xcodebuild not copying file from .app

Question

I've created a signed .xcarchive file using the xcodebuild command.

Inside the .xcarchive is a .app file. Inside the .app is a file called archived-expanded-entitlements.xcent. This file is the key to my problem.

I run a different xcodebuild command that creates an .IPA file from the .xcarchive.

Creating the IPA fails because the archived-expanded-entitlements.xcent file is missing. The thing is, xcodebuild is creating a temporary directory where it copies over my .app file, and inside THAT .app file, there is no archived-expanded-entitlements.xcent file.

All the other files are in there except this one.

The commands I run are below:

This creates the xcarchive:

xcodebuild -project diplomat.xcodeproj -scheme schemeName archive -archivePath /Path/To/Archive/name.xcarchive -configuration AppStore CODE_SIGN_IDENTITY="identity" PROVISIONING_PROFILE=provProfile

This creates the IPA:

xcodebuild -exportArchive -exportFormat IPA -archivePath /Path/To/Archive/name.xcarchive -exportPath /Path/To/Archive/name.ipa

Despite specifying the location of the .xcarchive, it creates a temporary directory and doesn't include the important file. Please note, the archived-expanded-entitlements.xcent file is created during the .xcarchive process (the first command that's run) and fails to copy into the temp directory during the second command run.

This is the exact error. Google and StackOverflow have yielded similar errors, but nothing with this actual problem.

Checking original app

     + /usr/bin/codesign --verify -vvvv    /var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-  42128-00007ED35037747A/name.app

Program /usr/bin/codesign returned 1 : 

     [/var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-42128-00007ED35037747A/name.app: a sealed resource is missing or invalid

file missing: 

     /private/var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-42128-00007ED35037747A/name.app/archived-expanded-entitlements.xcent
]

Codesign check fails :

      /var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-42128-00007ED35037747A/name.app: a sealed resource is missing or invalid

file missing: 

      /private/var/folders/sl/_wdkd56d5pb05snr559cmcww0000gn/T/D2133E2C-DC66-427C-A3C5-903A88DD0541-42128-00007ED35037747A/name.app/archived-expanded-entitlements.xcent

Done checking the original app

Answer 1

This is indeed a weird behaviour of xcodebuild, but you can still use the exportArchive command and specify the provisioning profile using exportProvisioningProfile:

xcodebuild -exportArchive -exportFormat IPA \
  -archivePath /Path/To/Archive/name.xcarchive \
  -exportPath /Path/To/Archive/name.ipa \
  -exportProvisioningProfile 'PROVISIONING_PROFILE_NAME'

This will reembed the provisioning profile within the app and you won't actually need to speciify the code signing identity again, because the archive should already be signed during the archive process.

Answer 2

My answer would be considered a workaround, but it solved the problem. I do not know why the one file was not being copied over, but I found a way so it wasn't important.

Replace the 2nd xcodebuild command with this, which utilizes xcrun:

/usr/bin/xcrun -sdk iphoneos PackageApplication -v /Path/To/Archive/name.xcarchive/Products/Applications/name.app -o /Path/To/Archive/DiplomatStaples.ipa --sign "identity" - -embed "provProfile"

This creates an IPA using the xcarchive and then re-embeds the identity and the provisioning profile, so even though the same error as above still occurs and is printed out,the "double dip" with the code signing identity and provisioning profile makes it meaningless. I can now install the app on devices.

For inquiring minds: The reason I'm not just using xcrun in the first place is because even if I specify a prov profile and signing identity, xcrun will use the embedded profile and signing identity in the project based on the configuration (Debug, AppStore, Release, etc) that I specify. xcodebuild will actually sign with the certs I provide it.

The goal of this operation was to remove the need for provisioning profile certs that the CI system required from developer machines, enabling testing the "AppStore" configuration to be signed with AdHoc distribution certs, and enabling re-signing of the xcarchive later on with the actual App Store distribution certs.