. I’m not sure whether that’s a consequence of your redaction or that’s how things are really set up. If it’s the former, can you post an example with the executable name and bundle identifier redacted to different values? And if it’s the latter you should fix that (-:

Here’s how things are normally set up:

Code Block  
% find MyApp.app
MyApp.app
MyApp.app/Contents
MyApp.app/Contents/Info.plist
MyApp.app/Contents/MacOS
MyApp.app/Contents/MacOS/MyApp
MyApp.app/Contents/Resources
% /usr/libexec/PlistBuddy -c "print :CFBundleIdentifier" MyApp.app/Contents/Info.plist
com.example.apple-samplecode.MyApp
% /usr/libexec/PlistBuddy -c "print :CFBundleExecutable" MyApp.app/Contents/Info.plist
MyApp


Note that:

  • The bundle ID uses reverse DNS notation.

  • The executable name is typically just a single label. Specifically, it does not contain the trailing .app. That extension is only present on the top-level directory.

  • The executable name matches CFBundleExecutable.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
the__host OP
Nov ’20
Hi quinn the eskimo, here's the actual project details... btw I don't think I'll be uploading this to the store, but I wish to figure it out for future apps.

Code Block 
evilpoopemoji.app
└── Contents
    ├── Info.plist
    ├── MacOS
    │   └── evilpoopemoji
    ├── Resources
    │   ├── README
    │   └── icon.icns
    └── _CodeSignature
        └── CodeResources


Info.plist
Code Block 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>CFBundlePackageType</key>
		<string>APPL</string>
		<key>CFBundleInfoDictionaryVersion</key>
		<string>6.0</string>
		<key>CFBundleName</key>
		<string>evilpoopemoji</string>
		<key>CFBundleExecutable</key>
		<string>evilpoopemoji</string>
		<key>CFBundleIdentifier</key>
		<string>com.myname.evilpoopemoji</string>
		<key>CFBundleVersion</key>
		<string>1.0</string>
		<key>CFBundleGetInfoString</key>
		<string>evilpoopemoji by rootVIII</string>
		<key>CFBundleShortVersionString</key>
		<string>1.0</string>
		<key>CFBundleIconFile</key>
		<string>icon.icns</string>
	</dict>
</plist>


shell commands that I am using:

Code Block 
codesign -f -s  "Developer ID Application: My Name (ID NUMBER)" evilpoopemoji.app  --options=runtime --deep
productbuild --component evilpoopemoji.app /Applications epe.pkg
productsign --sign "3rd Party Mac Developer Installer: My Name (ID NUMBER)" --keychain ~/Library/Keychains/login.keychain  epe.pkg evilpoopemoji.pkg
xcrun altool --validate-app -f evilpoopemoji.pkg -u <my email>  -p <my one-time password> -t osx --output-format xml

I also tried signing in the above productbuild command instead of using productsign, but ended with same result


As mentioned before... If I sign with the package/installer with 'Developer ID Installer', I am able to notarize/staple the project without issues. The issue only happens when validating after using the '3rd Party Mac Developer Installer'.

Here is the project: https://github.com/rootVIII/evilpoopemoji
0
the__host OP
Nov ’20
Just to clarify this:


I also tried signing in the above productbuild command instead of using productsign, but ended with same result

I had also tried the below command (removing need for productsign as it creates the .pkg and signs it) as I was unsure if temporarily naming the package to epe.pkg was causing an issue:

Code Block 
productbuild --component evilpoopemoji.app /Applications --sign "3rd Party Mac Developer Installer: My Name (ID NUMBER)"  evilpoopemoji.pkg --product evilpoopemoji.app/Contents/Info.plist


0
DTS Engineer OP
Apple
Nov ’20 
Code Block  
codesign -f -s  "Developer ID Application: My Name (ID NUMBER)" evilpoopemoji.app  --options=runtime --deep


Don’t use --deep. See --deep Considered Harmful for an explanation as to why. However, as you only have a single code item this is not the cause of your problem.

Code Block  
productsign --sign "3rd Party Mac Developer Installer: My Name (ID NUMBER)" --keychain ~/Library/Keychains/login.keychain  epe.pkg evilpoopemoji.pkg


You seem to be mixing Developer ID and Mac App Store Distribution signing identities:

  • For independent distribution sign the code with Developer ID Application and the installer with Developer ID Installer. And then you need to notarise, not validate.

  • For Mac App Store distribution, sign the code with 3rd Party Mac Developer Application (or the new-style Apple Distribution) and the installer with 3rd Party Mac Developer Installer, and then don’t notarise but validate.

See Signing a Mac Product For Distribution for more details.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
the__host OP
Nov ’20
Thanks for the clarification:

For Mac App Store distribution, sign the code with 3rd Party Mac
Developer Application (or the new-style Apple Distribution) and the
installer with 3rd Party Mac Developer Installer, and then don’t
notarise but validate.

Unfortunatelly the error persists... hmmmm
0
DTS Engineer OP
Apple
Nov ’20

Unfortunately the error persists...

OK, let’s change tack a little:

  1. Use Xcode to create a dummy app that the same name and same bundle ID as your main app. You’re not going to ship this, it’s just for testing.

  2. Build an archive from that (Product > Archive).

  3. Try validating that from the Xcode Organizer (Window > Organizer > your archive > Validate App).

Does that work?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
the__host OP
Nov ’20
Hi Quinn:


OK, let’s change tack a little:
Use Xcode to create a dummy app that the same name and same bundle ID as your main app. You’re not going to ship this, it’s just for testing.
Build an archive from that (Product > Archive).
Try validating that from the Xcode Organizer (Window > Organizer > your archive > Validate App).
Does that work?


So after trying your recommended task, I have some interesting results. I tried validating my app in Xcode, and got this:

Code Block  "Distribution failed with errors:"
App Store Connect Operation Error
No suitable application records were found. Verify your bundle identifier ‘com.myname.evilpoopemoji’ is correct.


Of course myname is my actual name. And this bundle identifier definitely exists in my account.

And I get that error regardless of whether or not I "Distribute" or "Validate" within xcode.

btw thanks again for helping me trouble shoot this...



0
the__host OP
Nov ’20
Okay I figured out the xcode issue. While I had the the correct bundle ID in the UI, the incorrect bundle ID was listed under the app's General tab.

Now Xcode is reporting 2 errors... an icon error (which is okay as I was just building the default app). Then there is also this error:

Code Block 
App Store Connect Operation Error
The product archive is invalid. The Info.plist must contain a LSApplicationCategoryType key, whose value is the UTI for a valid category. For more details, see "Submitting your Mac apps to the App Store".


I am going to go back to the cmd line to see if I can validate my original app now.

I might also try adding LSApplicationCategoryType to my Info.plist as well due to that Xcode suggestion.

EDIT: still same error unfortunately when validating via cmd line
0
DTS Engineer OP
Apple
Nov ’20

still same error unfortunately when validating via cmd line

Does that mean that the validate operation is working from Xcode (with your dummy app) but still failing from the command line?

If so, that suggests a new debugging strategy: In the Organizer run the Distribute App > App Store Connect > Export workflow. This will result in an installer package container the dummy app, which gives you two options:

  • Validate that installer package from the command line — This should work, because the package validated from within Xcode. If it fails, there’s something weird going on with your altool command.

  • Compare it to your real app’s installer package — You can check that the installers and apps are signed the same way, then compare the two Info.plist files, and so on.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
the__host OP
Nov ’20
It seems that I cannot validate in Xcode due this error:

Code Block 
The product archive is invalid. The Info.plist must contain a LSApplicationCategoryType key, whose value is the UTI for a valid category. For more details, see "Submitting your Mac apps to the App Store".


I tried adding the key along with one of the suggested LSApplicationCategoryType values but unfortunately it still does not build.

As for the command-line Go app... it still gives the same error as well, despite having the Bundle ID matching what is in the app's configuration within App Store Connect (also tried with and without LSApplicationCategoryType).

I think I shall put this one on the back burner for a while. I am happy that I can notarize a non-Swift app via the cmd-line and will leave it at that. After going through this process I have actually lost interest in working with the Apple store... which is probably exactly what Apple wants? Anyways, thank you for the assistance.
0
DTS Engineer OP
Apple
Nov ’20

It seems that I cannot validate in Xcode due this error:



I tried adding the key along with one of the suggested
LSApplicationCategoryType values but unfortunately it still does not
build.

Try setting it via the App Category popup in the Identity slice of the General tab of the target editor.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
Able to sign and notarize app, but verifying for app store results in error: The Info.plist indicates a Mac app, but submitting an ipa
First post date Last post date
 
 
Q