Hello,
I am attempting to use Xcode Cloud to build my application (specifically running the 'xcode archive' command); however, have been running into an issue relating to certificate signing. All the questions/documentation surrounding this issue seem to be related to local builds.
For the project, I'm using automatic signing with my org as the 'Team' without a Provisioning Profile. I have 'Apple Development' set as the 'Code Signing Identity' with 'Code Signing Style' set to 'Automatic'.
The error I'm getting:
No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "<TEAM_ID>" with a private key was found. (in target '<PROJECT_NAME>' from project '<PROJECT_NAME>')
Any would would be greatly appreciated.
Thanks!
Certificates, Identifiers & Profiles
RSS for tagDiscuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.
Post
Replies
Boosts
Views
Activity
Hello,
I have been running into this issue with locating the java runtime I am installing with brew while attempting to run a gradle command. Has anyone found any issues relating to this? If I can't use a java runtime I won't be able to use Xcode Cloud entirely is seems.
Thanks
I have a pipeline to build my company's ionic cordova app to an produce IPA file. The xcode archive step just started failing on the following errors.
/Users/runner/work/1/s/platforms/ios/xxxxx.xcodeproj: error: Provisioning profile "Aaron_Dev_2" has platforms "watchOS and iOS", which does not match the current platform "macOS". (in target 'xxxxx' from project 'xxxxx')
/Users/runner/work/1/s/platforms/ios/xxxxx.xcodeproj: error: Provisioning profile "Aaron_Dev_2" doesn't include the com.apple.security.get-task-allow entitlement. Profile qualification is using entitlement definitions that may be out of date. Connect to network to update. (in target 'xxxxx' from project 'xxxxx')
/Users/runner/work/1/s/platforms/ios/xxxxx.xcodeproj: error: Provisioning profile "Aaron_Dev_2" doesn't include the currently selected device "Mac-1689862983816.local" (identifier 4203018E-580F-C1B5-9525-B745CECA79EB). (in target 'xxxxx' from project 'xxxxx')
The script being ran is
xcodebuild -workspace ./platforms/ios/SSEAirtricity.xcworkspace -scheme SSEAirtricity archive -archivePath $(Build.SourcesDirectory)/output/SSEAirtricity.xcarchive
And is run in Azure pipelines using a macOS pool.
I have created new profiles and certificates but they always give the same error.
Nothing has changed with the profiles to cause the pipeline to suddenly fail so I'm wondering if it could be something to do with the Xcode version, although the same version was being used when the pipeline last ran successfully, 14.2.
I have read here of a similar error to my second error that can be rsolved by using manual signing but I don't know how to change it from automatic to manual. https://developer.apple.com/forums/thread/733011
I have also checked the entitlements on the profile and get-task-allow is included.
Any suggestions would be most welcome.
Thanks,
Aaron
My company has an Azure pipeline to build our ionc cordova application and produce an IPA file.
The Xcode archive step has suddenly started failing with the following errors.
/Users/runner/work/1/s/platforms/ios/xxxxx.xcodeproj: error: Provisioning profile "Aaron_Dev_2" has platforms "watchOS and iOS", which does not match the current platform "macOS". (in target 'xxxxx' from project 'xxxxx')
/Users/runner/work/1/s/platforms/ios/xxxxx.xcodeproj: error: Provisioning profile "Aaron_Dev_2" doesn't include the com.apple.security.get-task-allow entitlement. Profile qualification is using entitlement definitions that may be out of date. Connect to network to update. (in target 'xxxxx' from project 'xxxxx')
/Users/runner/work/1/s/platforms/ios/xxxxx.xcodeproj: error: Provisioning profile "Aaron_Dev_2" doesn't include the currently selected device "Mac-1689862983816.local" (identifier 4203018E-580F-C1B5-9525-B745CECA79EB). (in target 'xxxxx' from project 'xxxxx')
The script being run is:
xcodebuild -workspace ./platforms/ios/xxxxx.xcworkspace -scheme xxxxx archive -archivePath $(Build.SourcesDirectory)/output/xxxxx.xcarchive
And is being run in Azure pipeline using a macOS pool.
I have seen a post with a similar error to my second error saying to change the signing from manual to automatic but I'm not sure how to do that.
I have also checked the entitlements on the provisioning profile and it does include get-task-allow.
Nothing has changed with the profile since it started failing and the version of Xcode being used in the build is the same as when the pipeline was running successfully.
