IPhone: Code Signing adds Entitlements.plist instead of provisioning

Similar Messages

• [iPhone] Code Signing Entitlements doesnt appear in settings

  Hello.
  I have been successfully using the nightmarish system of provisioning on 3 apps now, but have run into a problem with ad hoc.
  I created entitlements.plist and all that, but when I go into the target build settings, there isn't an entry called "Code Signing Entitlements" ANYWHERE.
  Is this still the method to do ad-hoc, or has it changed in 2.2.1?
  Also, should the ad-hoc mobileprovision file downloaded from the program portal be a regular XML file? Each of the ones that I downloaded are NOT. They contain a bunch of binary-looking data.

  SOLVED.
  Inside the Target Build Settings->Architecture, Make sure your *Base SDK* is set to Device and not Simulator.

• Code Signing Certificate Options

  Hi Guys,
  Have just finished and Air application and need to sign it before distribution.  Anyone got any good advice on the pros and cons of the various Code Signing options for Adobe Air out there?
  Richard

  I have just created a self-signed code-signing certificate, I used XCA to generate it which is a front-end for openssl. Obviously being generated from a self-signed rootCA it is not going to be trusted by the outside world but it is good enough for an internal Profile Manager setup since the enrollment process will automatically trust your own self-signed rootCA.
  Anyway, when trying to install it I did come across a gotcha which might help you and others here. I found that if I imported the certificate in to Keychain Access e.g. by double-clicking on it, then Server.app did not list it as an available certificate for Profile Manager code-signing. However if instead I used the option in Server.app under Profile Manager to import the code-signing certificate it was accepted.
  In theory importing via Keychain Access should work as well but it did not, so if you have been doing it that way try importing via Server.app instead.
  If you have already imported it via Keychain Access just delete it from your Keychain and try again.
  With regards to the suggestion from ajm_from_WA for buying one from www.ssls.com I could not find any code-signing certificates listed on their website. These are different to ordinary website certificates.

• DYLD_INSERT_LIBRARIES doesn't work for app signed with entitlement in ML

  Hi
  I notice that DYLD_INSERT_LIBRARIES no longer works in Mountion Lion if the application is codesigned with entitlement.
  For example:
  DYLD_INSERT_LIBRARIES=./mylib.dylib /Applications/Safari.app/Contents/MacOS/Safari
    dyld: DYLD_ environment variables being ignored because main executeable is code signed wit entitlements.
  I know this is probably a new security feature added to Mountion Lion.
  Anyone knows if there is an alternative way to do similar thing on Mountain Lion?
  Thanks!

  Up.......
  P/S: With @msn mail: I removed an email in Mac Mail but this email in server isn't removed!
  Anyone help?

• Code-signing Certificate Provider for Mavericks Server?

  Our Digicert Code Signing Certificate [which worked fine in Mountain Lion Server but doesn't work in Mavericks Server no matter what I try] is about to expire, and I'm wondering if anyone could recommend a vendor whose code-signing certificates definitely work with Mavericks Server?

  I have just created a self-signed code-signing certificate, I used XCA to generate it which is a front-end for openssl. Obviously being generated from a self-signed rootCA it is not going to be trusted by the outside world but it is good enough for an internal Profile Manager setup since the enrollment process will automatically trust your own self-signed rootCA.
  Anyway, when trying to install it I did come across a gotcha which might help you and others here. I found that if I imported the certificate in to Keychain Access e.g. by double-clicking on it, then Server.app did not list it as an available certificate for Profile Manager code-signing. However if instead I used the option in Server.app under Profile Manager to import the code-signing certificate it was accepted.
  In theory importing via Keychain Access should work as well but it did not, so if you have been doing it that way try importing via Server.app instead.
  If you have already imported it via Keychain Access just delete it from your Keychain and try again.
  With regards to the suggestion from ajm_from_WA for buying one from www.ssls.com I could not find any code-signing certificates listed on their website. These are different to ordinary website certificates.

• ERROR ITMS-9000: Missing Code Signing Entitlements when adding app to Apple App Store

  My client is getting the following error when sending my app (compiled in Flash Pro CC 2014 with AIR SDK 15.0.0.356) to the Apple app store:
  ERROR ITMS-9000: "Missing Code Signing Entitlements. No entitlements found in bundle
  'com.xxxxxx.xx.xxx' for excutable 'payload/xxxxx.app./xxxx'.""
  He is saying that I need to send them the entitlements file.
  I can't find out any information about this with regards to Adobe Air compiled iOS apps, apart from this old post:
  Adding iOS entitlements to AIR apps
  which states that 'the packager configures the entitlements file '
  Can anyone explain what might be missing here?
  Thanks,
  Alan.

