Nativescript build to device - nativescript

Whenever I try to build to a device I'm getting this error:
Error Domain=IDEProvisioningErrorDomain Code=8 "binding.node has
conflicting provisioning settings."
UserInfo={NSLocalizedDescription=binding.node has conflicting
provisioning settings., NSLocalizedRecoverySuggestion=binding.node is
automatically signed for distribution, but a conflicting code signing
identity iPhone Developer has been manually specified. Remove the
"signingCertificate" entry from your Export Options property list, or
switch to manual signing by setting "signingStyle" to "Manual.}
I can build to a simulator just fine. What would this be?
My .xconfig:
// You can add custom settings here
// for example you can uncomment the following line to force
distribution code signing
CODE_SIGN_IDENTITY = iPhone Distribution
// To build for device with XCode 8 you need to specify your
development team.
DEVELOPMENT_TEAM = <xxxxxxxx>;
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME = LaunchImage;
TARGETED_DEVICE_FAMILY = 1,2;

As I've already answered in the Github issue, most probably you have a dev dependency which cannot be signed in the dependencies list of your package.json and you need to follow the steps described in this thread in order to resolve it.

Related

How to prevent Xcode from adding malformed entitlements to my dylibs?

I have a Mac app that was accepted to the Mac App Store when I built it using Xcode 13 (exactly the way I do it now, code signing set to automatic, uploading to the App store using the Organizer in Xcode), but now with Xcode 14.2, minutes after submitting it to the Mac App Store, I will receive a refusal mail with lots of "ITMS-90288: Invalid Code Signing Entitlements" and "TMS-90286: Invalid Code Signing Entitlements" errors, two for each embedded dynamic library.
TMS-90288: Invalid Code Signing Entitlements - The entitlements in your app
bundle signature do not match the ones that are contained in the provisioning
profile. According to the provisioning profile, the bundle contains a key value
that is not allowed: '(My team id).' for the key 'com.apple.application-identifier'
in 'Spatterlight.app/Contents/Frameworks/libc64diskimage.dylib'
ITMS-90286: Invalid Code Signing Entitlements - Your application bundle's
signature contains code signing entitlements that are not supported on macOS.
Specifically, value '(My team id).' for key 'com.apple.application-identifier'
in 'Spatterlight.app/Contents/Frameworks/libc64diskimage.dylib' is not supported.
This value should be a string starting with your TEAMID, followed by a dot '.',
followed by the bundle identifier .
The reply at https://developer.apple.com/forums/thread/710598 seems to indicate that dylibs shouldn't have entitlements at all, but apparently Xcode is adding them anyway, making the app unacceptable to the App Store.
I have tried cleaning the build folder, disabling and enabling automatic signing, signing manually when uploading the app (providing profiles from lists in Xcode rather than doing it automatically). The result is the same.
Note that there are plenty of questions here that may look like duplicates of this (usually with titles like "ERROR ITMS-XXXXX: 'Invalid Code Signing Entitlements'", but none of them seem to be about this problem, which makes me think I am doing something uniquely wrong.
To prevent Xcode from adding malformed entitlements to your dylibs, you can do the following steps:
Create a custom entitlements file: In Xcode, go to File > New > File and select "Entitlements" from the list of file templates. This will create a new .entitlements file in your project.
Specify the custom entitlements file: In your target's Build Settings, find the "Code Signing Entitlements" setting and set it to the name of your custom entitlements file.
Review and edit the entitlements file: Open the custom entitlements file and review the contents. Ensure that only the necessary entitlements are included, and that they are correctly formatted.
Build and sign your dylib: Build your dylib and sign it with your custom entitlements file. You can verify that the entitlements were correctly added by running the codesign command in the Terminal and examining the output.

