Reputation: 253
Entilements not matching provisioning
Lately I've been having issues deploying my applications in-house (enterprise developer program) with reports that some entitlement values were not the ones specified in the provisioning profile. I started looking into the issue, and found that, of course, the values weren't a match:
Contents of the .mobileprovision file:
(as extracted by running security cms -D -i <mobileprovision file>)
<key>application-identifier</key>
<string>M7X5D8MA6U.some.masked.Identifier</string>
<key>com.apple.developer.ubiquity-container-identifiers</key>
<array>
<string>KNHHJPPHR7.*</string>
</array>
<key>com.apple.developer.ubiquity-kvstore-identifier</key>
<string>KNHHJPPHR7.*</string>
<key>get-task-allow</key>
<false/>
<key>keychain-access-groups</key>
<array>
<string>M7X5D8MA6U.*</string>
</array>
And the entitlements are (as extracted running: codesign -d --entitlements - <app bundle>)
<key>application-identifier</key>
<string>5R678HMG35.some.masked.Identifier</string>
<key>get-task-allow</key>
<false/>
<key>keychain-access-groups</key>
<array>
<string>5R678HMG35.some.masked.Identifier</string>
</array>
I'm not specifying any entitlements file in my project, and the mobileprovision file was downloaded fresh from the Portal.
Should I create an Entitlements.plist with those values just to make the installer happy or is there a less hackish way of solving this? And more importantly, why is this happening only with some builds of my app? (Some other builds are fine)
Any other tips on how to solve and/or avoid this problem?
I have already tried the usual suspects: deleting all profiles, recreating profiles, re-downloading the certificate, etc...
Thanks!
Upvotes: 4
Views: 3047
Answers (3)
Reputation: 36072
This can happen if, while doing a Release build, Xcode decides to use a wildcard provisioning profile.
Even though you go on to choose the correct provisioning profile in Xcode Organizer, when you hit the Distribute… button Xcode invokes xcrun PackageApplication which embeds the provisioning profile in your app and then resigns it. It also very carefully copies the original incorrect entitlements, like App ID Prefix, APN entitlement, gleaned from the wrong provisioning profile, into your new IPA. This will likely fail to install.
I'm not sure why it does this, maybe because not all entitlements come from provisioning profiles.
Upvotes: 0
Reputation: 253
What I noted was that I wasn't using a development provisioning profile for that specific app, I was using the team profile generated by Xcode. I took a shot at creating the development profile, and then it fixed itself.
Upvotes: 1
Reputation: 2295
Make sure, if you're not using iCloud, that your Provisioning Profile on the Apple Developer Page doesn't have iCloud enabled.
If so, disable iCloud and download the new generated profile and try again.
Had a pretty similar problem a few weeks back.
Upvotes: 0
Related Questions
- Entitlements don't match Provisioning Profile (0xE8008016)
- Entitlements in your app bundle signature do not match the ones that are contained in your provisioning profile
- Entitlements file do not match those specified in your provisioning profile.(0xE8008016)
- In-house provisioning not working
- iOS deployment fails with invalid entitlements - but entitlements are valid?
- iOS Provisioning Profile (InHouse) Enterprise
- Entitlements Do Not Match: Provisioning Profile Issue
- Entitlement has value not permitted by a provisioning profile error
- "Entitlement has value not permitted by a provisioning profile", but it does not
- Trying to Create an Enterprise Provisioning Profile--Distribution Tab is Missing