26

I've created a signed .xcarchive file using the xcodebuild command.

Inside the .xcarchive is a .app file. Inside the .app is a file called archived-expanded-entitlements.xcent. This file is the key to my problem.

I run a different xcodebuild command that creates an .IPA file from the .xcarchive.

Creating the IPA fails because the archived-expanded-entitlements.xcent file is missing. The thing is, xcodebuild is creating a temporary directory where it copies over my .app file, and inside THAT .app file, there is no archived-expanded-entitlements.xcent file.

All the other files are in there except this one.

The commands I run are below:

This creates the xcarchive:

xcodebuild -project diplomat.xcodeproj -scheme schemeName archive -archivePath /Path/To/Archive/name.xcarchive -configuration AppStore CODE_SIGN_IDENTITY="identity" PROVISIONING_PROFILE=provProfile

This creates the IPA:

xcodebuild -exportArchive -exportFormat IPA -archivePath /Path/To/Archive/name.xcarchive -exportPath /Path/To/Archive/name.ipa

Despite specifying the location of the .xcarchive, it creates a temporary directory and doesn't include the important file. Please note, the archived-expanded-entitlements.xcent file is created during the .xcarchive process (the first command that's run) and fails to copy into the temp directory during the second command run.

This is the exact error. Google and StackOverflow have yielded similar errors, but nothing with this actual problem.

Checking original app

     + /usr/bin/codesign --verify -vvvv    /var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-  42128-00007ED35037747A/name.app

Program /usr/bin/codesign returned 1 : 

     [/var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-42128-00007ED35037747A/name.app: a sealed resource is missing or invalid

file missing: 

     /private/var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-42128-00007ED35037747A/name.app/archived-expanded-entitlements.xcent
]

Codesign check fails :

      /var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-42128-00007ED35037747A/name.app: a sealed resource is missing or invalid

file missing: 

      /private/var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-42128-00007ED35037747A/name.app/archived-expanded-entitlements.xcent

Done checking the original app
Jan Rüegg
  • 9,587
  • 8
  • 63
  • 105
user1366911
  • 918
  • 7
  • 20

2 Answers2

25

This is indeed a weird behaviour of xcodebuild, but you can still use the exportArchive command and specify the provisioning profile using exportProvisioningProfile:

xcodebuild -exportArchive -exportFormat IPA \
  -archivePath /Path/To/Archive/name.xcarchive \
  -exportPath /Path/To/Archive/name.ipa \
  -exportProvisioningProfile 'PROVISIONING_PROFILE_NAME'

This will reembed the provisioning profile within the app and you won't actually need to speciify the code signing identity again, because the archive should already be signed during the archive process.

Jason Moore
  • 7,169
  • 1
  • 44
  • 45
Yossi Shmueli
  • 359
  • 4
  • 8
7

My answer would be considered a workaround, but it solved the problem. I do not know why the one file was not being copied over, but I found a way so it wasn't important.

Replace the 2nd xcodebuild command with this, which utilizes xcrun:

/usr/bin/xcrun -sdk iphoneos PackageApplication -v /Path/To/Archive/name.xcarchive/Products/Applications/name.app -o /Path/To/Archive/DiplomatStaples.ipa --sign "identity" - -embed "provProfile"

This creates an IPA using the xcarchive and then re-embeds the identity and the provisioning profile, so even though the same error as above still occurs and is printed out,the "double dip" with the code signing identity and provisioning profile makes it meaningless. I can now install the app on devices.

For inquiring minds: The reason I'm not just using xcrun in the first place is because even if I specify a prov profile and signing identity, xcrun will use the embedded profile and signing identity in the project based on the configuration (Debug, AppStore, Release, etc) that I specify. xcodebuild will actually sign with the certs I provide it.

The goal of this operation was to remove the need for provisioning profile certs that the CI system required from developer machines, enabling testing the "AppStore" configuration to be signed with AdHoc distribution certs, and enabling re-signing of the xcarchive later on with the actual App Store distribution certs.

user1366911
  • 918
  • 7
  • 20
  • 1
    Thankyou! I was using the same commands in my build script and hitting the same issue - this fixed it straight away :) – John Martin Jul 01 '14 at 18:14
  • what makes me unconfortable about this approach is that `xcrun` does not document most of these options in `man xcrun` ... or am I missing something? – fabian789 Oct 08 '14 at 08:55
  • Fun fact: PackageApplication is not actually an application binary but a little perl script hiding in `/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin` :) – fabian789 Oct 08 '14 at 11:54
  • For now the right way will be using -exportOptionsPlist in xcodebuild -exportArchive – Alexey Feb 04 '16 at 16:24