This application's bundle identifier does not match its code signing identifier

When I try to build and run the app on the device I get following error App installation failed: This application's bundle identifier does not match its code signing identifier.
I checked the signing certificates, bundle ids, provision profile, entitlements and everything is correct.
Any Ideas ?
Go into Building Phases
Click the + sing and add script in New Run Script Phase
Add /usr/local/bin/carthage copy-frameworks to the script box.
In Input Files add a line for each Carthage framework you're using in your app: $(SRCROOT)/Carthage/Build/iOS/FrameworkName.framework
If you're still having problems, also add this under Output Files for each framework: $(BUILT_PRODUCTS_DIR)/$(FRAMEWORKS_FOLDER_PATH)/FrameworkName.framework
This process fixed it for me. It can be found under Carthage documentation. You can see this process here in items 4, 5, 6.
https://github.com/Carthage/Carthage#adding-frameworks-to-an-application
In the end the error was caused by Carthage.
After removing and rebuilding all frameworks it fixed the problem.
To fix this, I had to set framework's Product Bundle Identifier to anything with a dot.
In my case it was because of framework, not Carthage's, but the one as target dependency in Workspace.
Before the fix Product Bundle Identifier was something like "FrameworkName", andXcode would automatically append some autogenerated ID, and Signing Identifier would become "FrameworkName-5555494493d11a8e5f473d1cb2a5d781973d171e".
When I set Product Bundle Identifier to something with dot, like "com.organization.frameworkName", Xcode stopped to auto-append anything, and everything works because ids match.
It seems that it wasn't an issue before Xcode 11 and Catalina. This debug was crazy.
Are you using custom .xcconfig files?
Sometimes custom .xccofigs can override the default code-sign settings.
1) See if the project has a custom config by:
--- 1) Click on project whatever the project name is called in Xcode (usually at the top)
2) On the right you'll see your project settings. In here, you can set the identifier.. If not, then you're on the wrong view. This is what you should see:
3) Change the "bundle Identifier" to something to the effect of "com.yourcompany.yourAppName".
--- The com.yourcompany is your website domain name reversed.. Apple Recommend this.
--- After the com.yourcompany is the app name or "nickname' your give it so. com.yourcompany.myCoolApp would be the full identifier.
4) Once you've done this, make sure that under the "Build Settings" as below:
--- That your "Code Signing Identity" is set to whatever Identity you want. For Debugging on iOS or OSX you use "iPhone Developer: Your Name xxx" or "Mac Developer: Your Name xxx".
Code signing resources path: reserved for advanced / command line tools
Other Code Signing Flags: Not sure, never had to use this
Provisioning Profile: IDEALLY set this to "Automatic" so Xcode handles the setting. Otherwise, when you've set a provisioning profile on the Member Centre, then specify it here (make sure you've installed it first though).
in iTunes they changed it to have a flag for each role if he will have
Access to Certificates, Identifiers & Profiles.
and by default its false.
All i had to do is to:
go to iTunesConnect -> Users and Access -> edit my role by checking the box of "Access to Certificates, Identifiers & Profiles"
This issue is only related to CODE SIGNING
But, the key point to note here is, if you are using XCode 11.x version.
Not only the code signing in your project, but we should check the code signing in Thirdparty SDKs or dependencies that we add to our project.
Steps to verify the Code Signing of 3rd party SDks:
Download the source code of framework you need
Open the .xcproj file from the source code using XCode 11.x
Go to Targets -> Signing & Capabilities -> Select all tab -> Bundle Identifier
If you see any unevenness in the identifier like, identifier with 4 seperators (Eg: com.company.mac.app)
Change it to com.* and enter.
Make sure your XCODE COMMAND LINE TOOLS is set with XCode 11.x
Now, use below command to rebuild the SDK, with the changes done in above step-3
carthage build --no-skip-current --cache-builds --platform iOS
Now copy the framework generated from, carthage folder of source code, and replace the existing SDK in your project.
Repeat the same for process for all the 3rd party SDKs, in your project.
NOTE: Make sure you marked all the 3rd party SDKs as Embed & Sign in
Targets => General => Frameworks, Libraries, and Embedded Content
Your app is signed by a Provisioning Profile, which in turn is linked to a Certificate (which can be either for development or distribution).
Now certificates have a Bundle ID, which can be:
A wildcard, such as "com.mydomain.*"
OR
An explicit ID, such as "com.mydomain.myapp"
Either way, the bundle identifier of your app has to match the Bundle ID of the certificate tied to your provisioning profile.
A mismatch would trigger the error you're encountering.

