I have a really weird codesigning problem. A previous, almost identical version has passed validation and been submitted to the App Store, so my codesignature isn't broken.
Recently I've been trying to use the iTunesLibrary framework. This framework only works if your application is codesigned. I'm getting a common error when trying to initialize the framework that indicates a codesigning failure:
Error Domain=NSPOSIXErrorDomain Code=100001 "Could not load." UserInfo=0x100329d80 {NSLocalizedDescription=Could not load., NSUnderlyingError=0x10031a430 "The operation couldn’t be completed. (OSStatus error 100005.)"}
My app is organized into multiple frameworks both dynamically linked and plugins. I have been using the --deep flag to recursively sign my application, but apparently this is wrong. Now I'm using a run script build phase to sign each of my frameworks and plugins. This seems to work as codesign tells me the app is signed.
I've built the app in debug mode as well as archived it and exported as a Developer ID signed program and checked the signature -- both build modes pass. When I run it, I get the above error from iTunesLibrary. The really weird part is, if I export the app and re-sign it myself as below, then iTunesLibrary functions properly:
codesign --force --sign "MyIdentity" --deep MyApp.app
If I use spctl --assess to try to tell me more about this, I learn that this application despite working properly is badly signed:
/Users/me/Desktop/MyApp.app: rejected
The app that iTunesLibrary doesn't like on the other hand passes spctl inspection:
/Users/me/Desktop/MyApp.app: accepted
source=Developer ID
origin=Developer ID Application: Me
The solution is to link the iTunesLibrary framework to your main executable as well as to the framework that is actually using it.
I'd love to know why...