Provisioning for Distribution - xcode

I can run the app fine through the development profile but I can't run it through the distribution profile. I have everything setup correctly as far as I can tell. The error that I get from xcode on compile is:
Code Sign error: No unexpired provisioning profiles found that contain any of the keychain's signing certificates
and in TARGETS > Release > Any iOS SDK I look under what should the correct line item and I see the following:
Profile doesn't match any valid certificate/private key pair in your keychains
So it sounds like my current cert doesn't allow me to run my app as distribution? I went into the member center and dirtied all related profiles and restarted xcode 4.6 after updating my profiles. Doesn't seem to work.
I also checked my Info.plist and the bundle name is correct there. It's also correct in TARGETS > Summary > Bundle Identifier.
A private key is missing
I noticed this morning that there is no private key underneath the iPhone Distribution cert in my Keychain Access and I suspect that's an issue? I'm an admin in the developer portal so I'm not sure why this wouldn't be working..

If you weren't on the distribution certificate when it was signed then you need to have someone who IS on the certificate to export their cert + private key for you. If in doubt, it's probably the dev portal agent who you need this from. The details are found in the answer for the question below:
Profile doesn't match any valid certificate/private-key pair in the default keychain

Related

OSX - signing identity missing private key

After I accidently deleted my local keychain... it seems I have encountered some problems. (This is my first Mac.)
In Xcode - Preferences - Accounts it has an error. If I click "View details" for my developer account, it list one signing identity called "iOS Development". However, its status is missing private key. (If I try to add one for distribution, it also pops up saying I already have one.)
As I already redownloaded both my distribution and development certificate from my developer profile and put them into my local keychain... I guess this means they somehow were not enough? Is there any other place on my Mac where I can (be lucky and) find my private key? certificate? ...
Or will I need to revoke my certificates in my developer profile? Download new certificate and create new provision profiles?
The private key is used for signing the code and the certificate is used for verifying the code. Since the private key is only stored in your keychain and you deleted it.
The only way to recover from it is to create a new developer certificate and generate a new Developer Provisioning Profile for your app.

Code signing error with sample app / new Provisioning Profile not in 'Code Signing' list

There are Code Signing Error issues on this forum but I couldnt find answer specific to my situation.
I have two issues really.
First issue:
I'm getting a "A valid provisioning profile matching the application's Identifier 'com.yourcompany.thisSampleApp' could not be found" error.
I get this error running on the Device (iPhone 4S) for which I have a valid Provisioning Profile - com.mycompany.*.
Since this didnt work, I created a Provisioning Profile for Bundle Identifier com.mycompany.thisSampleApp.
Same error.
Second issue:
I also noticed another thing, my newly created Provisional Profile does not show up in the 'Code Signing' section...so I cant even pick it.
But...I can see both the Provisional profiles listed in the Organizer window.
I downloaded Apple's Reachability sample Apple. Same error.
Any ideas anyone? Thanks!
PS: I'm running Xcode 4.6
when that happens to me, (and it happens a lot), I usually restart XCode, sometimes even the computer. If you are sure you have the correct provisioning profile, and the correct certificates in your keychain, and you have the correct bundle identifier.
Also, go to the target -> Build Settings -> Code Signing, and re-select the correct one.
Hope that helps.

Xcode 4.4.1 code signing issue

I have this code signing issue that came up only recently when I tried to submit my Mac application (not iOS) with Xcode 4.4.1
When I tried to validate my app's archive, validation fails with these two errors:
Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. According to the provisioning profile, the bundle contains a key value that is not allowed: 'com.(mycompany).(myapp)' for the key 'com.apple.application-identifier' in 'MyAppBundle.app/Contents/MacOS/MyAppExecutable'
Invalid code signing entitlements. Your application's bundle signature contains code signing entitlements that are not supported on Mac OS X. Specifically, value 'com.(mycompany).(myapp)' for key 'com.apple.application-identifier' in 'MyAppBundle.app/Contents/MacOS/MyAppExecutable' is not supported. This value should be a string starting with your TEAMID, followed by a dot '.' followed by the bundle identifier.
This bundle is invalid. Apple is not currently accepting applications built with this version of the OS.
I've tried the following but none of them worked:
re-downloading and re-generating code signing certificates.
Specifying my team ID in the code signing parameters:
-i "(TEAMID).com.(mycompany).(myapp)" --entitlements "(MyAppEntitlementFile).entitlements"
Anybody can help? Thanks in advance.
I've fixed this by editing my entitlements file using Xcode's property list editor (not the fancy-looking GUI in the target's Summary tab) and remove the key named com.apple.application-identifier along with its value.
I'm not sure how that key-value pair got there in the first place because I'm quite confident that I didn't put it in there myself. This project was originally coded for Snow Leopard without sandboxing and went through a number of Xcode versions. Perhaps an old version of Xcode put it there and it conflicted with the newer one.