Xcode: code sign identity - core plot framework for sandbox entitlements

I transfered my mac app to itunes connect and received following message:
App sandbox not enabled - The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list. Refer to the App Sandbox page for more information on sandboxing your app.
So, I enabled the sandbox entitlements and run the build. I got the notice:
CODE_SIGN_ENTITLEMENTS specified without specifying CODE_SIGN_IDENTITY. It is not possible to add entitlements to a binary without signing it.
Next, I selected the provisioning profile from target -> build settings and run again. So, I got a error that means my code sign identity isn't correct, maybe during I compiled the core-plot framework.
code object is not signed at all...
In subcomponent: ./Contents/Frameworks/CorePlot.framework ... Command /usr/bin/codesign failed with exit code 1
How I can do it sign?
Ok, I found the answer...
Alright, to sign the framework I added --deep to the Target -> Build Settings -> Other >Code Signing Flags.
Starting with XCode 6, you should sign each embedded framework first (sign inside, and then outside), and then sign the app. Make sure you have all the required values in your Info.plist files. There are more details in codesigning technote 2206

Provisioning for Distribution

I can run the app fine through the development profile but I can't run it through the distribution profile. I have everything setup correctly as far as I can tell. The error that I get from xcode on compile is:
Code Sign error: No unexpired provisioning profiles found that contain any of the keychain's signing certificates
and in TARGETS > Release > Any iOS SDK I look under what should the correct line item and I see the following:
Profile doesn't match any valid certificate/private key pair in your keychains
So it sounds like my current cert doesn't allow me to run my app as distribution? I went into the member center and dirtied all related profiles and restarted xcode 4.6 after updating my profiles. Doesn't seem to work.
I also checked my Info.plist and the bundle name is correct there. It's also correct in TARGETS > Summary > Bundle Identifier.
A private key is missing
I noticed this morning that there is no private key underneath the iPhone Distribution cert in my Keychain Access and I suspect that's an issue? I'm an admin in the developer portal so I'm not sure why this wouldn't be working..
If you weren't on the distribution certificate when it was signed then you need to have someone who IS on the certificate to export their cert + private key for you. If in doubt, it's probably the dev portal agent who you need this from. The details are found in the answer for the question below:
Profile doesn't match any valid certificate/private-key pair in the default keychain

"A valid signing identity matching this profile..." and Xcode error

Our company is setting up another development station for the same app that will be sent away. I installed Xcode and tested the app in the simulator. I downloaded the Certificate and Provision that worked fine on my other computer. I selected the correct code signing identity and when I build it for a release to my iPad I get an error:
Code Sign error: The identity 'iPhone Developer: Person's Name (XXXXXXXX)' doesn't match any valid certificate/private key pair in the default keychain
In organizer, I click on Provision Profiles and the provision profile I downloaded. Underneath I get the warning:
A valid signing identity matching this profile could not be found in your keychain
I've looked up many, many other people that had this problem, but all seem to resolve it by deleting the cert and provision, which I never want to do! i.e., what if I want to use the same provision and cert on two different machines, or many?
I also went through deleting, recreating, deleting, rinse-repeat - but the answer was simple.
I had the same problem and solved it very simply in XCode Organizer - I'm using Version 4. All I did was go to the top Library section and select Provisioning Profiles, and import the downloaded profiles that I had received in my Safari downloads named "name.mobileprovision".
I think you just have to export the valid certs from the working computer, explained in this doc.
http://developer.apple.com/library/ios/#qa/qa2008/qa1618.html

Resources