Troubleshooting Common Code Signing Issues in Xcode 14 & 15

Code Signing Issues in XCode 14 and 15

A Code signing certificate helps verify the authenticity and integrity of software code, ensuring that the app is trusted and secure. However, encountering code signing issues can be frustrating, especially when using newer versions of Xcode, like 14 and 15.

But worry no more, as developers have found solutions for some of the errors that we will discuss in this blog. Let’s begin!

Common Code Signing Issues in Xcode 14

The most common code signing issues in Xcode 14 are encountered in different scenarios. 

  1. Swift Package Manager code signing issues.
  2. CocoaPods code signing issues.
  3. Conflicting provisioning profile issues.

Let’s understand each of them in detail.

Swift Package Manager Code Signing Issues

Swift Package Manager is the first dependency manager where the code signing issue occurs. However, if executed via a CLI, it works perfectly fine with Xcode 13.

On the other hand, if you run the same archive xcodebuild command on Xcode 14, the following error is shown.

spm-bundle-sign-package_TargetWithResources requires a development team. Select a development team in the Signing & Capabilities editor.

This issue generally arises from packages or local packages with resource bundles. Although Xcode 14 tries to sign these bundles, this is not supported.

Fortunately, there’s a solution recommended by an Apple engineer. This problem can be resolved by passing CODE_SIGN_STYLE=Manual as an argument while building the IPA (the package file for iOS apps).

To do this, you need to pass some additional settings when running the build command.

If you’re using the command line to build your project, you can pass the arguments as xcargs.

xcode-project build-ipa --project "$XCODE_PROJECT" --scheme "$XCODE_SCHEME --archive-xcargs "CODE_SIGN_STYLE=Manual DEVELOPMENT_TEAM=<YOUR_DEVELOPMENT_TEAM>"

For those using Fastlane, you can achieve a similar result by adding xcargs “CODE_SIGN_STYLE=Manual” to Gymfile.

CocoaPods Code Signing Issues

Previously, in Xcode 13, the default behavior was to set CODE_SIGNING_ALLOWED to NO for resource bundles, but that’s not the case anymore. Now, with Xcode 14, you’re required to assign a development team to each Pod target individually.

No doubt, it takes a bit of extra effort, but it is necessary to ensure that the project can be properly signed and deployed.

Add the following to the Podfile.

post_install do |installer|
  installer.pods_project.targets.each do |target|
    if target.respond_to?(:product_type) and target.product_type == "com.apple.product-type.bundle"
      target.build_configurations.each do |config|
          config.build_settings['CODE_SIGNING_ALLOWED'] = 'NO'
      end
    end
  end
end

However, this solution comes with a warning. Sometimes, even though the app may compile successfully, some issues arise during the App Store review process. This can happen because the review team might deem the app’s signature invalid, which could lead to your app being rejected.

Below is a sample error that you may receive from the App Store team.

Verify Code Signing Setting in Xcode Error

But here’s the catch! Regardless of the issue, some mobile app developers have successfully passed the App Store review.

Below is another method to set the development ID for each Pod target.

post_install do |installer|
  installer.generated_projects.each do |project|
    project.targets.each do |target|
        target.build_configurations.each do |config|
            config.build_settings["DEVELOPMENT_TEAM"] = "Your Team ID"
         end
    end
  end
end

Flutter 3.3.3 fixes

For the ones using Flutter version 3.3.3 or later, you’ll be glad to know that you no longer need to manually tweak settings to make CocoaPods work properly. The new Flutter version automatically handles code signing for dependencies, and you can find the pull request that fixed it here.

So, if you’ve been adding extra settings to your Podfile to fix issues with CocoaPods, you can now remove them if you’re using Flutter 3.3.3 or higher.

Conflicting Provisioning Profile Issues

Last but not the least, the Conflicting provisioning profile is another issue that arises with the release of Xcode 14. This problem mostly pops up for projects that use both Swift Package Manager and CocoaPods.

Below, you can find how the error looks.

spm-bundle-sign-package_TargetWithResources has conflicting provisioning settings. spm-bundle-sign-package_TargetWithResources is automatically signed for development, but an inconsistent code signing identity Apple Distribution has been manually specified. Set the code signing identity value to "Apple Development" in the build settings editor, or switch to manual signing in the Signing & Capabilities editor.

