语言

Menu
Sites
Language
[SOLVED] Tizen SDK 2.2.1 applications cannot be submitted to the Tizen Store.

After upgrading to the Tizen SDK 2.2.1, I am running into the same issue as mentioned in the following thread:

https://developer.tizen.org/forums/native-application-development/application-package-has-failed-integrity-test

An application built and packaged with SDK 2.2.1 fails a Security Test when submitted to the Tizen Store. The application, built with SDK 2.2.0, previously passed App Store validation.

[Defect]
Application package has failed the integrity test.

"File exist and hash not found. - .manifest.tmp"

1.) The .manifest.tmp is NOT a part of the application and is NOT included in the project.

2.) The .manifest.tmp is created by the Tizen IDE AUTOMATICALLY in the <project>/.sign/ directory.

3.) If the .manifest.tmp file is deleted manually, it is re-created BY THE TIZEN IDE during the Build Package >> TPK command (with the same timestamp as <project>/.sign/author-signature.xml and <project>/.sign/signature1.xml).

4.) The .manifest.tmp is added to an application TPK package by the Tizen IDE automatically.

I setup a new, clean Ubuntu 12.04 environment with Tizen SDK 2.2.1, but the problem persists.

Suggestions?

Gary

编辑者为: Gary V 25 11月, 2013
列表

响应

20 回复
Kamil N

Gary

I get answer from Tizen support but it is not very useful in my opinion:

Regarding your inquiry, we would like to kindly inform you that validation is failed because of hash value. 

During integrity test, the hash value of resource file which is included in real package is compared with hash value of resource file which is recorded in author-signature.xml. 

In this way, the test found that the ".manifest.tmp" file is included in real package but hash value is not defined in author-signature.xml which is formed during package building. 

Therefore, if the ".manifest.tmp"file is included, please make sure that resource information and hash value are added in author-signature.xml. 

We hope you find the information useful and thank you for your kind understanding. 

 

I sent one more question if I should remove manifest.tmp manually form a package (?!) - I'm waiting for an answer. Problem you described is exactly the same as mine. I tried to package Sample applications from SDK and manifest.tmp was in package as well.

Kamil

Kamil N

Any new ideas? In my opinion this is a bug and the best way is downgrade SDK to 2.2 and then re-submit app. Tizen support didn't help (they are helpless as always)

 

Kamil

Gary V

I got exactly the same answer from Tizen Store support (copy and paste). I don't think altering a TPK is a good idea - I already rolled back to SDK 2.2.0 for the moment. Still waiting for one more reply from Tizen support regarding the fact that the problematic .manifest.tmp file is created by the Tizen IDE itself.

Is there anyone out there who actually submitted an SDK 2.2.1 app to the Tizen Store successfully?

Gary

Maybe you should report a critical bug to (bugs.tizen.org) ... tizen store cannot help you much but tizen developers should act fast

 

 

Are your sure that your private secure profile is set correctly as was in previous sdk!?
 

Gary V

Tizen IDE, Window >> Preferences >> Tizen SDK >> Security Profiles configuration shows the same Active Profile as before and the same Author Certificate, which still exists on the system. The {project} >> Build Package >> TPK process is successful. I checked that the TPK could be successfully installed on a real device and uploaded to the Tizen Store as a new version. It is only during the review process afterwards that the "application package has failed the integrity test". Anything else about the TPK that I should check?

Gary

Yes you are right. It was just w wild guess. I created TPK with 2.2.1 and it does include the tmp file
Gary V

An interesting thing is that Kamil mentioned that he "tried to package Sample applications from SDK and manifest.tmp was in package as well".

- install SDK 2.2.0
- New >> Tizen Native Project >> Sample >> UiControls, named "UiControls", no precompiled header
- build UiControls Release, <project> >> Build Package >> TPK
    - ./UiControls/Release/.tpk/.manifest.tmp exists
    - Console log does NOT mention inclusion of .manifest.tpk

Commentary: SDK 2.2.0 works properly.

