Skip to content

Instantly share code, notes, and snippets.

@KevinKelchen

KevinKelchen/Xcode8AutomaticSigning.md

Last active May 7, 2019 13:04
Show Gist options
  • Star 10 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save KevinKelchen/80e0f4622caa8cbe69c408243643a93a to your computer and use it in GitHub Desktop.
Save KevinKelchen/80e0f4622caa8cbe69c408243643a93a to your computer and use it in GitHub Desktop.
Download ZIP
iOS Xcode 8 Automatic Signing Identity and Provisioning Setup
Raw
Xcode8AutomaticSigning.md

iOS Xcode 8 Automatic Signing Identity and Provisioning Setup

These are the steps our team used to get Xcode 8's Automatic Signing working for our iOS app. We felt it would be valuable to share this with the community (particularly given the effort it required us to get it working). While our research yielded some valuable information from others, it wasn't as simple as it sounded. We figured that we're not alone. 😄

For reference, these were some of the resources that proved valuable to us:

These steps presume that you have some understanding of iOS code signing and familiarity with the Apple Developer portal and Xcode.

You should also first read these instructions in Signing in Xcode 8 in order to understand the new Xcode 8 automatic signing process. Some highlights from the process:

  • You will first build to generate the .app file. To get an .ipa file for distribution you will then perform an archive on the .app file. After the archive, you will export the archive to get the .ipa file
  • When building in both debug and release you'll specify the "iPhone Developer" code sign identity
  • When building in both debug and release you'll specify <YOUR_TEAM_ID> for the development team
  • When exporting the archive in debug, the "exportOptions.plist" package type value might be specified as "development"
  • When exporting the archive in release, the "exportOptions.plist" package type value might be specified as "app-store" or "ad-hoc" depending on the provisioning you'll be using

Setting up certificates and provisioning profiles on the machine

We followed these steps on a Mac that had no signing certificates for iOS development in Keychain Access and no Xcode provisioning profiles downloaded to limit the number of variables involved in setup.

  1. Export the valid "iPhone Distribution: (<YOUR_TEAM_NAME> (<YOUR_TEAM_ID>)" certificate in Keychain Access from a machine that already has it (the certificate, not just the private key)
  2. Copy it to the machine and import it into the login keychain in Keychain Access (make sure you see the cert with the private key underneath)
  3. Open Xcode and go to Preferences -> Accounts
  4. Add and sign in with your Apple ID for an account that belongs to your developer team
    1. View details for your team
    2. Select the "iOS Development" Signing Identity and click Reset
    3. You should now see in Keychain Access that there is a second certificate. This one will say "iPhone Developer: <YOUR_USERNAME> (<YOUR_USER_ID>)" with a private key underneath
  5. Go to the Apple Developer portal and log in with the Apple ID you used with Xcode
  6. Create a Distribution provisioning profile for "App Store", select an App ID of "XC Wildcard (<YOUR_TEAM_ID>.*)", select your Distribution certificate, and give the profile a name like "Team Distribution Wildcard"
    • This profile can be used for App Store and TestFlight deployments
  7. If you would like to do ad-hoc distribution, you can create a second provisioning profile following similar steps. If so, create a Distribution provisioning profile for "Ad Hoc", select an App ID of "XC Wildcard (<YOUR_TEAM_ID>.*)", select your Distribution certificate, select the devices that will be able to install the app, and give the profile a name like "Team Distribution Ad-Hoc Wildcard"
    • This profile can be used for deploying to specific devices
  8. Download both the Team Distribution Wildcard provisioning profile and the Team Distribution Ad-Hoc Wildcard provisioning profile (if you're doing ad-hoc provisioning) that you created
    • These are the Team iOS Distribution profiles with an App ID of "XC Wildcard (*)"
    • They are tied to the distribution certificate that we imported in the beginning
    • They are also tied to the profile that we will be generating from Xcode later
  9. Double click on each of the downloaded profiles to import them into Xcode
    • You may not see them show up in Xcode until later when we generate the profile
    • You should be able to see them on disk at ~/users/<user>/Library/Mobile Device/Provisioning Profiles
  10. This step is specific to Cordova: At this point, you should make sure you've removed and re-added the iOS platform to generate a fresh version of the Xcode project
    1. Next, attempt to run a Cordova build so that the Xcode project file is configured with settings from the build. The build will likely fail which is expected
    2. Find the Xcode project on disk. Generally, this will be in <ProjectDir>/platforms/ios
  11. Open your project in Xcode (<ProjectName>.xcproj)
    1. Once Xcode opens, select the main project node
    2. Under the General tab, find the Signing section
    3. You should see that "Automatically manage signing" is checked, your "Team" is <YOUR_TEAM_NAME>, the "Provisioning Profile" is an "Xcode Managed Profile" (important: this just got automatically generated by simply viewing the current screen in Xcode), and the "Signing Certificate" is "iPhone Developer: <YOUR_USERNAME> (<YOUR_USER_ID>)"
    4. You can now close the Xcode project
  12. At this point, you should be able to open the Xcode -> Preferences -> Accounts tab again and see under your Apple ID -> Team that three profiles exist
    • Team Distribution Wildcard
    • Team Distribution Ad-Hoc Wildcard
    • iOS Team Provisioning Profile: <YOUR_APP_ID>
  13. Build again, and everything should hopefully succeed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment