XCode 6.3 Code Signing Issues after update

Question

I've updated recently to XCode 6.3 and started having some strange code signing issues. Occasionally XCode will start complain about the code signing issues. And either will have issue like :

invalid or unsupported format for signature ... Command /usr/bin/codesign failed with exit code 1

or

... Command /usr/bin/codesign failed with exit code 11

Can not find pattern yet, but looks like issue with XCode code sign, as sometimes after cleanup and restart of XCode it will work.

I did not change any settings regarding code signing. Project structure is quite complicated, it has referenced projects and pods.

Any help appreciated.

** Update **

It did not help for me to remove derived data or restarting XCode. But it did work if i removed the project and downloaded fresh from git. This removed XCode files which are not committed to git.

Again after clean it has stopped working. And in the console logs i've got something like this:

codesign[4111]: Internal error unloading bundle CFBundle 0x7fb44a40adc0 <(null)> (framework, not loaded)

** Another Update **

Found on twitter someone who has the same issue. Looks like the issue is caused by --deep option in code signing.

https://github.com/atom/atom-shell/issues/1396

Solution is to not code sign app and frameworks inside with --deep. But rather code sign each framework separately.

http://furbo.org/2013/10/17/code-signing-and-mavericks/

Answer 1

Just had this happen to me as well after the latest X-Code update. But X-Code had been advising me to update my project settings for a while now, I just hadn't got round to it. The link you provide explains it well.

It actually shows up as an issue in the navigator, and X-Code will offer to fix it automatically for you when you select the issue. You just need to remove the --deep option from your Build Settings yourself.

This worked with my 2 3rd party frameworks, Sparkle and Syphon.

Answer 2

Problem was caused by --deep code signing option and entitlements.

To solve it i had to manually code sign the frameworks. This required adding new run script build phase, and running script similar to this one:

IDENTITY="HEX_IDENTITY"

export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate"

FRAMEWORKS_LOCATION="${BUILT_PRODUCTS_DIR}"/"${FRAMEWORKS_FOLDER_PATH}"
EXECUTABLES_LOCATION="${BUILT_PRODUCTS_DIR}"/"${EXECUTABLE_FOLDER_PATH}"

codesign --verbose --force --deep --verify --sign "$IDENTITY" "$EXECUTABLES_LOCATION/MY_HELPER_APP.app"
codesign --verbose --force --deep --verify --sign "$IDENTITY" "$FRAMEWORKS_LOCATION/MY_FRAMEWORK/Versions/A"

HEX_IDENTITY can be obtained by using shell command:

security find-identity 

This will display list of signing identities with their hex numbers.

After exporting application as the app I verified the code signing with command:

codesign --verify --verbose --deep MyApp.app
spctl --verbose --assess --type execute MyApp.app

References:

• http://furbo.org/2013/10/17/code-signing-and-mavericks/
• https://developer.apple.com/library/mac/technotes/tn2206/_index.html