xcodebuild archive fails ITMS validation - ios

Our app has a watchkit app + extension. Archives from XCode IDE always pass iTunes store validation. However archives generated via xcodebuild command tools (Xcode 6.4; Build version 6E35b) fail this validation with the following errors:
ERROR ITMS-90163: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'aps-environment' in 'Payload/TheDodo.app/PlugIns/DodoExtension.appex/DodoExtension'."
ERROR ITMS-90164: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. According to the provisioning profile, the bundle contains a key value that is not allowed: '##########.###.##########.######' for the key 'application-identifier' in 'Payload/TheDodo.app/PlugIns/TheDodoWatchKitExtension.appex/TheDodoWatchKitExtension'"
ERROR ITMS-90163: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'aps-environment' in 'Payload/TheDodo.app/PlugIns/TheDodoWatchKitExtension.appex/TheDodoWatchKitExtension'."
ERROR ITMS-90046: "Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, value '##########.###.##########.######' for key 'application-identifier' in 'Payload/TheDodo.app/PlugIns/TheDodoWatchKitExtension.appex/TheDodoWatchKitExtension' is not supported. This value should be a string starting with your TEAMID, followed by a dot '.', followed by the bundle identifier."
ERROR ITMS-90163: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'aps-environment' in 'Payload/TheDodo.app/PlugIns/TheDodoWatchKitExtension.appex/TheDodoWatchKitApp.app/TheDodoWatchKitApp'."
ERROR ITMS-90163: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.security.application-groups' in 'Payload/TheDodo.app/PlugIns/TheDodoWatchKitExtension.appex/TheDodoWatchKitApp.app/TheDodoWatchKitApp'."
The Makefile to archive and export looks something like this:
/usr/bin/xcodebuild -verbose -verbose -workspace 'rebelmouse.xcworkspace' -scheme TheDodo -configuration "App Store" -sdk 'iphoneos' -archivePath /tmp/TheDodo.xcarchive -derivedDataPath /tmp/ROJECT.Ji9vwyH0 APPLICATION_BUILD_VERSION=2456 archive
/usr/bin/xcodebuild -exportArchive -exportFormat ipa -archivePath /tmp/TheDodo.xcarchive -exportPath /tmp/TheDodo.ipa -exportWithOriginalSigningIdentity
Any suggestion / help is very appreciated. Thanks in advance.

Answering this in case anyone else is stuck in the same boat.
With Xcode 7.0 the xcodebuild acquired a new command line option to export archive namely the exportOptionsPlist , this takes a full path to a plist that configures the archive.
You no longer need to set the -exportFormat
xcodebuild --help lists the details of the plist.
For enterprise builds I use this plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>method</key>
<string>enterprise</string>
</dict>
</plist>
For App Store builds replace replace enterprise with app-store.

tell xcodebuild the name of the provisioning profile to use instead of having it 'auto-search' it:
xcodebuild -exportArchive -exportFormat ipa -archivePath "FOLD/FILE.xcarchive" -exportPath "FOLD/FILE.ipa" -exportProvisioningProfile "NAME" > /dev/null || exit 1

Related

unsigned xcarchive aps environment missing

I want to share unsigned xcarchive. To make unsigned xcarchive. I set Provisional profile and Signing Certificate as None.
I have crated Xcarchive with below commands one by one.
xcodebuild -scheme xxxx -workspace xxx.xcworkspace -configuration Release clean archive -archivePath "/Users/exxx/Desktop/PROD/xxx.xcarchive" CODE_SIGN_ENTITLEMENTS=/Users/exxx/Desktop/PROD/Cert/entitlements.plist CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO
& without passing CODE_SIGN_ENTITLEMENTS
xcodebuild -scheme xxxx -workspace xxx.xcworkspace -configuration Release clean archive -archivePath "/Users/exxx/Desktop/PROD/xxx.xcarchive" CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO
when I upload that archive with Organizer then at final check it shows Entitlement summary where 'aps-environemt' key always missing. I have attached screen shot for reference. Both builds having same issue.
I also tried the same exported archive to codesign with entitlement but that also don't work. (With below command)
codesign --entitlements /Users/xxx/Desktop/PROD/Cert/xxx.entitlements -f -s xxx /Users/xxx/Desktop/PROD/xxx.xcarchive
When My upload completed then getting an email from apple as,
Your app appears to register with the Apple Push Notification service, but the app signature's entitlements do not include the 'aps-environment' entitlement...
To add APS entitlement to your xcarchive you should sign your .app file with entitlements.plist that has aps-environment key (and other needed keys) e.g.:
entitlements.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>aps-environment</key>
<string>development</string>
</dict>
</plist>
Next sign embedded frameworks and your app file with the entitlements:
$ codesign -f -s "<codesiging identity>" -v /foo.xcarchive/Products/Application/foo.app/Frameworks/*
$ codesign -f -s "<codesiging identity>" --entitlements /pathToEntitlements/entitlements.plist /foo.xcarchive/Products/Application/foo.app
To get available codesign identities run next command:
security find-identity -vp codesigning

