Reputation: 2466
KeyChain integration causing crash with "missing entitlement" error -- via command line builds
I'm having a problem with some KeyChain code causing archives created via xcodebuild to crash when distributed as ad-hoc apps and run on a device. The problem does not affect builds created via Xcode -- only those created via command line.
The code that is throwing the error: (I'm using a KeyChain library found here)
KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:@"myapp" accessGroup:nil];
NSString *testKeychain = (NSString *)[keychain objectForKey:(__bridge id) kSecAttrAccount];
if (testKeychain.length) {
NSLog(@"KeyChain value for kSecAttrAccount: %@", testKeychain);
} else {
NSLog(@"No KeyChain value for kSecAttrAccount");
}
[keychain setObject:@"Shared KeyChain value!" forKey:(__bridge id) kSecAttrAccount]; // <-- error thrown here
The "missing entitlement" error(s)
2012-06-15 10:03:20 AM +0000 securityd MyApp [138] SecItemCopyMatching: missing entitlement
2012-06-15 10:03:20 AM +0000 MyApp No KeyChain value for kSecAttrAccount
2012-06-15 10:03:20 AM +0000 securityd MyApp [138] SecItemCopyMatching: missing entitlement
2012-06-15 10:03:20 AM +0000 securityd MyApp [138] SecItemAdd: missing entitlement
2012-06-15 10:03:20 AM +0000 MyApp *** Assertion failure in -[KeychainItemWrapper writeToKeychain], /Users/davidbjames/XCode/.../KeychainItemWrapper.m:305
Entitlement file:
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
</array>
The xcodebuild output appears to be handling the entitlement file:
setenv CODE_SIGN_ENTITLEMENTS MyApp/MyApp.entitlements
..
ProcessProductPackaging MyApp/MyApp.entitlements /etc/etc/build/MyApp.xcent
..
builtin-productPackagingUtility /etc/etc/MyApp.entitlements -entitlements -format xml -o /etc/etc/MyApp.xcent
The code functions without error in Simulator, on a debug device and as an ad-hoc distribution. The only issue occurs via command line builds. What am I missing?
Upvotes: 2
Views: 6489
Answers (3)
Reputation: 5671
After long work, i've found a solution to this issue and modified the floatsign.sh script (https://gist.github.com/mediabounds/1367348) accordingly - the entitlements have to be update like @sglist said. You can find the implementation here: https://gist.github.com/Weptun/5406993
Upvotes: 2
Reputation: 524
This error indicates a problem with your app's entitlements. In my experience, the cause is often that the App Identifier Prefix in the app's entitlements doesn't match the App Identifier Prefix in the provisioning profile.
To verify, use the codesign tool to view your app's entitlements:
codesign -d --entitlements - MyApp.app/
Then, compare the App Identifier Prefix to that in the provisioning profile:
cat MyApp.app/embedded.mobileprovision
Upvotes: 1
Reputation: 10633
I think this line is wrong:
[[KeychainItemWrapper alloc] initWithIdentifier:@"myapp" accessGroup:nil]
You will want to pass your access group name in there. It may or may not fix your problem, these things are a bit "sensitive".
Upvotes: 0
Related Questions
- Getting 'unable to build chain to self-signed root for signer "".' when installing into physical device
- Xcode Code Sign error because of no Keys in Keychain
- Profile doesn't match the entitlements file's values for the application-identifier and keychain-access-groups entitlements
- iOS - Keychain - The executable was signed with invalid entitlements
- Keychain SecOSStatusWith error:[-34018]
- Keychain services broken by code signing
- "No unexpired provisioning profiles found that contain any of the keychain's signing certificates" Horror
- Could not export identity from the keychain
- Cannot import certificate into keychain
- Keychain : SecItemAdd: missing entitlement (release build)