Last week, while creating new Jenkins slaves running Yosemite and Xcode 6.3.2, we encountered the following error when trying to build and package our existing iOS application (with Watch Kit app extension):
"Embedded binary validation utility error: Error Domain=XCEmbeddedBinaryValidationUtil ityErrorDomain Code=0 "error: Embedded binary is not signed with the same certificate as the parent app. Verify the embedded binary target's code sign settings match the parent app's."
The build was running successfully on the old slaves without any issues. As the error message suggested, we started our debugging process with checking the certificate that was being used by the code signing process. But no matter what certificate we used it would spit out the same error. We tried out all possible provisions profiles and certificates combinations but to no avail.
After much digging around, we found out that it was the trust setting of the enterprise certificate that was causing the issue.
The trust setting was set to “Always Trust” . Changed it to “System Defaults” and BOOM..... the error vanished.
Apple requires that all the certificates that are being used for code singing should have the trust setting set to “System Defaults”. A proper error message would however would have saved me a lot of time and effort 🙂