Fiendish iOS Code Signing ‘Invalid Binary’ Issue

When you’re building a project it’s common to have ‘debug’ and ‘release’ targets. This is true for iOS. In the past, it was common practice to clone the release environment into ‘Ad-Hoc’ and ‘App Store’ distribution targets setup with the relevant signing credentials (to avoid you switching these credentials every build). The danger here however is that there was a chance that what you were submitting was different to the release build (are all your #defines on, for example?) with care this risk was avoided, but it wasn’t a great situation.

Enter the more modern builds of XCode3. These let you archive builds, and also re-sign them for submission which was a great improvement. So you can build *once* for release, and run it with your dev credentials, then save it as an IPA for ad-hoc beta testing, and finally resign it the third time for appstore submission.

So I am on the verge of deleting my old distribution targets and relying purely on this functionality.

But there is one, nasty, nasty catch. If you have multiple developer accounts (common I guess for any iOS contractor), this process fall apart a little. The golden rule I discovered today after a lot of pain (my only feedback for each failed attempt was an email from Apple stating ‘Invalid Binary’), is:

You can only re-sign the build with a certificate/profile combination that is from the same development team as what it was originally signed with. I was creating the builds for dev with my own credentials, then re-signing them with my company ones, and this is what failed. XCode let me re-sign and upload the build, but then it would be automatically rejected (the ad-hoc builds would also fail).

So the solution is make sure your Debug/Release builds are signed with the developer credentials of the correct project development team. If you do this, then you can re-sign with distribution credentials no worries.

I haven’t investigated this situation in XCode4 yet, but if you are getting ‘Invalid Binary’ or ‘Entitlements not valid’ errors (for adhoc), then try this!


3 comments on “Fiendish iOS Code Signing ‘Invalid Binary’ Issue

  1. Hi William,

    I’ve been fighting with this issue for 2 weeks now, without finding a solution. I don’t know what I’m doing wrong.

    Maybe I’m missing someting, could you help me?

    I have a client who wants an iphone app. I’ve already done it and I need to sign it with their developer certificate/profile for Release. I’ve done that. The problem is that they aren’t able to resign it for distribution with their distribution certificate/profile.

    Itunesconnect is rejecting the binary after a while, saying it is not signed correctly.

    I tried to upload the app with my own distribution certificate/profile and the binary is accepted, so I discard anything related to icons/info.plist or any build configuration.

    I even tried the same with my own developer certificate/profile and then tried to resign it with my own distribution certificate/profile, but I get the same error as them.

    I’ve already cleaned everything, certificates and provisioning profiles.

    Do you have any idea of whats happening? any tip? anything to try?

    Thanks in advance. I would really appreciate some light. :)

    I’m using XCode 4.

    Demián

  2. Why don’t you sign for distribution yourself? That’s what I do with such customers. They can export their private/public distribution keys for you, or if you have admin access to the portal you can revoke and reissue some of your own.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>