Any suggestions would be appreciated.
Thanks,
Aaron
We changed from Enterprise to a regular developer account and understood our existing apps in the wild signed under the Enterprise account would be fine. However as of this morning it seems those certificates were revoked and attempts to launch are informing users that the application will harm their computer. Can this be undone so they work and avoid thousands of people needing to get a new dmg and re-install??
While trying to create a new Distribution (iOS) certificate after the old one expired I came across the situation that we do not have the root certificate that was originally created. It was created on a mac of an employee that no longer works for us and which is not cooperative anymore. Is there any way around this, or to create a new root certificate that enables us to create trusted certificates to release updates for our app?
I'm new to this whole certificate workflow so I'd be very thankful for any input that lets us progress.
Best Regards,
Hans
Hi to all,
a few years ago I worked with PhoneGap developing apps. As for then I did all the deploys so never got the need to have the answer to my current issue.
The problem is.. we have a 3rd party company developing us a Flutter App and we want for some of our company's members to test it by being them to deploy using our certificates so the tests can be done. However generating the development certificate always makes it's name to be the same that belongs to the account that generated it.
I believe it would work but how could I make it more manageable by setting it's name as the 3rd party company's name (let's say company's name is "XPTO")?
Is there a better way to accomplish this, deploying to testflight so our colleges can test it?
We have a Jenkins job that runs a script on a Mac to create our installers.
This was working last week.
Today, it's failing with:
`"Apple Development: John Lussmyer (xxxxxxxxx)" (CSSMERR_TP_CERT_EXPIRED)
The other identities used for the build work. So far, I've been unable to find anything in my Account that indicates something has expired.
Can anyone tell me how to get this fixed?
Hi,
I was about to delete the expired provisioning profiles, meaning the ones where it said "Expired" in the last column. Now I see there are some more where the expiration date is clearly in the past, but they don't show as expired. Any idea why that is?
Kind regards
Thomas
The certificate used in the app published earlier is showing as invalid or not considering in the provisioning profile now.So please help us how to resolve this issue with same certificate to publish an update for the app.
Xcode Cloud always exports archive using ad-hoc, development and app-store profiles. This uses up 5-6 more minutes always for my app. How to disable and allow export only in single distribution profile
Hi,
I'm trying to sign and app which is a python compiled exe for Mac OS (one file only).
The app runs perfectly on my own mac (or some else's, but only after being admin authorized)
after running
codesign --sign "$devID" $file2sign
I got the following error:
Warning: unable to build chain to self-signed root for signer "Apple Development:..."
errSecInternalComponent
As per screenshot, I have both a current Dev cert and the intermediate certs installed.
Any help will be highly appreciated!
Hi,
I'm trying to sign an App (original python compiled for MAC) and the codesign process is failing with error:
The command from terminal that produced the error was:
codesign --sign "$devID" $file2sign
Warning: unable to build chain to self-signed root for signer "Apple Development: ..."
errSecInternalComponent
I have both a dev certificate (current, just downloaded a couple of days ago) and the intermediate certificates.
When I run the command
security find-identity -v -p codesigning
I can perfectly see my dev cert, but only listed as "valid identities" nothing is listed as "matching identities"
Any help will be highly appreciated!
Failed to build iOS app
Error (Xcode): No profiles for 'com.jurabek7788.sos' were found: Xcode couldn't find any iOS App Development provisioning profiles matching
'com.jurabek7788.sos'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to
xcodebuild.
/Users/user/Desktop/SOS%20flutter%20/set_of_service_app/ios/Runner.xcodeproj
It appears that there was a problem signing your application prior to installation on the device.
Verify that the Bundle Identifier in your project is your signing id in Xcode
open ios/Runner.xcworkspace
Also try selecting 'Product > Build' to fix the problem.
Encountered error while building for device.
this is my error coming when i build ios app. And main problem is already did all the things
Behavior:
I was recently having issues with errSecInternalComponent during codesign when using sudo su but NOT when logged into the non administrator account. Which appears to be due to the intermediate certificate not being in the admin user's keychain.
Workaround:
Add intermediate certificate (in my case the Apple Worldwide Developer Relations Certification Authority (G3) available here) to the Admin (who is running sudo su) user's keychain.
Why this is unexpected:
security find-identity -p codesigning indicates the identity is valid, but codesign fails with Warning: unable to build chain to self-signed root for signer and errSecInternalComponent. This behavior also seems to imply that while using codesign and sudo su, we are using the switched user (myuser)'s keychain for the signing identity, but the admin user's keychain for intermediate certificates.
