When trying to build my ionic / cordova app to my iphone it currently fails with the exception Provisioning profile "iOS Team Provisioning Profile: ... doesn't support the Associated Domains capability. (in target 'MyApp' from project 'MyApp'). When building it for the emulator the app just works fine. It already worked on my iphone before but now i just have no idea why it fails.
Maybe someone could help me figure out a solution.
The problem was that i only had a free personal apple developer account. I found out that apple supports different capabilities for free and paid members. You can find those here: https://developer.apple.com/support/app-capabilities/ So basically the associated domains capability which i had added to my project was not supported for me as a free member.
Note: While this may not be the answer for the question above, it is the solution for the same "error message" if you changed your project configs and didn't update the certificates.
This happened to me after adding associated-domains to Runner.entitlements. I had to update all the certificates used by the CI/CD (Bitrise).
Run the commands below as follow.
fastlane match appstore --readonly false --force
fastlane match adhoc --readonly false --force
fastlane match development --readonly false --force
After that rebuild.
I'm building an iOS app locally using Fastlane, without any problems.
I'm using match with a separate repo, to keep track of certificates and provisioning profiles.
Locally it works fine.
On Bitrise, however, I get this error:
[05:23:16]: All required keys, certificates and provisioning profiles are installed 🙌
[05:23:16]: Setting Provisioning Profile type to 'app-store'
[05:23:16]: -----------------------
[05:23:16]: --- Step: build_app ---
[05:23:16]: -----------------------
[05:23:16]: $ xcodebuild -list -workspace Myapp.xcworkspace -configuration Debug
[05:23:17]: $ xcodebuild -showBuildSettings -workspace Myapp.xcworkspace -scheme Myapp -configuration Debug
[05:23:20]: Couldn't automatically detect the provisioning profile mapping
[05:23:20]: Since Xcode 9 you need to provide an explicit mapping of what
[05:23:20]: provisioning profile to use for each target of your app
[05:23:20]: No such file or directory # rb_sysopen - /Users/vagrant/git/Pods/Target Support Files/Pods-Myapp/Pods-Myapp.debug.xcconfig
[05:23:20]: Detected provisioning profile mapping: {:"com.myapp.myapp"=>"match AppStore com.myapp.myapp"}
I tried explicitly mapping the provisioning profile in my Fastfile:
lane :beta do
clear_derived_data
increment_build_number
match(app_identifier: "com.myapp.myapp", type: "appstore", clone_branch_directly: true)
build_app(
workspace: "Myapp.xcworkspace",
scheme: "Myapp",
configuration: "Debug",
export_options: {
method: "app-store",
provisioningProfiles: {
"com.myapp.myapp" => "match AppStore com.myapp.myapp"
}
}
)
upload_to_testflight(skip_waiting_for_build_processing: true)
end
Any idea what I need to resolve this?
Part 1: Resolving this and understanding what is happening
In order to reproduce locally / resolve this, I would suggest to disable automatic signing. This way, you will be much closer to your CI/CD configuration. You might locally have access to certificates that allow you to make it work locally. Disabling automatic code signing will show you exactly which certificates your XCode is using. In order to achieve that, you can use the disable_automatic_code_signing command.
disable_automatic_code_signing(
path: "demo-project/demo/demo.xcodeproj"
)
Once this is done, you can go in your local XCode see what profile it is using. This is the first step. I would also suggest to remove all local provisioning profiles from your library. (Much more Closer to Bitrise configuration that does not have any loaded profiles once you start a flow).
The following commands will achieve that:
cd ~/Library/MobileDevice/Provisioning\ Profiles
rm -fr *
Once this is done, it is very likely that it will not allow you to export an archive using the target (and configuration) you want. Hopefully, it will fail locally the same way it is failing remotely. From then you can go in your XCode to see the different provisioning profiles that were downloaded with match and figure out why it is not able to automatically resolve it.
Part 2: an educated guess on what is happening and how to resolve it
My suspicion is that you are trying to code sign with an iPhone Developer code sign identity but the match command you are using retrieves a distribution certificate (iOS Distribution signing identity).
Using automatic signing, XCode is looking for provisioning profiles that match your target and configuration. It attempts to find an iOS Developer certificate, but this is not what you are fetching using match.
