Follow the following principles and stop worrying about Xcode code signing issues

[[139309]]

Thanks to the following habits, I have not struggled with Xcode's code signing issues in the past year. Some of these habits seem to be overkill, and most of them are more "complex" than using the built-in support features in Xcode. But so what! Fuck the bullshit! Do your own thing and go back to your own business!

1. Never use the Code Signing Assistant tool built into Xcode. In particular, do not click the so-called Fix Issuue button. Not only will it make you touch a lot of useless files (iOS Team Provisioning Profile...), but it will also cause you to fall into a configuration file loop.

2. Never use wildcard App IDs. This is especially troublesome when you are on multiple teams and each team has multiple wildcard App IDs. Take a moment to log in to the Developer Center and generate a unique bundle ID for each of your apps. Not using wildcard App IDs will greatly reduce the pitfalls on the road of Code Signing. If you have a project using wildcards, delete it immediately. The new version of Xcode makes this more difficult than before. Let me Google that for you.

3. Use build code signing and shared schemes. Check Shared in the "Manage Schemes..." panel to make it easy. One for development and one for App Store releases. If necessary, consider adding one for beta. Select the appropriate build configuration for each scheme in the editor window. If you choose the default build configuration provided by Xcode, your development scheme will be debug mode and your release scheme will be release mode.

4. Use explicit code-signing identities and automatic provisioning options. Because you are now using share schemes to connect to specific build configurations, you can set up your Xcode project to be more helpful. The Code Signing Identity and Provisioning Profile settings for your project require a distribution certificate (Ad Hoc, Enterprise, or App Store distributions). If you are lazy, you can also use automatic iOS Distribution. Maybe I have too many teams, so I don't trust Xcode to do it so accurately. I recommend using iOS development to automatically set up your debug builds, which is beneficial for collaborating with other developers. I find that using the signing identities settings above, I can use automatic provisioning profiles for all build settings.

5. Repeat project-level settings on target-level settings. Another common problem is that the project-level settings for code signing and provisioning profile selections do not match the target-level settings. Unless you think you will not make this mistake (I didn't think I would, but now I know better), manually set the code signing and provisioning profile settings at the project and target levels, and check them regularly to make sure they are consistent.

6. Delete expired certificates in Keychain Access. Keychain Access makes it very simple. Most certificates (Ad Hoc, APN, and App Store) are valid for 365 days, and some enterprise certificates may be extended to three years. When you create new distribution certificates and APN certificates, set date alarms to remind you to update them in time to prevent your APN service from suddenly getting angry and warning you about code errors after the certificates expire.

7. Make sure you have all the certificates you need in Keychain Access. You need at least two certificates per team: 1) A developer certificate that allows you to install apps on devices. 2) A distribution certificate that allows you to submit apps to the App Store. You may need two additional certificates for push notifications (one for development and one for production). The development and distribution certificates apply to all apps on your team. The APNs certificate is specific to each app. Make sure you have the private keys for these certificates, store your certificates and export them somewhere safe and convenient so that everyone on your team can ship to the App Store in case your senior engineers are paralyzed by some goddamn idiot.

8. After installing new files or certificates, restart your Xcode anyway. Cache errors are especially likely to occur with cached expired certificates.