I'm trying to automate the creation of an .ipa file for development step. I have an enterprise licence, and I use a distribution cert. (It's a Distribution certificate for an Enterprise distribution. So I don't publish on app store)
Here my code so far, I try to do the whole signing process manually:
#!/bin/bash
PROFILE_PATH="XX/XXX/XXX.mobileprovision"
PROFILE_NAME="XXXXXXX"
KEYCHAIN="/Users/XXXX/Library/Keychains/login.keychain-db"
PASSWORD="XXXX"
CERT_PASS="XXXX"
CERT_PATH="./XXX/XXX"
ARCHIVE_PATH="./XXX/myApp.xcarchive"
IPA_PATH="./XXX/myApp.ipa"
EXPORT_PATH="./XXX/exportHouse.plist"
sleep 5
open "${PROFILE_PATH}"
sleep 5
security list-keychains
security unlock-keychain -p ${PASSWORD} ${KEYCHAIN}
security -q import ${CERT_PATH}.p12 -k ${KEYCHAIN} -P ${CERT_PASS} -T /usr/bin/codesign
security set-keychain-settings ${KEYCHAIN}
security set-key-partition-list -S apple-tool:,apple: -s -k ${PASSWORD}
# Make the archive file
xcodebuild \
DEVELOPMENT_TEAM="4CVDA82G9X" \
PROVISIONING_PROFILE_SPECIFIER=${PROFILE_NAME} \
CODE_SIGN_IDENTITY="iPhone Distribution" \
CODE_SIGN_STYLE="Manual" \
OTHER_CODE_SIGN_FLAGS="--keychain ${KEYCHAIN}" \
-scheme ispektor \
-workspace ./platforms/ios/myApp.xcworkspace \
-archivePath ${ARCHIVE_PATH} \
archive
sleep 5
# Make the IPA file
xcodebuild \
-exportArchive \
-archivePath ${ARCHIVE_PATH} \
-exportPath ${IPA_PATH} \
-exportOptionsPlist exportAppStore.plist \
-exportOptionsPlist ${EXPORT_PATH} \
Problem :
I can download the ipa file; however, when I launch it on my phone, it opens and closes immediately :
When we look at logs we have (I've selected only the related parts):
Executing launch request for application ...
Submitting job ...
<Error>: failed to get pid for label UIKitApplication: No such process (3)
<Error>: Failed to start job for application<com.myApp.mobileApp>: <NSError: 0x100545e20; domain: NSPOSIXErrorDomain; code: 3; reason: "No such process"> {
userInfo = {
RBLaunchdOperation = launch_get_running_pid_4SB;
RBLaunchdJobLabel = UIKitApplication:com.myApp.mobileApp[7207][rb-legacy];
}
}
<Notice>: Trust evaluate failure: [leaf AnchorApple ChainLength IssuerCommonName LeafMarkerOid MissingIntermediate SubjectCommonName]
Potential cause : I think this come from my initial certificate, as I import it manually on line 21, this certificate is "not trusted" .And When I do everything with xcode and set "Automatically manage signing" it works.
When I manually force "always trusted", I can't compile :
note: Constructing build description
error: Invalid trust settings. Restore system default trust settings for certificate "iPhone Distribution: XXXX" in order to sign code with it. (in target 'myApp' from project 'myApp')
And when it says "restore" it mean trust --> untrust.
So I need to do the same as "Automatically manage signing " but with CLI.
I solved it
The root cause was: iPhone Distribution certificate was not trusted in the keychain.
If I force "always trusted" it won't work.
I needed to download the Apple Worldwide Developer Relations Certification Authority, BUT on their website (https://www.apple.com/certificateauthority/) there are two certificates: one last until 2023 and another 2030. It didn't change anything when I added the 2023 one, but the 2030 one made my Distribution certificate trusted!
So you need iPhone Distribution Certificate + this AWDRCA