ERROR ITMS-90035: "Invalid Signature. A sealed resource is missing or invalid.

When trying to upload my app via Application Loader to Apple, I’m getting “ERROR ITMS-90035…”

I have an Enterprise account with a custom plugin.  I can build the app and install it on my device with Xcode without issue.  If I comment out this line in build.settings and re-build, it will upload to Apple without issue:

 iphone = { url=“https://custom-url/iphone.tgz” },

I do not think it is a general certificate / provisioning issue.  I completely re-did my certificate / provisioning profile / etc on a new user.  The app uploads just fine if I have the custom plugin commented out.  But, the app builds fine locally with the custom plugin. 

I REALLY need to get this resolved as soon as possible.  I would sincerely appreciate any assistance. 

Thank you!

Andy

Error Message:

[2017-10-15 15:29:13 EDT] <main> DBG-X: The error code is: 1102

[2017-10-15 15:29:13 EDT] <main>  INFO: Done performing authentication.

[2017-10-15 15:29:13 EDT] <main> DBG-X: Returning 1

ERROR ITMS-90035: "Invalid Signature. A sealed resource is missing or invalid. The file at path [APPNAME.app/APPNAME] is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/library/ios/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html"

Hello!

It is really hard to tell what is going on from provided information. Most likely it is something wrong with your plugins archive.

I archived bitmap plugin put following in my build.settings:

    plugins =

    {

        [“plugin.hostedplugin”] =

        {

            publisherId = “com.company”,

            supportedPlatforms = {

                iphone = { url="https://dl.dropboxusercontent.com/s/v54erd9ctzwifrb/p1.tgz"},

            },

        },

    },

Submission went with without any issues and I got it working in TestFlight after about 5 minutes after it was done uploading with plugin functionality working perfectly fine.

Thanks for responding vlads.  We actually have two plugins and one of them is working fine.  So, you are right…I don’t think it is a general plugin problem.  However, the app builds just fine and it completely runs fine on a device when using a Development Profile to build.  We just can’t figure out where to go and look for a problem.  

Well. You could start with that It is hard to guess what is wrong with your setup - I don’t even know what are you doing.

Only thing I would suggest is to unzip your ipa and verify code signature, it may provide additional insights why it fails. It should be something like

unzip mysecretapp.ipa codesign -dv --verbose=4 Payload/mysecretapp.app

The signature verification seems to be OK. On “Authority” it shows the iPhone distribution certificate and the “Signed Time” is also correct.

In addition, if I remove the plugin on the build.settings file, the upload works correctly. The same plugin was working correctly on previous uploads. Do we need to sign the plugin too?

No, you do not need to sing a plugin. Bigger issue is what is inside a plugin, some things may require additional signing, but it should be done by Corona Simulator automatically. I do not know what you have in your plugin, so it is really hard to tell what is going on. Try to see if there is any difference between codesign output for app with and without your plugin. Also, check contents of the app, if adding a plugin introduces some suspicious files. You may have to do ‘ls -a’ to see hidden files and stuff.

We have been able to resolve our issue. 

This tool ended up being very valuable to us:

“RB App Checker Lite helps users and developers to check code signatures and receipts for applications from any source.”

https://itunes.apple.com/us/app/rb-app-checker-lite/id519421117?mt=12

It basically pinpointed the problem with our plugin exactly.

Thanks!

Could you share what the issue was?

I had a similar problem, where adding some resources to a plugin only worked in an adhoc build. 

To upload to iTunes, I had to take the resources out of the plugin and put them into my app’s main directory. 

@zdeveloper, was that similar to your solution?

Hello!

It is really hard to tell what is going on from provided information. Most likely it is something wrong with your plugins archive.

I archived bitmap plugin put following in my build.settings:

    plugins =

    {

        [“plugin.hostedplugin”] =

        {

            publisherId = “com.company”,

            supportedPlatforms = {

                iphone = { url="https://dl.dropboxusercontent.com/s/v54erd9ctzwifrb/p1.tgz"},

            },

        },

    },

Submission went with without any issues and I got it working in TestFlight after about 5 minutes after it was done uploading with plugin functionality working perfectly fine.

Thanks for responding vlads.  We actually have two plugins and one of them is working fine.  So, you are right…I don’t think it is a general plugin problem.  However, the app builds just fine and it completely runs fine on a device when using a Development Profile to build.  We just can’t figure out where to go and look for a problem.  

Well. You could start with that It is hard to guess what is wrong with your setup - I don’t even know what are you doing.

Only thing I would suggest is to unzip your ipa and verify code signature, it may provide additional insights why it fails. It should be something like

unzip mysecretapp.ipa codesign -dv --verbose=4 Payload/mysecretapp.app

The signature verification seems to be OK. On “Authority” it shows the iPhone distribution certificate and the “Signed Time” is also correct.

In addition, if I remove the plugin on the build.settings file, the upload works correctly. The same plugin was working correctly on previous uploads. Do we need to sign the plugin too?

No, you do not need to sing a plugin. Bigger issue is what is inside a plugin, some things may require additional signing, but it should be done by Corona Simulator automatically. I do not know what you have in your plugin, so it is really hard to tell what is going on. Try to see if there is any difference between codesign output for app with and without your plugin. Also, check contents of the app, if adding a plugin introduces some suspicious files. You may have to do ‘ls -a’ to see hidden files and stuff.

We have been able to resolve our issue. 

This tool ended up being very valuable to us:

“RB App Checker Lite helps users and developers to check code signatures and receipts for applications from any source.”

https://itunes.apple.com/us/app/rb-app-checker-lite/id519421117?mt=12

It basically pinpointed the problem with our plugin exactly.

Thanks!

Could you share what the issue was?

I had a similar problem, where adding some resources to a plugin only worked in an adhoc build. 

To upload to iTunes, I had to take the resources out of the plugin and put them into my app’s main directory. 

@zdeveloper, was that similar to your solution?