Setup:
Admin user (referred to as admin)
Regular user (referred to as myuser)
For resting purposes do cp /usr/bin/true /Users/myuser/MyTrue
Steps to reproduce:
Login to the computer via Mac OS GUI as myuser
Install developer certificate and intermediates as myuser such that myuser's keychain has the development certificate and apple WWDR certificate
Verify that development certificate is valid and can codesign
myuser@mymachine % security find-identity -p codesigning
Policy: Code Signing
Matching identities
1) <REDACTED> "Apple Development: My User (<REDACTED>)"
1 identity found
Valid identities only
1) <REDACTED> "Apple Development: My User (<REDACTED>)"
1 valid identity found
Verify that signing works
myuser@mymachine % codesign -s "Apple Development" -f ~/MyTrue
/Users/myuser/MyTrue: replacing existing signature
Login to computer via Mac OS GUI as admin
As admin verify your login keychain does NOT contain the Apple Development identity or any intermediate WWDR certificates (delete them if present).
Use sudo su myuser to switch to myuser while in the admin GUI account.
admin@mymachine % sudo su myuser
myuser@mymachine %
Verify that development certificate is valid and can codesign after switching
myuser@mymachine % security find-identity -p codesigning
Policy: Code Signing
Matching identities
1) <REDACTED> "Apple Development: My User (<REDACTED>)"
1 identity found
Valid identities only
1) <REDACTED> "Apple Development: My User (<REDACTED>)"
1 valid identity found
Verify that codesigning fails
myuser@mymachine % codesign -s "Apple Development" -f ~/MyTrue
Warning: unable to build chain to self-signed root for signer: <REDACTED> "Apple Development: My User"
/Users/myuser/MyTrue: errSecInternalComponent
Verify that after installing the WWDR G3 intermediate in the admin user's keychain, signing works as expected.
myuser@mymachine % codesign -s "Apple Development" -f ~/MyTrue
/Users/myuser/MyTrue: replacing existing signature
Hi..
I have created the free apple developer account for the purpose of learning the iOS development. In my Mac book air M2 two certificates (APPLE DEVELOPMENT CERTIFICATES) were created by the XCODE automatically these certificates have an expiry of 1 year from the date of creation.
Kindly tell me what will happen after these certificates are expired, will I be able to create new certificates with my free developer account ?
Will XCODE will be able to create new certificates in the same way after these certificates are expired ?
Or, the existing certificates need to be renewed again ?
I request you to please clarify these points as per the entitlements of my free developer account.
Also tell what is the maximum number of certificates which can be created by XCODE ?
I tried to search on internet but could not find any source which can clear these queries.
Regards
I looked at other posts with this problem and didn't find anything that worked.
I used Keychain Access and Certificate Assistant to create a CSR; I uploaded that on the portal. Downloaded the certificate, and I get that error whenever I try to import it. I can import it into the System one, but then it's untrusted, and I still can't export it as a p12 file.
This is one of the few times I did everything by reading the documentation as I did it, so I'm very confused.
Hi, how to re-sign an open ipa file with my developer account and install to my device for testing.
Thanks
If I make a certsigningrequest to get a certificate in the developer account, it is not uploaded , i uploaded it but does not appeared it , can you help me ?
Dear Sirs,
I've written a Swift App, a C++ application and a Driver Extension using DriverKit and AudioDriverKit. As it works on my development machine now I'd like to give it to some other users and so I'm trying to make a Release Build. I've created a Signing Certificate for "Apple Distribution" which I can use for my Swift App and the C++ application which also both use "com.apple.developer.driverkit.userclient-access". I've been given this entitlement and the "Distribution Support" is for "Development, Ad hoc, App Store, Developer ID". For my Driver Extension I'm using the entitlements "com.apple.developer.driverkit" and "com.apple.developer.driverkit.family.audio" which I've also been given and which show the identical "Distribution Support". But when I try to use my Signing Certificate XCode refuses to use the provisioning profile for the Dext and says "Xcode 14 and later requires a DriverKit development profile enabled for iOS and macOS. Visit the developer website to create or download a DriverKit profile." On the other hand I have to use the same Signing Certificate for my Swift App that embeds the Dext and the Dext itself. How can I create a Signing Certificate for Release mode that works for both, the Swift App and the Dext?
Thanks and best regards,
Johannes