Application always asks for permission to access keychain

I have an application that stores username and password in the keychain. Everything was working fine when working on Xcode 3, I recently moved to Xcode 4 and now when I run the application, I get a prompt:
Application wants to use your confidential information stored in keychain" in your keychain.
After hitting always allow I see the application added to access control list of the keychain item, but I get every time I run the app.
Also after hitting Always allow again, I see that the access control has two instances of the same app. Seems like OS thinks this is a new application.
Any ideas appreciated.
I believe the problem is that your signature's designated requirement causes it to not accept itself as "the same app" as itself (for Keychain purposes).
One common cause for this—and I think it's yours—is using a Developer ID Application cert, with no designated requirement, and without the intermediate cert installed.
A standard Developer ID requirement looks like this:
designated => anchor apple generic and
identifier \"com.example.appName\" and
((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or
(certificate 1[field.1.2.840.113635.100.6.2.6] exists and
certificate leaf[field.1.2.840.113635.100.6.1.13] exists and
certificate leaf[subject.OU] = \"1AZBYCXDW9V\" ))
If you want to construct this yourself, you have to replace the identifier with your bundle identifier and the subject.OU with the value from your cert. (If you double-click it in Keychain Access, it should be listed as the Organizational Unit.) Then you can add to "Other Code Signing Flags":
--requirements "=designated ..." (the whole mess from above)
However, a much better way to do this is to use Xcode 4.3.2 or later. If it recognizes that you're using a Developer ID Application cert, and can see the intermediate cert in the keychain, it will generate this by default.
Also, if you use the Archive Organizer in Xcode to "Export Developer ID-signed Application", instead of just using the build from your target directory, it will make sure to sign your app and any other enclosed signables, and it will test that everything is setup properly. (The failures are pretty cryptic—e.g., your "Choose a Developer ID to sign with" step may just have no choices, with a message in the syslog that has no useful information—but at least the fact that it failed or succeeded narrows down where your problem is.)
Either way, you need to download and install (on your build machine) the intermediate cert, called "Developer ID Certification Authority", from the "Developer ID Intermediate Certificate" link at the Developer Certificate Utility site.
One last thing: Even if this solves your problem running on your build machine, you really want to test on the oldest OS version you support. For example, the requirements compiled by Lion's codesign sometimes can't be parsed on Leopard, or sometimes even on Snow Leopard. If that happens… see Gatekeeper vs. Leopard: an ongoing tale.

"A valid signing identity matching this profile..." and Xcode error

Our company is setting up another development station for the same app that will be sent away. I installed Xcode and tested the app in the simulator. I downloaded the Certificate and Provision that worked fine on my other computer. I selected the correct code signing identity and when I build it for a release to my iPad I get an error:
Code Sign error: The identity 'iPhone Developer: Person's Name (XXXXXXXX)' doesn't match any valid certificate/private key pair in the default keychain
In organizer, I click on Provision Profiles and the provision profile I downloaded. Underneath I get the warning:
A valid signing identity matching this profile could not be found in your keychain
I've looked up many, many other people that had this problem, but all seem to resolve it by deleting the cert and provision, which I never want to do! i.e., what if I want to use the same provision and cert on two different machines, or many?
I also went through deleting, recreating, deleting, rinse-repeat - but the answer was simple.
I had the same problem and solved it very simply in XCode Organizer - I'm using Version 4. All I did was go to the top Library section and select Provisioning Profiles, and import the downloaded profiles that I had received in my Safari downloads named "name.mobileprovision".
I think you just have to export the valid certs from the working computer, explained in this doc.
http://developer.apple.com/library/ios/#qa/qa2008/qa1618.html

Resources