Missing Provisioning Profile error when archiving using xcodebuild

to automate my app build process, I am trying to build my iOS app via command line
Build command
xcodebuild archive -project sample.xcodeproj -scheme "sample" -archivePath $PWD/archive/sample.xcarchive -destination generic/platform=iOS -UseModernBuildSystem=NO
Export Command
xcodebuild -exportArchive -archivePath $PWD/archive/sample.xcarchive -exportOptionsPlist ./ExportOptions.plist -exportPath $PWD/build -UseModernBuildSystem=NO
Following is the error
Error Domain=IDEProvisioningErrorDomain Code=9 ""sample.app" requires a provisioning profile." UserInfo={IDEDistributionIssueSeverity=3, NSLocalizedDescription="sample.app" requires a provisioning profile., NSLocalizedRecoverySuggestion=Add a profile to the "provisioningProfiles" dictionary in your Export Options property list.}
Please note that the archive from Xcode works fine.
And the Info.plist file from archive folder archive/sample.xcarchive/Info.plist does not contain provisioning profiles dictionary.
As per other suggestions on google and StackOverflow, I have tried the following
Changed build settings to Legacy build
Removed Provisioning profiles folder from ~/Library/MobileDevice
Upgraded Xcode to latest (currently 11.4)
created a softling of ~/Library/MobileDevice in /Library/MobileDevice
Recreated provisioning profile in developer account.
Could anyone help me get over this issue?
What has finally worked is to remove wildcard while mentioning the App id in the exportOptions.plist file.
<?xml version="1.0" encoding="UTF-8"?>
<dict>
<key>provisioningProfiles</key>
<dict>
<key>APP_ID_WITHOUT_WILDCARD_CHAR</key>
<string>PROVISIOING_PROFILE_NAME_AS_SEEN_BY_XCODE</string>
</dict>
<key>method</key>
<string>app-store</string>
<key>signingCertificate</key>
<string>iPhone Distribution</string>
<key>signingStyle</key>
<string>manual</string>
<key>stripSwiftSymbols</key>
<true/>
<key>teamID</key>
<string>TEAM_ID</string>
<key>uploadSymbols</key>
<true/>
</dict>
</plist>
I got the same error after upgrading to XCode 11.3. It's related to new Apple Development and Apple Distribution certificate types.
Edit provisioning profile and select use in Xcode 11.
Use this new provisioning profile to fix this error.