To address this issue, consider adding additional flags to the xcode-project build-ipa command.

xcode-project build-ipa --project "$XCODE_PROJECT" --scheme "$XCODE_SCHEME --archive-xcargs "CODE_SIGN_STYLE=Manual DEVELOPMENT_TEAM=<YOUR_DEVELOPMENT_TEAM>"" --archive-flags "-destination 'generic/platform=iOS' CODE_SIGNING_REQUIRED=YES CODE_SIGNING_ALLOWED=NO"

This command is compatible with both Swift Package Manager and CocoaPods projects. If you’re using CocoaPods, it’s also a good idea to make sure everything’s set up correctly by running pod install before doing the signing setup using xcode-project use-profiles.

Common Code Signing Issues in Xcode 15

Code signing issues in Xcode 15 affect the functionality of apps. Some of those include.

Conflicting Provisioning Profiles

When Swift Package Manager and CocoaPods are used together, it results in conflicting provisioning files, which unfortunately leads to errors during code signing.

Solution: Manually adjust the code signing identity within Xcode’s build settings value to “Apple Development.” Although this might fix one problem, it has also been reported that this workaround occasionally leads to invalid signature errors during App Store reviews.

One more solution is to pass the argument the CODE_SIGN_STYLE=Manual when building the IPA.

To do so, open the terminal, go to the project directory, and run the command xcodebuild -exportArchive -archivePath <path_to_xcarchive> -exportOptionsPlist <path_to_export_options.plist> -exportPath <path_to_export_directory> CODE_SIGN_STYLE=Manual

As a result, you will get a properly signed IPA.

Provisioning Profiles Not Supporting Certain Capabilities

Even though provisioning files work well with previous Xcode versions, these might not support the specific features you need now. Just reloading these profiles won’t fix the problem.

Here comes the solution!

Double-check that your provisioning profiles are up-to-date and explicitly include your app’s required capabilities.

In-app Purchasing Features

Features related to in-app purchases can suddenly stop working, particularly if they require specific entitlements or capabilities.

The potential solution to this will be “Enrollment in the Apple Developer Program.”

This program gives developers access to necessary resources and capabilities that help in resolving all the challenges related to code signing.

Conclusion

Code signing in Xcode 14 and 15 is an essential aspect of app development and, at the same time, very difficult to work with. However, understanding the issues and their solutions will help developers ensure a smooth deployment process, and they can feel more confident about launching their apps successfully on the App Store.

Head to SignMyCode to explore a comprehensive variety of code signing certificates by which you can sign your software and applications digitally.

Frequently Asked Questions (FAQs)

1.  What is code signing, and why is it important in Xcode?

Code signing certificates are used by developers to sign applications digitally. It’s crucial for app distribution on platforms as it verifies that the code has not been altered or compromised by a third party. 

2. How to create a new code signing identity in Xcode?

To generate a code signing identity in Xcode, follow these steps.

  1. Open Xcode on your Mac.
  2. Go to the “Preferences” option in the Xcode menu.
  3. Click on “Accounts” in the toolbar.
  4. Choose your Apple ID from the list.
  5. If you have multiple teams associated with your Apple ID, select the appropriate team from the list.
  6. Look for “Manage Certificates” and click on it.
  7. Now, hit the “+” button at the bottom left.
  8. You’ll see a list of options for the type of certificate you need. Just select the one that matches your requirements.

3. Can I skip code signing in Xcode?

Skipping code signing in Xcode depends on your target architecture. For Intel-based devices, you still have the option to run unsigned code. However, for Apple silicon devices, all code must be signed.

If you choose to skip code signing, you can opt for ad hoc signing, which is shown as “Sign to Run Locally” in Xcode. However, this approach isn’t recommended. Ad hoc signed code may encounter issues, especially when interacting with macOS frameworks, due to the lack of a stable code signing identity.

4.   From where can I get the code signing certificates?

SignMyCode offers the best and a wide variety of code signing certificates. Explore the complete range here and start signing your software for all the popular platforms.

Apple Mac iOS Code Signing Certificate CTA

Related posts:

  1. Troubleshoot Most Common iOS Code Signing Errors
  2. Most Common Malware and Software Security Threats
  3. How Does the Code Signing Process Work? – Understand the Code Signing Architecture
  4. Code Sign With Azure DevOps Using a Code Signing Certificate Stored Within Azure Key Vault

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.