  It looks as if this problem is solved by doing step 2 from here:
  http://dev.mlsdigital.net/posts/how-to-resign-an-ios-app-from-external-developers/
  It basically states that the client needs to produce the entitlements file and lists the following that the client will provide themselves:
  A “Mobile Provisioning Profile”
  An “Entitlements.plist”
  An “iOS Distribution Certificate”
  iReSign OS X app (or you could use command line)
  Hope this helps someone. We've run into quite a few problems trying to get the Flash Air compiled App to both enterprise and Apple Store as it can't come from us (the developers) it has to be signed and delivered from the client.

• Running code on iPhone: Can't select Code Signing Provisioning Profile

  I've gone through all the steps to create certificates, app id's, provisions profiles etc.
  But in Xcode, when I want to select the Code Signing Provisioning Profile in Info->Build, the only options available is 'Default Provisioning Profile for Code Signing'.
  The profile has been added to my iPhone with Organizer and on the iPhone itself (under General->Profile), it's also listed correctly.
  I feel like I'm close to the finish, but stuck right in front of it.
  I'm using the latest versions of iTunes, Xcode, iPhone 2.0 etc.
  Any ideas?
  Thanks,
  Tom

  Here are a few things that I did that were suggested in older threads. They may not be necessary, but they don't hurt either:
  * Certificates: you need two them. One is your personal one that you [download]. The other one is the WWDR Intermediate Certificate. When I open 'Keychain Access' and click on 'Certificates', it should show those to. Your personal one should be called 'iPhone Developer: FirstName LastName'. (I assume this is ok for you, but others may find this useful.)
  * App Id: different people have pointed out that you should make your App Id precise, but with not more than 3 levels. The docs suggest using '*' as only path during development, but the docs may be out of date on this one. So in my case, I have ID: ABCFDEF123.com.mycompany.appname. That's it. I've noticed that you'll only be able to have exactly 1 application on your device at the same time with this ID, but that's ok for now.
  * Create your provisioning profile with all this.
  I've then done this:
  - quit Xcode
  - delete all profiles out for ~/Library/MobileDevice/Provisioning Profiles
  - copy the new one in this directory. I didn't do drag and drop because some threads indicated that this doesn't always work.
  - remove previous profile from device (iPhone->Settings->General->Profiles->Delete)
  - start up Xcode
  - Start up Organizer
  The new profile should now be visible in Organizer and be downloaded to your iPhone.
  In the Info.plist, set the Bundle Identifier to com.mycompany.myapp.
  In Build options:
  Code Signing Identity -> 'iPhone Developer: FirstName LastName'
  And now suddenly the new profile did show up.
  After that it just worked.
  Now some have also indicated that even if the profile doesn't show up, you can still get it to work by forcing it in (just double-click on "Code Signing Provisioning Profile" or somewhere in that neighborhood) and fill in the name. I can't confirm if that solves it because when I did so, my certificates were still incorrect...
  Good luck!

• Invalid  Code Signing Entitlements "inter-app-audio"

  I uploaded my binary file to the iTunes Connect portal an recived this mesage:
  "Invalid  Code Signing Entitlements - Your application bundle's signature  contains code signing entitlements that are not supported. Please check  your Xcode project's code signing entitlements configuration, and remove  any unneeded entitlements.
  Specifically, key "inter-app-audio" is not supported.
  Once  these issues have been corrected, go to the Version Details page and  click "Ready to Upload Binary." Continue through the submission process  until the app status is "Waiting for Upload." You can then deliver the  corrected binary."
  Does anyone now how to solve this problem?

  Hi,
  did you solve your problem yet??
  I got almost the same error response from application loader.
  However, that series entitlement values was not set by us,
  and I have no idea where is that values come from.
  Does anyone know how to solve this??

• While upgrading to IOS 5 on my iphone 4 the " " add sign doesn't appear on my contacts ?????

