starred/SignTools
1
0
Fork 0
mirror of https://github.com/SignTools/SignTools.git synced 2026-04-26 10:25:54 +03:00
Code Issues 20 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #96] How do you use an Apple developer Distribution certificate? #45

New issue
Closed
opened 2026-03-04 00:23:23 +03:00 by kerem · 9 comments
kerem commented 2026-03-04 00:23:23 +03:00
Owner
Copy link

Originally created by @rzbergme on GitHub (Aug 22, 2021).
Original GitHub issue: https://github.com/SignTools/SignTools/issues/96

Hi, I hope you can help me. I set up the ios-signer-service on Heroku as per instructions.
Under PROFILE_CERT_BASE64 I pasted the base64 for my Apple developer Distribution certificate (as I want to enable various entitlements such as push notifications) and pasted the cert password in PROFILE_CERT_PASS.
Is this the correct way to use my Apple Distribution certificate?

When I try to sign an IPA I get this error:
error: Revoke certificate: Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain. Xcode can create a new one after revoking your existing certificate. (in target 'SimpleApp' from project 'SimpleApp')\nerror: No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "SOMETEAMID" with a private key was found.

Any idea what I might be doing wrong?

Thank you!

Originally created by @rzbergme on GitHub (Aug 22, 2021). Original GitHub issue: https://github.com/SignTools/SignTools/issues/96 Hi, I hope you can help me. I set up the ios-signer-service on Heroku as per instructions. Under PROFILE_CERT_BASE64 I pasted the base64 for my Apple developer Distribution certificate (as I want to enable various entitlements such as push notifications) and pasted the cert password in PROFILE_CERT_PASS. Is this the correct way to use my Apple Distribution certificate? When I try to sign an IPA I get this error: error: Revoke certificate: Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain. Xcode can create a new one after revoking your existing certificate. (in target \'SimpleApp\' from project \'SimpleApp\')\nerror: No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "SOMETEAMID" with a private key was found. Any idea what I might be doing wrong? Thank you!
kerem closed this issue 2026-03-04 00:23:24 +03:00
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@ViRb3 commented on GitHub (Aug 23, 2021):

Hey there. For Distribution certificate you need to add the following 4 items to your cert.p12 file:

  • Development certificate + key
  • Distribution certificate + key

Then simply add that to PROFILE_CERT_BASE64. Your error says you're missing the development certificate.

<!-- gh-comment-id:903457794 --> @ViRb3 commented on GitHub (Aug 23, 2021): Hey there. For Distribution certificate you need to add the following 4 items to your cert.p12 file: - Development certificate + key - Distribution certificate + key Then simply add that to PROFILE_CERT_BASE64. Your error says you're missing the development certificate.
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@rzbergme commented on GitHub (Aug 23, 2021):

Thank you @ViRb3 I am now making some progress. Once I figured out I need to select all 4 lines (on the Keychain Access) and export into one Certs.p12 file (which I then base64 into PROFILE_CERT_BASE64) I am not facing a new error when I try to sign an app (uYou from https://github.com/MiRO92/uYou-for-YouTube):

error: Provisioning profile "iOS Team Provisioning Profile: com.fyTubA.B8C.diFswIh.MessagesExtension" doesn't include the com.apple.developer.coremedia.allow-alternate-video-decoder-selection entitlement. (in target 'SimpleApp' from project 'SimpleApp')', 'stderr': '2021-08-23 19:36:12.930 xcodebuild[3954:56330] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called\n** ARCHIVE FAILED **'}

Any idea?

<!-- gh-comment-id:904067516 --> @rzbergme commented on GitHub (Aug 23, 2021): Thank you @ViRb3 I am now making some progress. Once I figured out I need to select all 4 lines (on the Keychain Access) and export into one Certs.p12 file (which I then base64 into PROFILE_CERT_BASE64) I am not facing a new error when I try to sign an app (uYou from https://github.com/MiRO92/uYou-for-YouTube): error: Provisioning profile "iOS Team Provisioning Profile: com.fyTubA.B8C.diFswIh.MessagesExtension" doesn\'t include the com.apple.developer.coremedia.allow-alternate-video-decoder-selection entitlement. (in target \'SimpleApp\' from project \'SimpleApp\')', 'stderr': '2021-08-23 19:36:12.930 xcodebuild[3954:56330] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called\n** ARCHIVE FAILED **'} Any idea?
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@ViRb3 commented on GitHub (Aug 24, 2021):

I have fixed the issue in github.com/SignTools/ios-signer-ci@f6a173fb5b. Update/re-create your ios-signer-ci and it will work.

<!-- gh-comment-id:904573968 --> @ViRb3 commented on GitHub (Aug 24, 2021): I have fixed the issue in https://github.com/SignTools/ios-signer-ci/commit/f6a173fb5bd6a28213e975905018a6ca24a3a85f. Update/re-create your `ios-signer-ci` and it will work.
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@rzbergme commented on GitHub (Aug 24, 2021):

Thank you!

<!-- gh-comment-id:904713203 --> @rzbergme commented on GitHub (Aug 24, 2021): Thank you!
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@rzbergme commented on GitHub (Aug 24, 2021):

Hi @ViRb3, I deleted my ios-signer-ci and recreated it (from your template) and then re-deployed my Heroku app. Now I am getting this error:

error: Failed to register bundle identifier: The app identifier "com.fyTubA.B8C.diFswIh.BroadcastUploadExtension" cannot be registered to your development team because it is not available. Change your bundle identifier to a unique string to try again. (in target 'SimpleApp' from project 'SimpleApp')\nerror: No profiles for 'com.fyTubA.B8C.diFswIh.BroadcastUploadExtension' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'com.fyTubA.B8C.diFswIh.BroadcastUploadExtension'. (in target 'SimpleApp' from project 'SimpleApp')', 'stderr': '2021-08-24 15:05:36.103 xcodebuild[4546:64575] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called\n** ARCHIVE FAILED **'}

What do you think?

