I want correctly understand the Code Signing Identity setting: I want to use the automatic setting in Xcode and not specify a specific identity. The automatic setting has 2 choices: iOS Developer and iOS Distribution. Based on which one you use, it's supposed to switch to choose a developer or a distribution signing identity from your keychain.
I have my build settings configured as follow, in order to use an "iOS Distribution" identity on build:
When I Archive my app (the Archive scheme is correctly set to use the Release build configuration), I see that Xcode is not using the correct code signing identity:
Anyone would know why this is the case? I'm looking for an explanation and not a workaround solution (I know I can work around the problem by directly setting the Code Signing Identity to my iPhone Distribution: Company Name identity from the keychain)
Thanks!
So interestingly this doesn't actually matter in the latest Xcode as long as the profile you are eventually going to sign with is for the same bundle identifier as the one its signing with now...
As long as the team setting is set Xcode is capable of generating the profile you need automatically. Don't try to fight it.
Here is the Team setting from the Target's General settings screen:
Then when you archive Xcode puts the archive in the organiser. When you click distribute on the archive in the organiser window it prompts you to select a new signing identity and actually re-signs the app.
It actually works to sign apps with the team provisioning profiles generated by Xcode. You also don't need to make an ad-hoc specific provisioning profile as your testers can now install apps signed using the development provisioning profiles with no issues. The only time you will need to make your own provisioning profile is if you are using any of the concrete bundle id features like push notifications, game centre, data protection, iCloud, inter-app audio, passbook, keychain access groups or in-app purchase.
If you make your own provisioning profiles for specific bundle ids then Xcode will either automatically select, or have available for selection, the relevant provisioning profile at the point of choosing the identity in the organiser window.
You can refresh Xcode's cache of provisioning profiles from the Accounts pane of Xcode's settings. Click on your team, Click "View Details" and then click the tiny refresh button in the bottom left corner
Related
In my Xcode 9 project I have the Automatically manage signing checked. I want to sign the application with the iOS distribution certificate. For some reasons, when I was creating the certificate I entered the name and email of another person. In the keychain Access I can see the public and private keys with the name of that person and under the private one, the iPhone distribution certificate. The problem is that in Xcode when I select the Team, I'm only getting the iPhone developer signing certificate and not the the distribution one. But from the Build Setting I can see the iPhone distribution in the select list of the Code Signing Identity. Once I select it, Xcode detect a conflict of the provisioning profile (because I change it manually and the Automatically manage signing is checked). I tried the solution of check then uncheck it and select the team but the problem is still here.
Make sure your Scheme under the Left top corner of App name Dropdown-->Edit Scheme is enabled to Release and not Debug for Archive and Testing also so automatically your Distribution is selected.
When you use the Automatic provisioning by default you are getting two profiles generated in Xocde One when you connect the device it used Dev Profile for debugging, but when you archive the build it autogenerates Distribution profile. If you have enterprise account, I would recommend having a universal distribution profile created and not Adhoc as it will always have to be updated with new Device ID added to be regenerated and recompiled the old app.
you just uncheck "Automatically signing" option. Once you uncheck only profile selection option will be enabled. Select distribution profiles as shown in image.
I am about to submit my iOS app on iTunes connect but after hearing about multiple rejections from Apple I want to make things properly.
The only thing I am not sure about is the Code Signing part in the Build Settings of the target.
Up until now I had left the default configuration but I changed the provisioning profile to my distribution provisioning profile (that is, the provisioning profile which has the production certificate) because it seems kind of logical. But I am now wondering if I should have left the default settings. Could you tell me if what I've done is correct?
When you create an archive to submit to the store, the app will be built using the Release configuration (Top left of xCode, click on the Scheme dropdown (next to the stop button) and you choose edit scheme to see how an archive uses release)
So in Build Settings/Code Signing you will see that you can specify a different profile for Debug and Release under Code Signing Entitlements.
For debug, this to your Developer Profile, for release set this to the Distribution Profile.
If you are building the app for a development built it will use the developer profile while an archive for the store will sign with the distribution - and you won't need to keep switching back and forth.
What's the meaning of the Automatic code signing identity in Xcode 5 under the build settings tab? When I pick iOS Developer, both Debug and Release use it. What should I use? Will I be able to distribute app with the iPhone Developer identity for relase?
My provisioning profiles (the setting under) are correctly set (Debug use Team provisioning profile and Release use my ad-hoc profile), what's different between the code signing identity setting and the provisioning profile one?
Here's some screenshots of what I'm talking about:
Also, When I put Automatic to both Debug and Release, it marks it as Don't code sign, why?
Edit:
Is iPhone Developer also valid for release? should I select Automatic/iPhone Distribution?
As you can see, i'm pretty confuse about all the settings Xcode propose with code signing identity, so any clarification about each one is welcomed, thanks!
The automatic setting should automatically use the correct certificate to sign your app with based on the provisioning profile set in the bottom option in the Code Signing section. You can explicitly set both the Code Signing Identity as well as the Provisioning Profile, or set the Code Signing Identity to Automatic. If you select Automatic, Xcode will automatically use the certificate associated with the provisioning profile.
For example, if the Debug provisioning profile is a development profile, and the Release provisioning profile is set to an ad hoc profile, when you Build and Run (which typically uses the Debug configuration), Xcode will sign your app with the Development certificate associated with the development profile. If you Archive your application (which typically uses the Release configuration), Xcode will sign your app with the Distribution certificate associated with the Ad Hoc profile.
