I'm really going mad with this problem! I have an app that contains a simple Helper app which manages the login item for the Main app.
When I try to submit the app I get errors related to the provisioning profile and the entitlements. I'm sure that the problem is related with the Helper app because before than I added it the submission worked with no problem.
At the moment the helper app is code signed and is sandboxed as the main app.
The errors are :
Invalid provisioning profile. The provisioning profile included in the bundle is invalid
Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the one that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile 'com.apple.application-identifier' in 'myapp.app/Contents/Library/LoginItems/helper.app'
Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the one that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile 'com.apple.application-identifier' in 'myapp.app/Contents/MacOS/myapp'
For anyone else coming across this problem, you don't have to codesign the helper app a second time, just remove the "embedded.provisionprofile" from the helper app in the xarchive and you can submit no problem.
The only solution that seems to solve this problem was codesign and sandboxing the helper app from Xcode and then:
Re-Codesign the Helper app from terminal
codesign -f -s "3rd Party mac Developer Application:" -i
"com.bundle.YOUR.HELPER" --entitlements path/to/helper/entitlements
YEOR-HELPER.app
Remove provisioning profile from Helper app, adding a "Run script" into the "Build Phases"
rm"${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.app/Contents/Library/LoginItems/YOUR-HELPER.app/Contents/embedded.provisionprofile"
With this solution we've correctly submitted our App.
I had the 3rd error when I accidentally included some 3rd-party .a files in my target. (They're needed for non-App Store distribution but I'd forgotten to exclude them for the App Store build). The error wasn't too helpful in tracking this down!
I was finally able to resolve this problem by deleting the embedded.provisionprofile file from the helper app by adding the following run script:
if [ -f "${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.app/Contents/embedded.provisionprofile" ];
then
rm "${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.app/Contents/embedded.provisionprofile"
echo "Removed embedded provisioning profile."
else
echo "No profile found"
fi
Related
I am currently trying to use ALTool to upload my application IPA to App Store Connect as part of a build script.
These are the commands I am using:
xcrun altool --validate-app -f my-ipa-file.ipa -t ios --apiKey "MYAPIKEY" --apiIssuer "MYISSUERID"
xcrun altool --upload-app -f my-ipa-file.ipa -t ios --apiKey "MYAPIKEY" --apiIssuer "MYISSUERID"
My private key (p8) is located at
./private_keys/AuthKey_MYAPIKEY.p8
According to the altool --help command the tool will look in the following directories (in order) for a p8 file named AuthKey_<apikey>.p8:
./private_keys
~/private_keys
~/.private_keys
~/.appstoreconnect/private_keys
Considering the p8 file is in the first folder of that list, this should work.
And for the --validate-app call, it does actually work. The calls to App Store Connect are made, the app validates and if there are any errors from App Store Connect they return as expected.
However, for some reason the --upload-app command always returns with the same error:
2020-09-01 14:24:40.934 altool[28265:119010] * Error: Error uploading 'my-ipa-file.ipa'.
2020-09-01 14:24:40.934 altool[28265:119010] * Error: code -18000 (Could not locate the private key file: AuthKey_MYAPIKEY.p8)
For some reason it seems --upload-app doesn't properly load the p8 file in ./private_keys/ while --validate-app does.
Placing the p8 file in one of the other 3 folders (~/private_keys etc.) does work for both validate and upload as a temporary workaround. But I prefer to use ./private_keys due to how my build scripts injects files into the build process.
Is this a bug in altool or is there something I'm missing?
In GitHub actions I just put the api key into $RUNNER_TEMP. And then when running the xcrun altool I am doing it like so:
API_PRIVATE_KEYS_DIR=$RUNNER_TEMP xcrun altool
This is probably a bug.
When uploading an app, altool seems to invoke iTMSTransporter under the hood to do the actual uploading.
The latter changes current directory before running, so when it looks for ./private_keys/AuthKey_MYAPIKEY.p8 in current directory, it checks the wrong location.
See cd in /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/itms/bin/iTMSTransporter.
I guess altool doesn't invoke iTMSTransporter when validating apps.
I was facing code singing issue while generating IPA using fastlane or xcodebuild command that was showing log like
log
From xcode I keep getting prompted to unlock "Local Items" keychain on my Mac, how do I fix that?
I tried to lock and unlock key-store but that not worked
I tried to unlock keychain using below command also
security unlock-keychain ~/Library/Keychains/login.keychain
90% will work.In my case that not worked
I tried to Delete keychain 'login
That worked for me there might be some issue with my keychain access password
Follow these steps to prevent prompts to unlock the Local Items keychain.
In Finder Select Go > Go to folder (⇧⌘G)
In the window that appears, type the following:
~/Library/Keychains/
Click OK.
Look for a folder with a name similar to this "A8F5E7B8-CEC1-4479-A7DF-F23CB076C8B8". Note: Each folder has a unique number.
Move this folder to the Trash.
Empty Trash.
Immediately choose Apple Menu () > Restart… to restart your Mac.
After restarting the computer, a new folder is created in the Keychains folder with a name similar to "4B29A0BB-599D-47FC-A2D1-42B5592B130B". This corrects the issue.
For more info: https://help.queens.edu/hc/en-us/articles/205937040-How-to-Resolve-Mac-OS-X-Keychain-Problems
I am currently releasing an update for an app and i can successfully debug the project. Now when i try to archive for publishing to create the .ipa file I recieve the following error:
I have tried to delete the obj + bin folders in my iOS folder and then clean/rebuild + try again but the error still remains.
Has anyone come across this problem before? The errormessage isn't giving me much information to work with.
try to delete your current certificate in keychain and add it again.