A simple solution to this problem (if this is the problem) would be to change the sign identity method before and after you build_app. You can achieve it like this:
automatic_code_signing(
path: "demo.xcodeproj",
code_sign_identity: "iPhone Distribution"
)
Or directly inside your build_app / gym with the code_sign_identity parameter:
build_app(
workspace: "Myapp.xcworkspace",
scheme: "Myapp",
configuration: "Debug",
codesigning_identity: "iPhone Distribution" # or iPhone Developer
)
Since you are using Bitrise, why not use their integrations which can take care of code signing and deployment automatically? I recently moved from Fastlane steps to Bitrise steps. See my answer here: https://stackoverflow.com/a/60836343/1271474
We use Fusetools to build an app. Using the command uno build --target=ios --configuration=Release we generate a new myapp.xcodeproj file for the app.
When I open the .xcodeproj in Xcode IDE manually I see the Automatically manage signing checkbox is selected. We then use Fastlane match to get certificates and select appstore certificate manually in Xcode. This all works fine.
Now - we try to build this using a CI provider like Bitrise using a headless build process. Then everything stops at the same point. our .xcodeproj has Automatically manage signing checkbox is selected.
Our Fastfile looks like this:
disable_automatic_code_signing(path: "../myapp.xcodeproj")
match(git_url: "git#github.com:MyRepo/match.git",
app_identifier: "com.myapp.myapp",
type: "appstore",
readonly: true)
gym(
workspace: "myapp.xcworkspace",
scheme: "MyApp",
export_method: "app-store",
xcargs: "PROVISIONING_PROFILE_SPECIFIER='match AppStore
com.myapp.myapp'"
)
In our Fastfile we try to disable automatic signing first, the in gym - pass in parameter xcargs: "PROVISIONING_PROFILE_SPECIFIER='match AppStore com.myapp.myapp'" to set the provisioning profile before build.
I then get this from Bitrise CI monitor:
Code signing is required for product type 'Application' in SDK 'iOS 10.3'
I can reproduce this if running locally trying to set automatic signing to false and do the same.
Any idea?
xcargs: "PROVISIONING_PROFILE_SPECIFIER='match AppStore com.myapp.myapp'"
This approach doesn't work well any more since apps might have multiple targets. Instead check out the Xcode setup guide that describes that you can use environment variables, that are being filled by match, for each target's provisioning profile name option 👍
SUMMARY:
If you open a project in Xcode 8 with "Automatically manage signing" enabled and a new bundle ID, it will automatically create and download a provisioning profile for it. But how can I make the same thing happen with xcodebuild, so I can use it on a remote build server?
DETAILS:
I'm trying to build a Cordova app on a Mac. Cordova configures the Xcode project to use "Automatically manage signing", so I'm trying to use that.
I change the bundle ID often, so I want Cordova to be able to build it with a new bundle ID, that hasn't been used before.
But when I run cordova build ios --release --device --buildConfig build.json, I get a return code 65 and the following error:
Check dependencies
No profiles for 'com.my.bundle.id' were found: Xcode couldn't find a provisioning profile matching 'com.my.bundle.id'.
Code signing is required for product type 'Application' in SDK 'iOS 10.3'
** ARCHIVE FAILED **
The following build commands failed:
Check dependencies
(1 failure)
Error: Error code 65 for command: xcodebuild with args: -xcconfig,/cordova-project/platforms/ios/cordova/build-debug.xcconfig,-workspace,MyApp.xcworkspace,-scheme,MyApp,-configuration,Debug,-destination,generic/platform=iOS,-archivePath,MyApp.xcarchive,archive,CONFIGURATION_BUILD_DIR=/cordova-project/platforms/ios/build/device,SHARED_PRECOMPS_DIR=/cordova-project/platforms/ios/build/sharedpch
(I can manually run that xcodebuild command and get the same error, so it's probably not a Cordova issue.)
My build.json file looks like this:
{
"ios": {
"debug": {
"codeSignIdentity": "iPhone Developer",
"developmentTeam": "MY_TEAM_ID",
"packageType": "development"
},
"release": {
"codeSignIdentity": "iPhone Developer",
"developmentTeam": "MY_TEAM_ID",
"packageType": "enterprise"
}
}
}
I'm using cordova 7.0.1, cordova-ios 4.4.0, Xcode 8.3.3, and MacOS 10.12.5. I have an Apple Enterprise account.
WHAT I TRIED:
If I open the generated project in Xcode, it fixes the automatic signing, and from then on I can run cordova successfully with that bundle ID. But if I try to run it with a different bundle ID, it will fail again.
I tried using security unlock-keychain ~/Library/Keychains/login.keychain-db first, since that's worked in the past, but it didn't help.
I also tried opening my private signing key in Keychain Access and setting it to "Allow all applications to access this item", without any luck.
I get the same error regardless of whether I pass --debug or --release to cordova.