Xcode 9.2 Archive Succeed but unable to Export IPA

I am trying to continuous integrate for an Enterprise IOS Build for AdhocProd. Using below command for Build and Archive .
Build Command:
/usr/bin/xcodebuild -workspace "Project.xcworkspace" -scheme
"ProjectiOSPROD" -archivePath build/ProjectiOS -configuration Release
archive CODE_SIGN_STYLE=Manual
PROVISIONING_PROFILE=”CompanyNameProdAdhocDistribution”
CODE_SIGNING_IDENTITY="iPhone Developer: Build Machine(XXXXXX)"
PRODUCT_BUNDLE_IDENTIFIER="com.Companyname.prod.ProjectiOS"
OUTPUT:
** ARCHIVE SUCCEEDED **
Export Command:
/usr/bin/xcodebuild -exportArchive -archivePath "build/ProjectiOS.xcarchive" -exportPath "build/ProjectiOS.ipa" -exportOptionsPlist"../../ExportOptions.plist"
This Plist is ExportOptions.Plist taken from the xcode IDE. and using it for jenkins work space
Output:
error: exportArchive: SDWebImage.framework does not support provisioning profiles.
Error Domain=IDEProvisioningErrorDomain Code=10 "SDWebImage.framework does not support provisioning profiles." UserInfo={NSLocalizedDescription=SDWebImage.framework does not support provisioning profiles., NSLocalizedRecoverySuggestion=SDWebImage.framework does not support provisioning profiles, but provisioning profile CompanyNameProdAdhocDistribution has been manually specified. Remove this item from the "provisioningProfiles" dictionary in your Export Options property list.}
error: exportArchive: Stripe.framework does not support provisioning profiles.
Error Domain=IDEProvisioningErrorDomain Code=10 "Stripe.framework does not support provisioning profiles." UserInfo={NSLocalizedDescription=Stripe.framework does not support provisioning profiles., NSLocalizedRecoverySuggestion=Stripe.framework does not support provisioning profiles, but provisioning profile CompanyNameProdAdhocDistribution has been manually specified. Remove this item from the "provisioningProfiles" dictionary in your Export Options property list.}
provisioningProfiles dictionary is already present in Property list. If i removed this it says add this to Property list.
Any Suggestions would be greatly Appreciated.
You have to generate and export the IPA manually with Xcode9.2. This will create a file name ExportOptions.plist in the exported folder.
Copy that file to workspace root folder.
Write below command in Execute shell.
xcodebuild -exportArchive -archivePath ${WORKSPACE}/build/YourProject.xcarchive -exportPath ${JENKINS_HOME}/jobs/${JOB_NAME}/builds/${BUILD_NUMBER}/archive -exportOptionsPlist ${WORKSPACE}/ExportOptions.plist

How to sign an ad-hoc iOS build without beta-reports-active entitlement?

I'm trying do an ad-hoc distribution of an app, I'm building it succesfully but getting the next error when trying to install it though iTunes:
MIS: entitlement 'beta-reports-active' has value not permitted by provisioning profile 'name_of_prov_file'
The beta-reports-active field is not set in the ad-hoc provisioning file, which is fine, but for some reason this entitlement is being added to the app in the embedded.mobileprovision file within the IPA. I think this is the problem.
I tried specifying a custom entitlements plist with:
<dict>
<key>application-identifier</key>
<string>xxxxxxxx</string>
<key>beta-reports-active</key>
<false/>
</dict>
This is showing up in the IPA in the archived-expanded-entitlements.xcent file. But the embedded.mobileprovision file still has it set to true.
I'm using these export options:
<key>method</key>
<string>ad-hoc</string>
<key>uploadSymbols</key>
<true/>
<key>teamID</key>
<string>xxxxxxxxxxxx</string>
<key>compileBitcode</key>
<false/>
And these commands:
xcodebuild -alltargets -configuration Release clean build archive -archivePath $PWD/build/archive.xcarchive -scheme projectname -sdk iphoneos9.3 "CODE_SIGN_IDENTITY=${CODE_SIGN_IDENTITY}" "CODE_SIGN_ENTITLEMENTS=entitlements.plist"
xcodebuild -exportArchive -archivePath $PWD/build/archive.xcarchive -exportPath $PWD/build/ -exportOptionsPlist exportOptions.plist
It's a Cordova application so it's not being developed with XCode and this is a Jenkins automated build.
Note: I can successfully do an app-store build for test flight, this is not what this questions is about.