- uninstall SDK 2.2.0, completely remove tizen-sdk-data
- install SDK 2.2.1 (a "Typical" installation) + reboot
- launch Tizen IDE, select the same Eclipse workspace directory as before (necessary to preserve the Security Profile)

- manually remove ./UiControls/Release/.tpk/.manifest.tmp
- build UiControls Release, <project> >> Build Package >> TPK
    - ./UiControls/Release/.tpk/.manifest.tmp exists
    - (!) Console log lists inclusion of .manifest.tpk

Commentary: the same thing happens for sample projects, user-made project files are not the source of the problem.

- delete UiControls from Tizen IDE, with "Delete project contents on disk"
- re-create UiControls from SDK 2.2.1
- build UiControls Release, <project> >> Build Package >> TPK
    - ./UiControls/Release/.tpk/.manifest.tmp exists
    - (!) Console log lists inclusion of .manifest.tpk

Commentary: re-using 2.2.0 project files under 2.2.1 is not the source of the problem.

- blow away the entire Eclipse workspace directory
- re-create UiControls from SDK 2.2.1
- re-create the Security Profile from scratch
- build UiControls Release, <project> >> Build Package >> TPK
    - ./UiControls/Release/.tpk/.manifest.tmp exists
    - (!) Console log lists inclusion of .manifest.tpk

Commentary: re-using Security Profiles and/or Eclipse .metadata is not the source of the problem.

Try with the UiControls sample project?

Gary

Gary V

An interesting thing is that Kamil mentioned that he "tried to package Sample applications from SDK and manifest.tmp was in package as well".

- install SDK 2.2.0
- New >> Tizen Native Project >> Sample >> UiControls, named "UiControls", no precompiled header
- build UiControls Release, <project> >> Build Package >> TPK
    - ./UiControls/Release/.tpk/.manifest.tmp exists
    - Console log does NOT mention inclusion of .manifest.tpk

Commentary: SDK 2.2.0 works properly.

- uninstall SDK 2.2.0, completely remove tizen-sdk-data
- install SDK 2.2.1 (a "Typical" installation) + reboot
- launch Tizen IDE, select the same Eclipse workspace directory as before (necessary to preserve the Security Profile)

- manually remove ./UiControls/Release/.tpk/.manifest.tmp
- build UiControls Release, <project> >> Build Package >> TPK
    - ./UiControls/Release/.tpk/.manifest.tmp exists
    - (!) Console log lists inclusion of .manifest.tpk

Commentary: the same thing happens for sample projects, user-made project files are not the source of the problem.

- delete UiControls from Tizen IDE, with "Delete project contents on disk"
- re-create UiControls from SDK 2.2.1
- build UiControls Release, <project> >> Build Package >> TPK
    - ./UiControls/Release/.tpk/.manifest.tmp exists
    - (!) Console log lists inclusion of .manifest.tpk

Commentary: re-using 2.2.0 project files under 2.2.1 is not the source of the problem.

- blow away the entire Eclipse workspace directory
- re-create UiControls from SDK 2.2.1
- re-create the Security Profile from scratch
- build UiControls Release, <project> >> Build Package >> TPK
    - ./UiControls/Release/.tpk/.manifest.tmp exists
    - (!) Console log lists inclusion of .manifest.tpk

Commentary: re-using Security Profiles and/or Eclipse .metadata is not the source of the problem.

Try with the UiControls sample project?

Gary

I think the manifest.tmp file is added on purpose. I think it is used by the store to check package files. If there is missing file in the manifest while it exists in the package, the app will fail Probably, new security measure by the store 2.2.1 release notes -Validation checks for the icon, version, and content elements have been refined and added.
Creating new app with 2.2.1 adds new feature to the manifest.xml - platform.native.api.version - also it warns the user when adding - screen.normal.size- feature I wonder if this has anything to do with the problem! App forms are not supporting all normal sizes or the missing of the platform feature!!
Gary V

I just created a completely new application in SDK 2.2.1, through File >> New >> Native Tizen Project, Form-based Application, With SceneManager. Added screen.size.normal to manifest.xml. platform.native.api.version was NOT added to manifest.xml by the manifest editor, so not sure where you get this property from? Built and packaged the new application - the Console log shows "adding: .manifest.tmp (in=477) (out=349) (deflated 27%)" under "Zipping...".