  While upgrading on my iphone 4 to IOS 5 , the "+" sign Add doesn't appear on my contacts ???
  I got an error ( 1635) but i don't know if this got somethingto do with my problem, though
  thx for someone who could help me

  Place the iPhone into recovery mode and restore the iPhone with iTunes on your computer.
  http://support.apple.com/kb/HT1808

• Solution to ERROR ITMS-9000: "Invalid Code Signing."

  I am using FlexSDK 4.13 and AIR SDK 15.0.302. I installed the FlexSDK and AIR SDK with the Apache Flex installation binary on a Windows Vista 64-bit machine.
  I can build and run an ad-hoc version of my iOS app on an iPhone 4 (iOS 8.0.2) and iPad 2 (iOS 8.1). When I build a release version for the iTunes App Store, and submit it with the Xcode Application Loader. I get the error.
  ERROR ITMS-9000: "Invalid Code Signing. The executable, Payload/YourApp.app/YourApp, must be signed with the certificate that is contained in the provisioning profile."
  I'm using a Mac to submit my app. It is running OS X 10.10 Yosemite and Xcode version 6.1. The Application Loader is version 3.0.
  I suspect that the adt command no longer creates a payload with the correct entitlements. This post illustrates how I resigned my app so that the iTunes App Store would accept it.
  First, I copied my IPA file to my iMac. Then I changed directories to the location of my IPA file.
  Open a text editor and create a file with the name, entitlements.plist.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>application-identifier</key>
  <string>XAXAXAXAXA.com.yourapp.yourappmobile</string>
  <key>get-task-allow</key>
  <false/>
  <key>keychain-access-groups</key>
  <array>
  <string>XAXAXAXAXA.com.yourapp.yourappmobile</string>
  </array>
  </dict>
  </plist>
  Save this file.
  Start a terminal session. Then type in the following commands.
  unzip YourApp-app-store.ipa
  cp ~/Downloads/YourApp.mobileprovision Payload/YourApp.app/embedded.mobileprovision
  codesign -f -s "iPhone Distribution: YOUR COMPANY NAME (XAXAXAXAXA)" --entitlements Payload/YourApp.app/entitlements.plist Payload/YourApp.app
  zip -qry YourApp-resigned.ipa Payload/
  Note that codesign uses the full key name of your code signing certificate.
  Now you can submit YourApp-resigned.ipa to the iTunes App Store.
  I've seen some people have success with the iReSign App, which you can find at the following URL. I prefer the command line.
  https://github.com/maciekish/iReSign

  but APP Builder ask me two time the mobileproviosn... one in the last step to build the app and than to sign it to download! i put the same mobileprovision file but it generate the error!!
  I read the DPS guide step by step and it write:
  “The distribuition mobile provisioning file information will be entered automatically for you”
  but is not true.... where i can found that file?? i don't understand sorry..
  Thanks a lot
  Tkart

• ADF Mobile: Code Signing Error Workaround

  Hi, everyone:
  If you are doing ADF Mobile development, and you need to deploy the application to an iOS device, you would need to compile/deploy the app with iOS App Certificates and Provisioning Profile. This means you would need to "Deploy to Package" or "Deploy to iTunes" during deployment, and configure JDeveloper with the proper certificates/profiles. In some instances (exact combination is still not clear), deploy and signing the application to generate the ipa file may fail with similar error message at the end of the deployment log:
  [01:04:45 PM] Deployment failed due to one or more errors returned by '/usr/bin/xcrun'. The following is a summary of the returned error(s): Command-line execution failed (Return code: 1) error: /usr/bin/codesign force preserve-metadata=identifier,entitlements,resource-rules sign iPhone Distribution: Oracle Corporation resource-rules=/var/folders/x7/21sjrpx13qj9tq20z14s3j_w0000gn/T/tkROhP11qU/Payload/HelloWorld.app/ResourceRules.plist --entitlements /var/folders/x7/21sjrpx13qj9tq20z14s3j_w0000gn/T/tkROhP11qU/entitlements_plistEINPBkIG /var/folders/x7/21sjrpx13qj9tq20z14s3j_w0000gn/T/tkROhP11qU/Payload/HelloWorld.app failed with error 1. Output: /var/folders/x7/21sjrpx13qj9tq20z14s3j_w0000gn/T/tkROhP11qU/Payload/HelloWorld.app: replacing existing signature Program /usr/bin/codesign returned 1 : [/var/folders/x7/21sjrpx13qj9tq20z14s3j_w0000gn/T/tkROhP11qU/Payload/HelloWorld.app: replacing existing signature 
  This issue is a known issue and is not related to ADF Mobile. The workaround is discussed in this article:
  http://stackoverflow.com/questions/7425840/that-codesign-returned-1-object-ifile-format-invalid-or-unsuitable-problem-aga
  This article refers to the old location of Xcode, so you would need to adjust the paths accordingly. The path for Xcode 4.3 and above would be like:
  /Applications/Xcode.app/Contents//Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/PackageApplication to this script file.
  To modify it, you probably can’t use TextEdit. I end up opening a terminal session, changed the file permission, and used vi to update it.
  This fixed the issue I was having.
  Hope this is helpful - please drop a reply if you encountered the same issue.
  Thanks,
  Joe Huang

