Fiendish iOS Code Signing ‘Invalid Binary’ Issue
When you’re building a project it’s common to have ‘debug’ and ‘release’ targets. This is true for iOS. In the past, it was common practice to clone the release environment into ‘Ad-Hoc’ and ‘App Store’ distribution targets setup with the relevant signing credentials (to avoid you switching these credentials every build). The danger here however is that there was a chance that what you were submitting was different to the release build (are all your #defines on, for example?) with care this risk was avoided, but it wasn’t a great situation.
Enter the more modern builds of XCode3. These let you archive builds, and also re-sign them for submission which was a great improvement. So you can build *once* for release, and run it with your dev credentials, then save it as an IPA for ad-hoc beta testing, and finally resign it the third time for appstore submission.
So I am on the verge of deleting my old distribution targets and relying purely on this functionality.
But there is one, nasty, nasty catch. If you have multiple developer accounts (common I guess for any iOS contractor), this process fall apart a little. The golden rule I discovered today after a lot of pain (my only feedback for each failed attempt was an email from Apple stating ‘Invalid Binary’), is:
You can only re-sign the build with a certificate/profile combination that is from the same development team as what it was originally signed with. I was creating the builds for dev with my own credentials, then re-signing them with my company ones, and this is what failed. XCode let me re-sign and upload the build, but then it would be automatically rejected (the ad-hoc builds would also fail).
So the solution is make sure your Debug/Release builds are signed with the developer credentials of the correct project development team. If you do this, then you can re-sign with distribution credentials no worries.
I haven’t investigated this situation in XCode4 yet, but if you are getting ‘Invalid Binary’ or ‘Entitlements not valid’ errors (for adhoc), then try this!
Hi William,
I’ve been fighting with this issue for 2 weeks now, without finding a solution. I don’t know what I’m doing wrong.
Maybe I’m missing someting, could you help me?
I have a client who wants an iphone app. I’ve already done it and I need to sign it with their developer certificate/profile for Release. I’ve done that. The problem is that they aren’t able to resign it for distribution with their distribution certificate/profile.
Itunesconnect is rejecting the binary after a while, saying it is not signed correctly.
I tried to upload the app with my own distribution certificate/profile and the binary is accepted, so I discard anything related to icons/info.plist or any build configuration.
I even tried the same with my own developer certificate/profile and then tried to resign it with my own distribution certificate/profile, but I get the same error as them.
I’ve already cleaned everything, certificates and provisioning profiles.
Do you have any idea of whats happening? any tip? anything to try?
Thanks in advance. I would really appreciate some light. :)
I’m using XCode 4.
Demián
Why don’t you sign for distribution yourself? That’s what I do with such customers. They can export their private/public distribution keys for you, or if you have admin access to the portal you can revoke and reissue some of your own.
I posted an abridged version to StackOverflow here: http://stackoverflow.com/questions/47941/invalid-iphone-application-binary/6290615#6290615