The problem with .manifest.tmp is still there with a new SDK 2.2.1 application, as well as a new SDK 2.2.1 sample, as well as an SDK 2.2.0 project built under SDK 2.2.1.

Are you saying you are NOT seeing the .manifest.tmp? Did you try the UiControls sample with SDK 2.2.1?

Gary

I think the missing file from the manifest.tmp is the singture1.xml...this file in the package and not hashed .. explain the error msg you got from the store No I have not tried the UIControl sample
I think the manifest.tmp file is added on purpose. I think it is used by the store to check package files. If there is missing file in the manifest while it exists in the package, the app will fail Probably, new security measure by the store 2.2.1 release notes -Validation checks for the icon, version, and content elements have been refined and added. ------------------------------------- Singture1.xml file is missing from the manifest. It is probably related to the distributor certificate !! ------------------------------------- The new feature is added in the manifest when I create new native app as you described above --------------------------------- I am just trying to help you.. I am not updating my apps now to 2.2.1..
Gary V

I don't think the .manifest.tmp file is added on purpose, for three reasons: 1.) the error message from the Tizen Store (see above) seems to say that the .manifest.tmp file exists, but a hash value for .manifest.tmp has not been found (not for any other file in a TPK), 2.) SDK 2.2.0 also utilized, but specifically did not add a .manifest.tmp file to a TPK and a package was still verifiable, 3.) there have been no changes to my application between SDK 2.2.0 and SDK 2.2.1 (signature1.xml, author-signature.xml, .manifest.tmp are all the same, except for <DigestValue> tags) and it previously passed Tizen Store validation, so there are no missing application files.

Appreciate your efforts to help. Considering all new SDK 2.2.1 applications as well as all new SDK 2.2.1 samples produce the problematic .manifest.tmp file, I think we need to have devs look into this. The problem is not project-specific, but rather SDK-wide.

I am not seeing platform.native.api.version anywere.

Gary

I don't know. I think you are right but the mainfest.tmp is added by the sdk and I couldn't find a way to prevent it.

We both using ubuntu 12.04? I wonder if same file is added using windows or Mac SDK


 

 

Gary V

Thanks for the screenshot, I wasn't looking for it under the <Feature> tag.

Yes, Ubuntu 12.04 here, as well.

Gary

Kamil N

I get answer from Support Team:

Regarding your inquiry, we would like to kindly inform you that ".manifest.tmp" file is being used for incremental signing in IDE and it's included in TPK packaging in SDK 2.2.1 because the way of making TPK has been changed. The ".manifest.tmp" file which is not able to be signed in IDE of the seller's application will be deleted since this issue will not influence the application installation process. Furthermore, we have revised our validation system since Nov 18th thus this will not be viewed as a defect anymore. 

Moreover, please be noted that Hash value can be checked in autho4-signature.xml through DigestValue. 
eg) 
<Reference URI="bin/Objectality.exe"> 
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> 
<DigestValue>l2jEbfiHLCJ34vySHVauc+gdbviYOtrKIdoj6Fd397k=</DigestValue> 
</Reference> 

 

Kamil

Gary V

FYI, manually added the new platform.native.api.version feature to manifest.xml (compared two from-scratch Form-based applications created under SDK 2.2.0 and 2.2.1 and that's the only difference), re-built the application under SDK 2.2.1 and re-packaged the TPK. The TPK installs and launches properly on a physical Tizen 2.2 device (without upgrading the OS to 2.2.1, the new feature seems backward-compatible). Submitted the TPK to the Tizen Store (unmodified, without removing .manifest.tmp) - the certification process has been successful.

Gary

Thanks for update, I was right :)