  I ran the entire code and the output is:
  [02:40:18 PM] Updating iOS profile dependencies with FAR profiles created from application projects...
  [02:40:18 PM] ---- Deployment started. ----
  [02:40:18 PM] Target platform is (iOS).
  [02:40:18 PM] Beginning deployment of ADF Mobile application 'Application1' to iOS using profile 'IOS_MOBILE_Application1'.
  [02:40:18 PM] Command-line executed: [Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/usr/bin/xcodebuild, -version]
  [02:40:18 PM] Command-line execution succeeded.
  [02:40:18 PM] Running dependency analysis...
  [02:40:18 PM] Building...
  [02:40:18 PM] Deploying 3 profiles...
  [02:40:18 PM] Wrote Archive Module to /java/development/JDev11gBuild6276.1Sandpit/Application1/ApplicationController/deploy/ApplicationController.jar
  [02:40:18 PM] WARNING: No Resource Catalog enabled ADF components found to package
  [02:40:18 PM] Wrote Archive Module to /java/development/JDev11gBuild6276.1Sandpit/Application1/ViewController/deploy/ViewController.jar
  [02:40:18 PM] Verifying Application Controller project exists...
  [02:40:18 PM] Verifying application dependencies...
  [02:40:18 PM] Validating application XML files...
  [02:40:18 PM] Validating XML files in project ApplicationController...
  [02:40:18 PM] Validating XML files in project ViewController...
  [02:40:18 PM] Copying common javascript files...
  [02:40:21 PM] Copying FARs to the ADF Mobile Framework application...
  [02:40:21 PM] Copying FAR from source: ViewController...
  [02:40:21 PM] Copying FAR from source: ApplicationController...
  [02:40:21 PM] Deploying skinning files...
  [02:40:21 PM] Copying the CVM SDK files built for the ARM processor...
  [02:40:21 PM] Copying the CVM JDK files built for the ARM processor...
  [02:40:21 PM] Command-line executed: [cp, -R, -p, /java/jdeveloper/JDev11gBuild6276.1/jdeveloper/jdev/extensions/oracle.adf.mobile/iOS/jvmti/arm/, /java/development/JDev11gBuild6276.1Sandpit/Application1/deploy/IOS_MOBILE_Application1/temporary_xcode_project/lib]
  [02:40:21 PM] Command-line execution succeeded.
  [02:40:21 PM] Command-line executed: [cp, -R, -p, /java/jdeveloper/JDev11gBuild6276.1/jdeveloper/jdev/extensions/oracle.adf.mobile/iOS/jvmti/jar/, /java/development/JDev11gBuild6276.1Sandpit/Application1/deploy/IOS_MOBILE_Application1/temporary_xcode_project/lib]
  [02:40:21 PM] Command-line execution succeeded.
  [02:40:21 PM] Copying security related files to the ADF Mobile Framework application...
  [02:40:22 PM] Command-line executed from path: /java/development/JDev11gBuild6276.1Sandpit/Application1/deploy/IOS_MOBILE_Application1/temporary_xcode_project/
  [02:40:22 PM] Command-line executed: /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/usr/bin/xcodebuild clean install -configuration Debug -sdk iphoneos DSTROOT=/java/development/JDev11gBuild6276.1Sandpit/Application1/deploy/IOS_MOBILE_Application1/Destination_Root/ ARCHS=armv7 VALID_ARCHS=armv7 ONLY_ACTIVE_ARCHS=NO CODE_SIGN_IDENTITY=iPhone Developer: Eddie V Phan (QV69QS58FK) IPHONEOS_DEPLOYMENT_TARGET=5.0 TARGETED_DEVICE_FAMILY=1,2 PRODUCT_NAME=Application1 ADD_SETTINGS_BUNDLE=NO
  [02:40:30 PM] ld: warning: PIE disabled. Absolute addressing (perhaps -mdynamic-no-pic) not allowed in code signed PIE, but used in CVMmemoryBarrier from Frameworks/OracleCVM.sdk/libcvmadf_arm_debug.a(atomic_arm.o). To fix this warning, don't compile with -mdynamic-no-pic or link with -Wl,-no_pie
  [02:40:30 PM] Command-line execution succeeded.
  [02:40:30 PM] Command-line executed from path: /java/development/JDev11gBuild6276.1Sandpit/Application1/deploy/IOS_MOBILE_Application1/Destination_Root/Oracle_ADFmc_Container_Application/device/
  [02:40:30 PM] Command-line executed: /usr/bin/xcrun -sdk iphoneos PackageApplication -v /java/development/JDev11gBuild6276.1Sandpit/Application1/deploy/IOS_MOBILE_Application1/Destination_Root/Applications/Application1.app -o /java/development/JDev11gBuild6276.1Sandpit/Application1/deploy/IOS_MOBILE_Application1/Destination_Root/Oracle_ADFmc_Container_Application/device/Application1.ipa sign iPhone Developer: Eddie V Phan (QV69QS58FK) embed /developement/iOS_Provisioning_Profile/devTest.mobileprovision