<!-- gh-comment-id:904727661 --> @rzbergme commented on GitHub (Aug 24, 2021): Hi @ViRb3, I deleted my ios-signer-ci and recreated it (from your template) and then re-deployed my Heroku app. Now I am getting this error: error: Failed to register bundle identifier: The app identifier "com.fyTubA.B8C.diFswIh.BroadcastUploadExtension" cannot be registered to your development team because it is not available. Change your bundle identifier to a unique string to try again. (in target \'SimpleApp\' from project \'SimpleApp\')\nerror: No profiles for \'com.fyTubA.B8C.diFswIh.BroadcastUploadExtension\' were found: Xcode couldn\'t find any iOS App Development provisioning profiles matching \'com.fyTubA.B8C.diFswIh.BroadcastUploadExtension\'. (in target \'SimpleApp\' from project \'SimpleApp\')', 'stderr': '2021-08-24 15:05:36.103 xcodebuild[4546:64575] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called\n** ARCHIVE FAILED **'} What do you think?
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@ViRb3 commented on GitHub (Aug 24, 2021):

You'll probably need to delete these app IDs from your developer portal and then try signing again. I'm not sure why this happens, I think it's something to do with the previous error you had.

<!-- gh-comment-id:904729667 --> @ViRb3 commented on GitHub (Aug 24, 2021): You'll probably need to delete these app IDs from your developer portal and then try signing again. I'm not sure why this happens, I think it's something to do with the previous error you had.
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@rzbergme commented on GitHub (Aug 24, 2021):

@ViRb3 Thanks! I apologize for bugging you :-(

Deleting these app IDs helped. Now it builds:

image

But when I try to launch it, I get:

image
<!-- gh-comment-id:904745430 --> @rzbergme commented on GitHub (Aug 24, 2021): @ViRb3 Thanks! I apologize for bugging you :-( Deleting these app IDs helped. Now it builds: <img width="276" alt="image" src="https://user-images.githubusercontent.com/6178252/130645016-fcdc8edc-b769-43e5-a44d-316100004510.png"> But when I try to launch it, I get: <img width="608" alt="image" src="https://user-images.githubusercontent.com/6178252/130645400-0b66fec5-64b6-4303-abb6-244d2595728e.png">
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@ViRb3 commented on GitHub (Aug 24, 2021):

Don't worry about bugging me, I am happy to help. I will take a look at this later today.

<!-- gh-comment-id:904751926 --> @ViRb3 commented on GitHub (Aug 24, 2021): Don't worry about bugging me, I am happy to help. I will take a look at this later today.
kerem commented 2026-03-04 00:23:25 +03:00
Author
Owner
Copy link

@ViRb3 commented on GitHub (Aug 25, 2021):

After further investigation, it seems like in that particular IPA file, the main app is not signed at all, while every app extension is signed and uses keychain groups. This is a problem, because if an app extension uses the keychain, the main app needs to have the same entitlement too, otherwise you get this error. So essentially, this IPA file is corrupted. I cannot do anything to fix it, so you will have to contact the developer. As a workaround, you can use a wildcard manual provisioning profile, since that will override any signing/entitlements.

<!-- gh-comment-id:905366792 --> @ViRb3 commented on GitHub (Aug 25, 2021): After further investigation, it seems like in that particular IPA file, the main app is not signed at all, while every app extension is signed and uses keychain groups. This is a problem, because if an app extension uses the keychain, the main app needs to have the same entitlement too, otherwise you get this error. So essentially, this IPA file is corrupted. I cannot do anything to fix it, so you will have to contact the developer. As a workaround, you can use a wildcard manual provisioning profile, since that will override any signing/entitlements.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/npm_and_yarn/prettier-3.8.2
dependabot/docker/golang-1.26.2-alpine
dependabot/github_actions/docker/build-push-action-7.1.0
dependabot/go_modules/golang.org/x/crypto-0.50.0
dependabot/github_actions/docker/login-action-4.1.0
dependabot/github_actions/actions/setup-go-6.4.0
dependabot/go_modules/github.com/rs/zerolog-1.35.0
dependabot/go_modules/golang.org/x/oauth2-0.36.0
dependabot/github_actions/docker/metadata-action-6.0.0
dependabot/github_actions/docker/setup-buildx-action-4.0.0
dependabot/github_actions/docker/setup-qemu-action-4.0.0
dependabot/go_modules/github.com/labstack/echo/v4-4.15.1
dependabot/github_actions/goreleaser/goreleaser-action-7.0.0
dependabot/docker/alpine-3.23.3
dependabot/github_actions/actions/checkout-6.0.2
develop
v3.0.11
v3.0.10
v3.0.9
v3.0.8
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.6.2
v2.6.1
v2.6.0
v2.5.21
v2.5.20
v2.5.19
v2.5.18
v2.5.17
v2.5.16
v2.5.15
v2.5.14
v2.5.13
v2.5.12
v2.5.11
v2.5.10
v2.5.9
v2.5.8
v2.5.7
v2.5.6
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.18
v2.4.17
v2.4.16
v2.4.15
v2.4.14
v2.4.13
v2.4.12
v2.4.11
v2.4.10
v2.4.9
v2.4.8
v2.4.7
v2.4.6
v2.4.5
v2.4.4
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.15
v2.3.14
v2.3.13
v2.3.12
v2.3.11
v2.3.10
v2.3.9
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.6
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.1
v2.0.0
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.6.0
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.1
v1.0.0
Labels
Clear labels   
bug

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
enhancement
enhancement
good first issue
help wanted
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/SignTools#45
No description provided.