Can I archive with a Developer certificate, then re-sign it during submission with a Distribution certificate?

Richard Venable picture Richard Venable · Feb 6, 2012 · Viewed 8.3k times · Source

From what I understand, Xcode can re-sign an .ipa from an archive during the App store submission process, making it possible for you to create an archive with a Developer Provisioning Profile, and then sign it with a Distribution profile later. Here is a post that explains what I am talking about: http://oleb.net/blog/2011/06/code-signing-changes-in-xcode-4/

Unfortunately, I can't get it to work. When I create an archive using a Developer profile, then try to submit it with a Distribution profile, I get the following error: "Application failed codesign verification. The signature was invalid, contains disallowed entitlements or it was not signed with an iPhone Distribution Certificate"

The application does not use any entitlements and has no entitlements file. The error is correct that "it was not signed with an iPhone Distribution Certificate", because it was originally signed with a developer certificate, and I am attempting to resign it with a Distribution certificate. I thought this was a valid thing to do...

Answer

mattjgalloway picture mattjgalloway · Feb 6, 2012

The problem here is that when you originally archived it would have set the entitlements to be compatible with a developer profile, such as the get-task-allow set to true but you're re-signing using a distribution profile which requires get-task-allow to be false. Unfortunately it can't go and change the entitlements and so you get this problem.

I'm not entirely sure why Apple can't make it so that it can go and change the entitlements and do all the magic there. The code, resources, etc will all be the same after all.