Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Validating fails because of account permissions

I've been added as a Team member by Team Admin through the iTunesConnect and I am trying to create an archive and validate it. It fails as title says with a message :

validation failed message

Also, if I try to let the Xcode fix this automatically, I get this error:

validation failed message

The Team Agent created iOS Distribution profile in iTunesConnect and according to the docs, the Team Member indeed can't create certificates :

privileges assigned to each membership level

but that is why the Team Admin created them for me, but still, it looks like my Xcode tries to create certificates, rather than to download and use them (while validating archive). Any ides why is this happening and how to validate an archive and upload the build to the iTunesConnect?

like image 555
Whirlwind Avatar asked Jan 06 '23 14:01

Whirlwind


2 Answers

Certs are always paired with private keys. You need the cert/key pair to sign properly.

Since your team agent created the distribution cert, the cert/private key is on their computer's keychain. Even if you were to download the cert, you'd be missing the private key. Your team agent will need to open up Keychain App, export it, send it to you, and then you'll need to import it into your keychain.

At that point, assuming you also have the correct provisioning files downloaded and have the build settings correct, signing should work.

like image 127
Ben Kane Avatar answered Jan 16 '23 19:01

Ben Kane


First of all, Xcode is trying to create a cert because it believes there is something wrong with your code signing settings. This can mean several things:

  1. You don't have a valid iOS distribution certificate. To check this, go into the Keychain Access app and check that you have a green check mark when you select the certificate from the list on the left.

    ios certificate validity.

    If it's not valid, it could have been revoked on the Apple developer site, or it may have expired.

    Also, make sure you have the appropriate provisioning profile and certificate by downloading them from Apple's developer site. The only thing your Team Admin should need to send you is the private key. If the private key doesn't connect to the certificate you got from Apple's developer site, you were given the wrong key.

  2. You could have a valid certificate, but be missing the required private key that allows you to sign things with that certificate. This is required to use the certificate to sign things, and will also cause Xcode to try to generate a new cert when submitting. Make sure you can expand the cert to see the private key shown in item 3 in the image below. Keychain Access example of valid certificate with associated private key

  3. The project code signing settings are referencing a code signing identity that does not match the certificate and key in your keychain. I recommend that you use the following settings in your project's code signing section.
    For Provisioning Profile, choose "Automatic". For Code Signing Identity, choose "iOS Developer" for the Debug build config, and "iOS Distribution" for the Release build config.

    recommended code signing settings for iOS projects

I would also recommend you taking a look at Apple's great video on What's New in Code Signing from WWDC that covers the key components of code signing iOS apps.

like image 33
wottle Avatar answered Jan 16 '23 20:01

wottle