  [02:40:31 PM] error: /usr/bin/codesign force preserve-metadata=identifier,entitlements,resource-rules sign iPhone Developer: Eddie V Phan (QV69QS58FK) resource-rules=/var/folders/zm/pnmpplxs2rb7_n29ltfkvpzc0000gn/T/YPzy7_Hf6L/Payload/Application1.app/ResourceRules.plist /var/folders/zm/pnmpplxs2rb7_n29ltfkvpzc0000gn/T/YPzy7_Hf6L/Payload/Application1.app failed with error 1. Output: /var/folders/zm/pnmpplxs2rb7_n29ltfkvpzc0000gn/T/YPzy7_Hf6L/Payload/Application1.app: replacing existing signature
  [02:40:31 PM] Program /usr/bin/codesign returned 1 : [/var/folders/zm/pnmpplxs2rb7_n29ltfkvpzc0000gn/T/YPzy7_Hf6L/Payload/Application1.app: replacing existing signature
  [02:40:31 PM] Command-line execution failed (Return code: 1)
  [02:40:31 PM] Deployment cancelled.
  [02:40:31 PM] ---- Deployment incomplete ----.
  [02:40:31 PM] Failed to package the XCode application.
  [02:40:31 PM] Failed to build the iOS application bundle.
  [02:40:31 PM] Deployment failed due to one or more errors returned by '/usr/bin/xcrun'. The following is a summary of the returned error(s):
  Command-line execution failed (Return code: 1)
  error: /usr/bin/codesign force preserve-metadata=identifier,entitlements,resource-rules sign iPhone Developer: Eddie V Phan (QV69QS58FK) resource-rules=/var/folders/zm/pnmpplxs2rb7_n29ltfkvpzc0000gn/T/YPzy7_Hf6L/Payload/Application1.app/ResourceRules.plist /var/folders/zm/pnmpplxs2rb7_n29ltfkvpzc0000gn/T/YPzy7_Hf6L/Payload/Application1.app failed with error 1. Output: /var/folders/zm/pnmpplxs2rb7_n29ltfkvpzc0000gn/T/YPzy7_Hf6L/Payload/Application1.app: replacing existing signature
  Program /usr/bin/codesign returned 1 : [/var/folders/zm/pnmpplxs2rb7_n29ltfkvpzc0000gn/T/YPzy7_Hf6L/Payload/Application1.app: replacing existing signature
  What do you mean by "the "-sign" parameter values look dubious (besides your name :-P), how can it interpret those spaces?"
  The sign parameter that i'm using is from the KeyChain app, so i'm assuming in the preferences where it asks for the Certificate, that its asking for the certificate name in KeyChain? When trying to escape the spaces in the Preferences menu, it complains that the certificate names do not match.. Or am i meant to be using another parameter here..?
  [02:34:07 PM] Command-line executed from path: /java/development/JDev11gBuild6276.1Sandpit/Application1/deploy/IOS_MOBILE_Application1/temporary_xcode_project/
  [02:34:07 PM] Command-line executed: /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/usr/bin/xcodebuild clean install -configuration Debug -sdk iphoneos DSTROOT=/java/development/JDev11gBuild6276.1Sandpit/Application1/deploy/IOS_MOBILE_Application1/Destination_Root/ ARCHS=armv7 VALID_ARCHS=armv7 ONLY_ACTIVE_ARCHS=NO CODE_SIGN_IDENTITY=iPhone\ Developer:\ Eddie\ V\ Phan\ \(QV69QS58FK\) IPHONEOS_DEPLOYMENT_TARGET=5.0 TARGETED_DEVICE_FAMILY=1,2 PRODUCT_NAME=Application1 ADD_SETTINGS_BUNDLE=NO
  [02:34:09 PM] [BEROR]Code Sign error: The identity 'iPhone\ Developer:\ Eddie\ V\ Phan\ \(QV69QS58FK\)' doesn't match any valid, non-expired certificate/private key pair in your keychains
  [02:34:09 PM] Code Sign error: The identity 'iPhone\ Developer:\ Eddie\ V\ Phan\ \(QV69QS58FK\)' doesn't match any valid, non-expired certificate/private key pair in your keychains
  [02:34:09 PM] Command-line execution failed (Return code: 65)
  [02:34:09 PM] Deployment cancelled.
  [02:34:09 PM] ---- Deployment incomplete ----.
  [02:34:09 PM] Failed to build the iOS application bundle.
  [02:34:09 PM] Deployment failed due to one or more errors returned by '/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/usr/bin/xcodebuild'. The following is a summary of the returned error(s):
  Command-line execution failed (Return code: 65)
  [BEROR]Code Sign error: The identity 'iPhone\ Developer:\ Eddie\ V\ Phan\ \(QV69QS58FK\)' doesn't match any valid, non-expired certificate/private key pair in your keychains
  Code Sign error: The identity 'iPhone\ Developer:\ Eddie\ V\ Phan\ \(QV69QS58FK\)' doesn't match any valid, non-expired certificate/private key pair in your keychains