This isn't directly supported in Xcode 8. In Xcode 9, however, you can pass -allowProvisioningUpdates to xcodebuild and automatic signing will work just as in the Xcode UI, without needing any additional tools.
e.g. cordova run ios --buildFlag="-allowProvisioningUpdates"
Answer is yes. What I used and what I can confirm is working and it is great:
https://fastlane.tools/
You can set up everything to be automatic:
Signing keys
Taking screenshots
Uploading on iTunes
and many other things
In background it is using xcodebuild command line. I was skeptic that something like this is possible, but just set up, start and enjoy.
For Automatically manage signing you can use Fastlane. It's easy to install and setup.
For using it on a remote build server - you can use Jenkins.
Here example. You need to setup Jenkins with Fastlane to your remote machine. Than Jenkins will check your repository thread or just by you command to it. After it Jenkins run Fastlane on remote build server. And Fastlane will create all certificate and other setup that you write in Fastfile.
If you have only one deploy certificate, you can use Fastlane service called Match
Easily sync your certificates and profiles across your team using Git
or just send and setup it locally.
Hope it helps you, good luck!
Here example for beta deploy (for me work with Xcode 9):
desc "Build devFoo and upload it to Fabric"
lane :uploadToFabric do
cocoapods
cert(
development: true,
output_path: "./fastlane"
)
sigh(
development: true,
output_path: "./fastlane"
)
clear_derived_data
gym(
scheme: "Foo",
configuration: "Debug",
clean: true,
output_directory: "./fastlane",
)
crashlytics(
api_token: "foofoofoofoo",
build_secret: "foofoofoofoo",
emails: ["foo#foo.com"],
notifications: true
)
slack(
message: "New build for test successfully deployed in Fabric",
success: true
)
end
Here example for release deploy:
desc "Build and upload it to the AppStore and TestFlight"
lane :uploadToAppStore do
cocoapods
cert(
development: false,
output_path: "./fastlane"
)
sigh(
development: false,
app_identifier: "foofoo",
output_path: "./fastlane"
)
clear_derived_data
gym(
scheme: "Foo",
configuration: "Release",
clean: false,
output_directory: "./fastlane",
)
deliver(
force: true,
app_identifier: "foo",
skip_metadata: true,
skip_screenshots: true,
submit_for_review: false,
skip_binary_upload: false
)
slack(
message: "New build successfully deployed to AppStore",
success: true
)
upload_symbols_to_crashlytics(dsym_path: "./fastlane/foo.app.dSYM.zip")
slack(
message: "dSYM symbolication files uploaded to Crashlytics",
success: true
)
You can do it using fastlane.
https://fastlane.tools/
cert : Fetch or generate the latest available code signing identity
sigh : Generates a provisioning profile. Stores the profile in the current folder
ps : If you are running it from a CI server (for example jenkins) you need then to unlock login keychain :
security unlock-keychain -p PASSWORD /Users/YOUR-USER/Library/Keychains/login.keychain
Example within the fastfile :
cert(
development: true,
)
sigh(
development: true,
app_identifier: "YOUR_APP_IDENTIFIER"
)
Here's an example of a basic Fastfile :
fastlane_version "2.27.0"
default_platform :ios
platform :ios do
lane :beta do
cert
sigh
gym
end
error do |lane, exception|
puts "Got an error! #{exception.error_info.to_s}"
end
end
There is no way to manage signing automatically using xcodebuild. You must either use third parties like Fastlane as mentioned before or use manual code signing as mentioned here.
As some other answers have already mentioned, what you are looking for is a release automation tool called Fastlane. https://fastlane.tools/
If you are not familiar with it, I believe best place to get started would be raywenderlich's fastlane tutorial.
https://www.raywenderlich.com/136168/fastlane-tutorial-getting-started-2
Notice: This answer assumes that bundle ID and provisioning profiles are created manually. Only build process can be automated using this method.
Yes that is possible even without using third party tools. you should be comfortable using script file or a make file. I'm using 2 lines of code in a makefile on Mac Mini at work. And that gives us either ad-hoc or appstore version ready for upload according to our configuration.
make sure your project has enabled automatic configuration.
make sure on your remote mac that all singing certificates and provisioning are downloaded. for this case, I always, for the first building, open Xcode and build & export on my remote machine. If that works then nothing is missing. But make sure that you always allow access to the singing certificate. Xcode also asks this for the first the build. Otherwise a popup will show up on your remote server and waits till someone allows access to the signing certificate.
you need a plist file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>teamID</key>
<string>MY_TEAM_ID_XXYY</string> //put your iPhone distribution team ID. in my case developer team ID is different than my distribution team ID. just wondering.