Errors converting xcarchive to IPA - single-bundle archive + missing plist method values

I'm trying to convert my xcarchive to an IPA (XCode 7.1.1). The following command
xcodebuild
-exportArchive -archivePath foo.xcarchive -exportPath . -exportFormat IPA
Fails with the error
the archive at path 'foo.xcarchive' is not a single-bundle archive
Since the above command is technically deprecated, I also tried the new form:
xcodebuild
-exportArchive -archivePath foo.xcarchive -exportPath .
-exportOptionsPlist ipa.plist
Where the ipa.plist is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>method</key>
<string>app-store</string>
</dict>
</plist>
Which then resulted in the error:
error: exportArchive: exportOptionsPlist error for key 'method':
expected one of {}, but found app-store
Now, trying to debug this I opened the xcarchive folder and inspected its structure. I noticed that I have a folder on the same level as Products\Applications\foo.app so I deleted it and tried again to no avail (same results). I then proceeded to delete files from within foo.app until I remained with nothing but the DWARF binary - still no cigar (same result), though that could have been due to the fact that I messed up the app signature by deleting files manually.
Apple got back to me with a solution. As of Xcode 7 we should use xcodebuild instead of PackageApplication to produce the .ipa file.
xcodebuild has a new -exportArchive option to create an .ipa that works more like Xcode Organizer.
So we should now:
build an archive with xcodebuild archive
create the .ipa with xcodebuild -exportArchive
We now build the archive like this:
xcodebuild -workspace myApp.xcworkspace -scheme myApp -sdk iphoneos -configuration AppStoreDistribution archive -archivePath $PWD/build/myApp.xcarchive
We now export the .ipa like this:
xcodebuild -exportArchive -archivePath $PWD/build/myApp.xcarchive -exportOptionsPlist exportOptions.plist -exportPath $PWD/build
These two command create the files build/myApp.xcarchive and build/myApp.ipa
Note that xcodebuild -exportArchive requires a -exportOptionsPlist argument that points to a .plist file with export options. For a complete list of what you can put in that plist, run xcodebuild -help. The minimal contents of the file looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>method</key>
<string>app-store</string>
<key>teamID</key>
<string>YOUR_TEN_CHARACTER_TEAM_ID</string>
</dict>
</plist>
Since the way you are creating an IPA is deprecated, you should do the following instead:
xcodebuild -scheme "Foo" -configuration Release clean build CODE_SIGN_IDENTITY="iPhone Distribution: Foo Corporation" -derivedDataPath "/path/to/some/folder/"
xcrun -sdk iphoneos PackageApplication "/path/to/some/folder/Build/Products/Release-iphoneos/foo.app" -o "/path/to/some/folder/foo.ipa"
Make sure you replace "Foo" with your schema name, and "iPhone Distribution: Foo Corporation" with your signing identity. And "/path/to/some/folder/" should be some build folder.
I got some similar strange errors from XCode 7.2 when building for the simulator on the command line. You could try to either add -sdk iphoneos to your xcodebuild command (in order to skip simulator builds), or add something like -destination 'platform=iOS Simulator,name=iPhone 6,OS=latest' if you're building for the simulator.
Try using absolute paths as parameters to xcodebuild options rather than relative paths.
So something like this:
xcodebuild -exportArchive -archivePath "$PWD/foo.xcarchive" \
-exportPath "$PWD" -exportOptionsPlist "$PWD/ipa.plist"
As long as your .xcarchive is intact and signed correctly, that should work. This is what I'm using in my build system.
I recently switched to using the fastlane gym tool to build and create ipa files... I had a problem where one command line worked for making ad-hoc builds and I needed a different config to make app store builds and couldn't resolve it. The fastlane stuff pretty much worked out of the box.
https://github.com/fastlane/gym
The problem was that one of our post-build steps left a stray folder in the TARGET_BUILD_DIR. This caused the generated xcarchive to be formatted as the dreaded generic archive. My attempts to delete the folder after the fact from the xcarchive itself were doomed to fail since the xcarchive has been flagged generic at the moment of its creation (as evidenced by some missing Info.plist fields). Once I made sure TARGET_BUILD_DIR contained only the .app after all the build phases were said and done, the generated xcarchive was formatted properly as an iOS app archive. That xcarchive, in turn, was easily exported to a proper IPA via xcodebuild -exportArchive -exportPlistOptions, which is the officially supported Apple recommendation that takes care of all the problematic SWIFT support folders and the like.
The archive at path foo.xcarchive is not a single-bundle archive.
About this error:
check edit scheme -> Build
untick other targets, including Analyze, Test, Run, Profile, Archive
xcodebuild the archive
export the archive again

Resources