• Question about Entitlements.plist for ad hoc distribution

  I still haven't gotten ad hoc distribution to work, and I don't know the difference or importance of doing an ad hoc distribution with an ad hoc distribution profile vs just providing a development distribution to the device with a development provisioning profile, but....
  In the instructions for the ad hoc distribution build there is one more set of tasks you have to do that you don't seem to have to do for any of the other kinds of builds:
  * Open the project, and select File -> New File -> iPhone OS -> Code Signing -> Entitlements.
  * Name the file “Entitlements.plist". and click ‘Finish’. This creates a copy of the default entitlements file within the project
  * Select the new Entitlments.plist file and uncheck the “get-task-allow” property. Save the Entitlements.plist file.
  * Select the Target, and open the Build settings inspector. In the ‘Code Signing Entitlements’ build setting, type in the filename of the new Entitlements.plist file including the extension.
  What is all that about? And can that be left in the distribution for app store as well? Is there any reason to even do an ad hoc distribution as opposed to just making a development distribution for specified devices?
  Thanks!
  doug

  If you are only testing the application on your own iPhone (or an iPhone that will always be connected to your development Mac w/ xcode on it), you only need to create a development profile.
  The Ad Hoc profile is useful for:
  .. Beta testers
  .. Giving free copies of your app to friends (so they don't have to buy through the store)
  Basically, it's for distributing release versions of your application to specific iPhones (your friends or beta testers have to give you their iPhone identifier strings). You cannot do this effectively with a development profile.
  And yes, you can leave the entitlement.plist file in your project when you release to the apple store.

• Question about code-signing

  Hi,
  I am looking for a document that shows how-to about the code-signing an app. I have tested the app successfully on OS3.0 and OS3.1 devices using my provisioning profile.
  So far, from what I've read - the information is mainly about helping developers to test on the actual device(s). The following web article goes briefly into code-signing (referring to the Entitlements.plist file and the step 5) in the link:
  http://www.drobnik.com/touch/2009/05/how-to-fix-code-signing-errors/
  I added the Entitlements.plist file - but then, I am lost as to what the next steps are!
  Help!
  Thanks in advance,
  Sam.