<key>method</key>
<string>app-store</string> // for appstore upload or use <string>ad-hoc</string> for ad-hoc
<key>uploadSymbols</key>
<true/>
<key>uploadBitcode</key>
<true/>
</dict>
</plist>
You should save plist configuration somewhere accessible, e.g., as options.plist
just a reminder: make sure that you have your ad-hoc/distribution provisioning profile on your remote Mac.
xcodebuild will create an archive then we can export .app. In your make file or script file use these lines:
4.1. First we create the archive file.
xcodebuild archive -derivedDataPath build/ -project myProject.xcodeproj -scheme myScheme -archivePath build/ios/myProject.xcarchive
derivedDataPath parameter is just a folder that can be deleted later after building the app. you know how much junk is produced in derived data.
project name is your project name, and scheme name is right after play|stop button in Xcode. You must choose an archive name and path for the next step.
4.2 After your archive has been built successfully, use this code to create the app:
xcodebuild -exportArchive -archivePath build/ios/myProject.xcarchive -exportPath build/ios/ -exportOptionsPlist build/ios/options.plist
Here you use the archive name and path that was used in previous step. exportOptionsPlist needs to know the path and name for your plist configuration that we created in step 3.
And that's it! You can run these commands in a terminal window it will build your app as well. You can put these 2 line in a script file / makefile and use variables for project name, path and options.plist, Then you can use that to build all of your apps.
PS: If anything is unclear please let me know and I will add more explanation.
As far as my understanding and recent readings, the answer to OP's question:
"Can xcodebuild manage automatic signing?" is "YES" but not as per the OP's expectations in lines of "when you haven't created the app ID or provisioning profile yet, and you want to create it automatically the way Xcode does"
As per this informative blog on xcode8 and automatic code signing, it clearly states that :
"If you want to create for example an App Store signed IPA, on the Mac you have to have both a Wildcard, Team / Development AND the App Store distribution certificates and provisioning profiles!"
Hence, the app ID and provisioning profile wont be auto created. Fastlane may be a workaround to this problem but i guess that is not the OP's expectation. Hope it makes sense.
If you are archiving the xCode project with xcodebuild and you have xCode 9 installed you can provide the following FLAGS to the compilation command:
CODE_SIGN_STYLE="Manual" \
DEVELOPMENT_TEAM="" \
It will set the automatic signing to false and the development team to empty. You can set the values you need. For instance:
xcodebuild \
-scheme "your_scheme" \
-sdk iphoneos \
-archivePath "/Users/youruser/Developer/Jenkins/Home/customWorkspace/folder/platforms/ios/build/device/yourproject.xcarchive" \
-configuration Release \
-allowProvisioningUpdates \
CONFIGURATION_BUILD_DIR="/Users/youruser/Developer/Jenkins/Home/customWorkspace/folder/platforms/ios/build/device" \
CODE_SIGN_IDENTITY="your code sign identity" \
PROVISIONING_PROFILE="your provisioning profile" \
CODE_SIGN_STYLE="Manual" \
DEVELOPMENT_TEAM="" \
archive
Then you can create the ipa with -exportArchive and it will create the ipa as you need
I am building the IPA (via fastlane with a distribution profile). The entitlements show beta-reports-active=1:
Upload with the AppLoader is successful - but it's not showing up for testing:
The build shows up under "Activity" though - but showing "Missing Beta Entitlements"
Looking into the build details on iTunes Connect the entitlements seem to be really missing the beta entitlements:
Anyone a clue what I am missing?
The problem was fastlane gym (in my case) creating an IPA that was invalid. I ditched it and are now building through xcodebuild without problems.
Both Payload/*.app/embedded.mobileprovision and codesign -d --entitlements :- Payload/*.app need to have beta-reports-active = 1 set.
That wasn't always the case with gym. See the github issue explaining the details
Without use_legacy_build_api: true gym also has trouble picking the right provisioning profile.
I was having a similar issue, although I think it's the exact same one.
When uploading an app using Pilot or Application Loader, I was able to select the app for external testing, but not for internal testing.
Solution
Use an adhoc distribution provisioning profile.
I've created the following lane to publish an app for internal testing:
lane :internal do |options|
unlock_keychain(path: 'login')
cert(
username: options[:username],
output_path: './fastlane/certs'
)
provisioning_profile = sigh(
username: options[:username],
adhoc: true
)
FileUtils.mkdir_p('www')
sh("cordova build ios --release --device -- --provisioningProfile=#{provisioning_profile}")
pilot(
username: options[:username],
distribute_external: false,
ipa: 'platforms/ios/build/device/<app_name>.ipa'
)
end
Note: Pilot raised an error, but I was still able to select the app for internal testing in iTunes Connect manually.