This article provides some context on how to troubleshoot iOS code signing issues.
- What is Code Signing?
- How do I set up code signing?
- Code Signing in Package Builds
- Identifying Code Signing Issues
- Common Errors and Troubleshooting Steps
Mobile apps use code signing as a security measure to ensure that apps are created and released from trusted sources. From the Apple website:
Code signing your (iOS) app assures users that it is from a known source and the app hasn’t been modified since it was last signed. Before your app can integrate app services, be installed on a device, or be submitted to the App Store, it must be signed with a certificate issued by Apple.
Android apps also make use of code signing, but only for Play Store builds. You can read more about Android code signing on their website.
You will need a paid Apple Developer account to code sign your application. You can set up code signing for your application by following our documentation here.
You will also need to set up a Security Profile in Ionic Pro.
Our build process makes use of Fastlane, which automatically handles the process of checking your code signing credentials against your builds.
The code signing checks occur after your app is successfully compiled and built within Fastlane. Fastlane then checks if the code signing credentials are correct.
This step appears after the compilation of your app files, towards the bottom of the build log:
[15:47:22]: ▸ Compiling AppDelegate.m [15:47:22]: ▸ Compiling MainViewController.m [15:47:22]: ▸ Compiling CDVDevice.m [15:47:23]: ▸ Compiling CDVSplashScreen.m [15:47:23]: ▸ Compiling CDVViewController+SplashScreen.m ... [15:47:29]: ▸ Signing /Users/ionic/Library/XXX/... ... [15:47:29]: ▸ Archive Succeeded
Code signing problems can easily be identified by searching for the following strings in your build log:
** ARCHIVE FAILED **
... [18:45:13]: ▸ Check dependencies
... [18:45:13]: ▸ Code Signing Error: <error text>
Provisioning profile <profile> has app ID "io.ionic.starter", which does not match the bundle ID "com.mydomain.myapp".
Root Cause & Solution:
Refer to this article for the cause and solution.
Provisioning profile "ProfileName" doesn't include the XXX-XXX entitlement.
If you want your app to have certain capabilities (or "entitlements") - such as push notifications or universal links - you need to enable those capabilities. Some capabilities (for example, App Sandbox entitlements) are set in your Xcode project and are applied to the signature. Other entitlements are enabled for an App ID in the Apple Developer portal and contained as part of the provisioning profile.
Apple explains how to troubleshoot these issues in their documentation.
- For push notifications, most plugins will either include the capabilities as part of the plugin installation process or outline how to enable the capability in their documentation. Please refer to the docs for your notification plugin for specific setup instructions.
- Other entitlements, like universal links, may require you to modify your config.xml file. Please refer to the Cordova documentation for potential options.
No certificate matching 'X: FirstName LastName (TeamID)' found:
Select a different signing certificate for (Identity), a team that matches your selected certificate,
or switch to automatic provisioning.
The most likely issue is that your code signing identity contains a unicode character (for example, if your proper name contains one - such as Bryant Plåno).
You will need to modify your Apple Developer credentials to use a non-unicode name if possible.
No code signing identities found:
No valid signing identities (i.e. certificate and private key pair) were found.
Due to changes in the Package UI, this error should be quite rare. Previously, it could occur when a user chose a Development build for a Production (App Store) security profile or vice-versa. If you see this error, please contact Support.
Couldn't find specified scheme 'name'.
Root Cause & Solution:
See this article for more information, including potential workarounds.
Signing certificate is invalid.
The signing certificate used for the build has most likely been revoked in the Apple Developer portal or has expired.
Generate a new set of signing credentials and a new Security Profile - see our documentation.