"No valid iOS Distribution signing identities" error from iOS code signing

ios
code-signing
xcodebuild

#1

We are porting an existing automated iOS build process over to CircleCI. We are attempting to build, archive and export an iOS app using command-line xcodebuild in a custom script. I understand using fastlane for code-signing is recommended, but we seem to have most of our existing process working except for exporting the archive.

The command we’re executing is:

xcodebuild -exportArchive -archivePath "path/to/our.xcarchive" -exportOptionsPlist "path/to/our.plist" -exportPath "/path/to/export/location" CODE_SIGN_IDENTITY="iPhone Distribution: Blah Blah Blah (<TEAM ID>)" PROVISIONING_PROFILE="7c26this-39is-4eou-r33c-d3ca0profile"

The error we get from that is No valid iOS Distribution signing identities belonging to team were found.

Running the same xcodebuild command on another macOS machine works, so it seems like there’s something related to the CircleCI macOS environment that’s tripping us up. We found the suggestion to check the current status of your code signing credentials here https://support.circleci.com/hc/en-us/articles/115015983028-iOS-macOS-Code-Signing-on-CircleCI. So just before that xcodebuild command we run

sudo security find-identity -v -p codesigning

And based on the output, it appears we have a valid identity. The output looks like:

  1) NOTAREALID336687FEWBCNVB197623ADS43C816 "iPhone Developer: Evan Kirkwood (<TEAM ID>)"
  2) NOTAREALID2V87437B7FG6DEDB8F2B9GGA21V5DX "iPhone Distribution: Blah Blah Blah (<TEAM ID>)"
 2 valid identities found

So it appears the code signing identities are installed. Is it possible we’re installing in the wrong keychain? We’ve also attempted to install in the login keychain, but don’t know the password. Is the login keychain password something standard in a CircleCI macOS build environment (i.e. can someone tell us what that password is)?