  Keep digging...
  http://developer.apple.com/iphone/news/
  http://developer.apple.com/search.php?q=entitlements&num=10&site=default_collect ion&
  The online dev guide was updated 9.9.2009...
  But I have to tell you, I've managed to ignore all that 3rd party chat about entitlements, and I've been doing just fine....
  From the docs:
  "Shared Keychain Items
  It is now possible for you to share Keychain items among multiple applications you create. Sharing items makes it easier for applications in the same suite to interoperate more smoothly. For example, you could use this feature to share user passwords or other elements that might otherwise require you to prompt the user from each application separately.
  Sharing Keychain items involves setting up the proper entitlements in your application binaries. Using Xcode, you must create an Entitlements property list file that includes the supported entitlements for your application. The process for creating this file is described in iPhone Development Guide. For information about the entitlements you can configure, see the description for the SecItemAdd function in Keychain Services Reference.
  Accessing shared items at runtime involves using the Keychain Services programming interface with the access groups you set up during development. For information about how to access the Keychain, see Keychain Services Programming Guide."

• "no identity found" error when code signing

  Hello,
  I am trying to codesign an iPad IPA file supplied to me be an external app development agency.  To carry out the app signing, I first installed the distribution cert and private key (.p12 file) in to Keychain. I also installed the intermediate WWDRCA cert and the ios_development cert.  I'm using the following command from the iOS terminal to sign my app:
  codesign -f -s ituneskey.p12 AppName.ipa
  and the error I get is :
  ituneskey.p12: no identity found
  My distributuon cert is valid, I have checked this in Keychain Util.
  What am I doing wrong and how can I resolve this?

  Hi K T,
  I had previously gone through the two links you mentioned before posting to this forum, but to no avail. I have a couple of theories. One is that because the developer who wrote the app is not part of my companies "Team" in our iOS developer account, he used his own developer certificate to create the app. Now the problem is when we come to signing the app with our distribution certificate, which by the way now works (see below), when validating the archive during upload it fails.
  The reason why codesign was not working as previously stated in my original post was because I was using the wrong identity? The command I used was:
  codesign -f -s ituneskey.p12 AppName.ipa
  However I should have been using the following:
  codesign -f -s [Valid Identity Here] AppName.ipa
  where [Valid Identity Here] is replaced with the identity used in our developer account and distribution certificate.
  I've got that bit working, but now when I use Organiser to either Validate or Distribute the archive I get the following error:
  Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate.
  I then went on to read the following post:
  http://oleb.net/blog/2011/06/code-signing-changes-in-xcode-4/
  In this post I noted a section where it states :
  Update: Colin Humber, developer at TestFlight, made me aware of a potential problem with this approach. Apparently, the App ID of the provisioning profile that is used for building the app is hardcoded into the binary during the build process. If you later resign the app with a provisioning profile that belongs to different App ID, the one in the binary will no longer match the provisioning profile’s App ID since the binary will not be recompiled. This can cause all sorts of problems with services that rely on the App ID, such as access to the keychain, Push Notifications, or In-App Purchasing.
  This issue will not affect you as long as you use your default “wildcard” App ID (the one that looks like1234567890.*). But if you use a separate concrete App ID to publish your app on the App Store, you have to make sure to build your app with a provisioning profile that uses the same App ID. You should not use your default Team Provisioning Profile for release builds in that case. Thanks for the heads-up Colin!
  And since we DO USE a unique AppID per app I think this is the reason why Validation is failing and I'm getting the above stated new error.
  Is the solution therefore to add the developer to our developer Team and get him to use our AppID when building the app?

• What is an entitlements plist and why do I need one?

  I have been following the instructions for app store distribution in the iOS Developer Program Guide, and I did everything it said to do, but when I try to build the app, it says "the entitlements file "path of file/entitlements.plist" is missing." I tried adding a template entitlements plist and it says
  Command /usr/bin/codesign failed with exit code 1, and
  Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate. (-19011)
  I don't think this has to do with the certificate because I have followed Apple's intsructions about the certificate, but it doesn't say anything about an entitlements.plist. How do I get my app to work so that I can submit it to the App Store?

  jpimbert: the entitlements.plist has been changed and you no longer have to set a get-task-allow value.
  ChaBoing: if you added a template entitlements.plist then that should be fine. But check the Target info and make sure that the "Code Signing Entitlements' key is set to 'Entitlements.plist' (not a path to the file).