I also faced to this same exact problem when I'm going to debug the xamarin.iOS app using Visual Studio 2015. To solve this issue, steps are as below,
Open Terminal in your Mac and type this command:
security set-key-partition-list -S apple-tool:,apple:,codesign: -s /Users /YOUR_USERNAME/Library/Keychains/login.keychain-db
Then it will prompt for your Keychain access password.
(If it repeatedly promopt that your keychain access password is incorrect, go to "Keychain Access", select and deselect the lock. Then enter your password when asked for it.
Re-enter the above command in the Terminal. Give the password.
Clean and build your project and Run it.
Now it will work definetly.
I've configured Entitlements in Xcode, but they don't get put in the compiled app bundle. Do I have to do some additional steps?
I'm writing an OS X "Developer ID"-signed application (not for the AppStore), and to be able to implement an Extension that shares preferences with the parent app I need to put them in the same App Group.
I've configured App Groups in Xcode, and I see them in $Extension.entitlements and $ParentApp.entitlements plist.
However, in the built product $Extension.app/Contents/_CodeSignature/CodeEntitlements resembles a default entitlements file without the group I've configured, and in the parent app this file doesn't exist at all.
I've even tried signing the app again with an explicit entitlements file:
codesign --force --entitlements $ParentApp.entitlements -s "Developer ID" \
Build/Products/Debug/$ParentApp.app
but again, it doesn't get added to $ParentApp.app/Contents/_CodeSignature/CodeEntitlements.
At run time the parent app and the extension don't appear to be in the same app group: they write their preferences ([NSUserDefaults…initWithSuiteName:teamIdEtc]) to their own subdirectories in ~/Library/Containers rather than a shared dir in ~/Library/Group Containers.
Magically, it started to work after:
I've replaced $(TeamIdentifierPrefix) with actual identifier
Deleted DerivedData folders everywhere and rebuilt everything
Since recently Apple changed the iTunes Connect interface, and people are required to upload apps with the Application Loader.
That's nice but I need a script for automating my work.
How can an app like App Loader be automated?
I was thinking of something written in AppleScript ... but I don't know what actions it exposes (if any). Found somewhere that I could also do GUI scripting from within AppleScript, but I can't find docs on that.
What I need ... some way to trigger input actions (mouse clicks / keyboard input) and read the text from the various controls displayed.
If that would be possible in Python/Ruby it would be great, but AppleScript is fine.
OS X is version 10.6.4.
Any suggestions are appreciated.
Thanks,
Application Loader documentation mentions an altool which can be used for this purpose. (https://itunesconnect.apple.com/docs/UsingApplicationLoader.pdf)
The relevant information:
You can use altool, Application Loader’s command-line tool for
validating and uploading your application binary files to the App
Store.
To validate your build before upload or to automate uploads of valid
builds to the App Store, you can include altool in your continuous
integration systems. altool is located in the Application
Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Versions/A/Support/
folder. (So full path would be
/Applications/Xcode.app/Contents/Applications/Application\
Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/altool)
To run altool, specify one of the following at the command-line:
$ altool --validate-app -f file -u username [-p password]
[--output-format xml]
$ altool --upload-app -f file -u username [-p
password] [--output-format xml]
Where:
--validate-app Specifies you want to validate the specified application.
--upload-app Specifies you want to upload the specified application.
-f file Specifies the path and filename for the application you are validating or uploading.
-u username Specifies your username (Apple ID).
-p password Specifies your user password.
--output-format [xml | normal] Specifies that you want Application Loader to return output in structured XML format or unstructured text
format. By default, Application Loader returns output information in text format.
In order to see what Applescript commands any application supports, then you need to look at the Dictionary for the application. From my answer to a similar question posted just the other day:
To get to an application's Dictionary in the the Applescript Editor go to File > Open Dictionary.... A list of all the applications that the OS knows supports Applescript will appear, but the OS won't catch them all so you can use the Browse button. If an application doesn't support Applescript, then it won't be selectable in the dialog window.
The caveat to this is that there are certain commands that an application is supposed to support but don't, or an application may only support the minimum requirements. These are all very, very simple like open, quit, etc. Your mileage may vary.
Information to start with GUI scripting can be found on the OS X Automation site. GUI Scripting is a funky way to go, and I don't think you can get the values of onscreen controls, instead only set them. You should only do this if no other avenue works.
If you wish to stick with Python, then you can look at the py-appscript project, but this is still dependent on Applescript support of the application.
You can use any of these commands either one by one or all in one bash script to actually automate your Archive, Extract and Upload process to the AppStore Connect.
ARCHIVE
xcodebuild -workspace "${APP_NAME}.xcworkspace" -scheme "${APP_NAME}" clean archive -configuration release -sdk iphoneos -archivePath ".build/${TEMP_BUILD}.xcarchive"
EXPORT TO IPA
xcodebuild -exportArchive -archivePath ".build/${TEMP_BUILD}.xcarchive" -exportOptionsPlist "ExportOptions.plist" -exportPath ".build/${TEMP_BUILD}.ipa"
UPLOAD IPA TO TESTFLIGHT
altool --upload-app -f ".build/${TEMP_BUILD}.ipa/${APP_NAME}.ipa" -u $APP_STORE_USERNAME -p $APP_STORE_PASSWORD
1) If you don't know what should be your ExportOptions.plist file just
take a look here.
2) To use altool from anywhere in the terminal you could add it to your
PATH env variable by typing in terminal:
MacBook-Pro:~ denis$ export PATH=$PATH:/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/
MacBook-Pro:~ denis$ source ~/.bash_profile