iOS build fails - finds certificate then fails saying it cannot find a certificate

When I am building the iOS version of UE4, everything seems to work fine except for the following:

After linking, when it attempts to obtain a signing certificate, the build first apparently finds a valid certificate:

Looking for a certificate that matches the application identifier '3Z5EKBZ573.com.agoglabs.*'
  .. Provision entry SN '5297C931896B2F5C' matched 1 installed certificate(s)
  .. .. Installed certificate 'iPhone Developer: Conan Reis (Q6U29F8M7W)' is valid (choosing it) (range '7/28/2015 1:05:21 PM' to '7/27/2016 1:05:21 PM')

This is indeed a valid certificate that is present in my keychain on my Mac.

Then a few lines down in the build log it says:

Build settings from command line:
    CODE_SIGN_IDENTITY = iPhone Developer
    CODE_SIGN_RESOURCE_RULES_PATH = /Users/zorro/UE4/Builds/Q/D/UnrealEngine/master/Engine/Binaries/IOS/CustomResourceRules.plist
    IPHONEOS_DEPLOYMENT_TARGET = 6.0
    SDKROOT = iphoneos8.4
=== BUILD TARGET UE4Game - iOS OF PROJECT UE4_FromPC WITH CONFIGURATION Development ===
Check dependencies
Code Sign error: No code signing identities found: No valid signing identities (i.e. certificate and private key pair) matching the team ID “(null)” were found.
CodeSign error: code signing is required for product type 'Application' in SDK 'iOS 8.4'
** BUILD FAILED **

The file CustomResourceRules.plist has the following content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>rules</key>
	<dict>
		<key>.*</key>
		<false/>
	</dict>
</dict>
</plist>

Any idea what might be wrong here?

I am on master branch btw.

Thanks for any pointers!

Usually when you get that message Xcode can’t find a valid signing identity which matches the provision it found. If you have a valid certificate, you might want to check to make sure the provision for the game was created using that certificate. Especially since it looks like you recently updated the signing certificate.

-Pete

Thanks for the quick reply, Pete. I generated both the provisioning profile and the certificate recently. The provisioning profile uses that very certificate. UE4Editor accepts the provisioning profile and the certificate as valid in its iOS settings, and displays the same name and ID code. Then as you can see in my post above, the provisioning profile is properly matched to the certificate at some point during the build.
I spent almost the whole day yesterday trying all sorts of things, e.g. regenerating the profile, deleting and re-installing the certificate to my keychain, copying an extra UE4Game.mobileprovision into my Intermediate/Build/IOS folder, reimporting profile and certificate to the Project Settings dialog, deleting and reinstalling profiles from the AppData folder, changing file permissions on my PC host and on my Mac, cleaning and rebuilding from scratch etc. etc. and have not gotten it to work. Very frustrating.
Is there a way to get a more detailed error report and why it is failing to find the certificate? What program is failing to find the certificate? Where is it looking for it? Is there a log file maybe with more info?

EDIT: See comments below first for the actual fix!

Ok after three extremely frustrating days of my life wasted in code signing hell and learning more about provisioning profiles, certificates, private keys, keychains, the UnrealBuildTool and the iPhonePackager than I ever wanted to, here is what finally fixed the issues for me:

  1. On my system, codesign would not work unless the keychain was unlocked in the same SSH session. To fix that, in CompileTime.cs, line 72 in function GetBaseXcodeCommandline I prepended "security -v unlock-keychain -p \"\" $HOME/Library/Keychains/UE4TempKeychain.keychain && " + to the command line, so UE4TempKeychain.keychain would be unlocked just before xcodebuild runs.
  2. On my system, the certificate extracted from the provision profile in CompileTime.cs, function CopyFilesNeededForMakeApp would not work since it does not have a private key in it. So I commented out line 290 in that file which writes out the certificate //File.WriteAllBytes(Path.Combine(Config.PCXcodeStagingDir, MacSigningIdentityFilename), Data);.
  3. Instead I exported the private key from my keychain as a .p12 file named Q_UE4Temp.p12 and manually dropped it into Engine\Intermediate\IOS-Deploy\UE4Game\XcodeSupportFiles on my host PC.
  4. Then in CompileTime.cs, in function RunRPCUtilty, in case "createkeychain", I changed the string DisplayCommandLine to end with priv instead of cert

For these changes to take effect, iPhonePackager needs to be rebuilt in the UE4.sln in Visual Studio.

I tried backing out each of these changes but code signing won’t succeed for me unless all are present.

@psauer hope these findings will help you coming up with a permanent fix that will work on my system. FYI I am using Windows 7 Pro and OSX 10.10.4.

Did you add your signing certificate to the System keychain? We can’t access the login keychain without asking for a password, but if the private key used to create the certificate exists in the System keychain then it will automatically get used when accessing the temp keychain. The easiest way to ensure the private key is in the System keychain is to install your certificate to that keychain.

-Pete

Also, make sure the key/certificate is marked always allow (Get Properties, access). This ensures you aren’t asked for a password when something like codesign wants to use it (which is probably what is causing #1 in your list).

-Pete

Thanks that did it! I backed out my hacks and it now works without them. Wow. Tricky stuff.