Basically, it's just a way to let Xcode decide which certificate should be used based on the Provisioning Profile.
The last line in the "Setting the Code Signing Identity Build Setting" section here alludes to this but isn't overly explicit.
Set the Provisioning Profile build setting to your development profile
and the Code Signing Identity build setting to your development
certificate.
The main idea behind Code Signing is to certify that an app was created by you and easily detect any changes in your app. So, after you choose a Provisioning Profile, Xcode automatically sets the Code Signing Identity build setting to “iPhone Developer” for iOS apps. It just works fine, your app is code signed the next time you build it.
This thread answers your specific question with screenshots.
Apple documentation also suggests that -
If necessary, from the Code Signing Identity pop-up menu, choose your
development certificate.
For iOS apps, choose the certificate in the provisioning profile menu
item that begins with the text “iPhone Developer:” followed by your
name.
About Automatic Profile Selector, this is what Apple documentation says -
Your Provisioning Profile or Signing Identity Doesn’t Appear in Xcode
Menus Occasionally, your provisioning profile or signing identity
doesn’t appear in a Provisioning Profile or Signing Identity pop-up
menu when distributing your app using the Devices organizer or when
setting the Code Signing Identity build setting in the project editor.
When this occurs, refresh provisioning profiles in Xcode, as described
in “Refreshing Provisioning Profiles in Xcode.”
If your provisioning profile still doesn’t appear in the Code Signing
Identity build setting menu, choose Don’t Code Sign or a certificate
under Automatic Profile Selector from the Code Signing Identity menu.
The next time you choose the Code Signing Identity menu, your
provisioning profile should appear in the menu.
Here are the steps I have taken to get where I am now:
Created two certificates in the developer center for APNs development and production (both tied to the App ID I am using with push notifications enabled)
Downloaded and installed the certificates into Keychain Access.
Created provisioning profiles in developer center for production and development (both pointing to the appropriate App ID)
In XCode, under Preferences > Accounts > View Details - I refresh and get the provisioning profiles. It lists two signing identities (development and distribution but not sure if these are correct).
Under Build Settings I have the appropriate provisioning profile selected but...
There are NO code signing identities available, except "iPhone Developer"
So my question is, how can I get the right code signing identities listed here so I may publish my app? The app currently working fine in the app store, but I want to switch from a Phonegap build (what I currently have published) to an Xcode build.
Any help is GREATLY APPRECIATED! Thanks!
It sounds like you are doing everything correct until you hit step 5. Since provisioning profile are under signing identities, my guess is that since you choose the provisioning profile first it's messing something up.
Try resetting your Provisioning Profile to "None". Then select your Code Signing Identity.
Under Target -> General Are you selecting the correct "Team"? Without the correct team, your code signing will not be found.
Please make sure that the Code Signing Identifier under the Build settings for both the Project and Target MUST be the same.
If still can not work, then I think you can clean up the project, close down your XCode project and then reopen. Sometimes it solves the problem this way.
I am working on my first app submission, and at present Xcode's Organizer tab offers "Validate..." and "Distribute..." buttons, but not "Submit..."
When I go to click Validate, it indicates a probable cause: I do not have any (downloaded) signing identities to sign with. I am offered the option to install an identity, but when I select the (one) available identity and click "Choose", Xcode crashes.
Are there any workarounds for this, or things where there might be a wire crossed on my end? Is there a more stable release of Xcode (I'm using 5.0, 5A1413)?
Thanks,
You'll want to go into the iOS Dev Center and create a Distribution provisioning profile. Once that's created and downloaded, it should get rid of the 'No signing identities' issue, which will prevent the crash. (I've had XCode crash there for me as well when I didn't have that set up)
Also, you'll actually never see a 'Submit' button; 'Distribute' does everything you need.
High-level concept:
Xcode 5 has a validation and a distribution button on the Organizer window > Archives Tab. Occasionally when trying to access this area or sometimes when attempting to choose a signing identity or provisioning profile (under Preferences > Accounts) one will encounter an error. These errors are typically related to an invalid date associated with a certificate. The certificate might be associated with the provisioning profile or the signing identity.
To fix this type of error one should try the following:
Login to the Developer Portal
Access your Certificates depending on type of app being submitted
(iOS, Mac, Safari extension)
Make sure that you have a valid distribution certificate (under
Production)
Make sure your App-ID is configured (consider using a wildcard)
Make sure your provisioning profile (distribution) is set and that it is
using a valid certificate
Make sure the expiration dates are correct on each certificate you are using
Download your certificate and provisioning profile to your desktop
(double-click to install)
Make sure you select the correct profile (Build Settings > Search
Profile.. > Edit Provisioning Profile)
Make sure your code signing identity is set to your automatic
distribution for your release code (Build Settings > Search Code
Signing Identity > Edit Release Setting to Automatic - [iOS]
Distribution)
What to do next:
Xcode should pick up the changes at this point so try your validation again (Organizer > Archives)... Assuming you are past validation you can distribute as needed. If any problems at this point open Spotlight > Search for Keychain > Evaluate the Certificates in your Keychain on your development environment to ensure that you have the correct certificates installed. If you have questions or issues beyond this, please consider reviewing the official app distribution guide. If this answer fits your use-case please consider accepting so that other users may find the proper solution.