0

I've got this idea whereby I want to build my app once on our build server, and distribute it to multiple environments before finally landing in the iTunes store.

One of the issues I'm running into is entitlements. If I copy the $ENVIRONMENT.plist entitlements into the app, and re-sign with it, the app will install and run as expected on a 64bit device. The issue I have is the fact that the doesn't run on a 32bit device (ARMv7 / ARMv7S), and because it was originally built for Ad-Hoc (HockeyApp), it doesn't carry the beta entitlements.

So essentially I have different plist files for different environments

dev.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>XXXXX.com.mydomain.mobile</string>
    <key>keychain-access-groups</key>
    <array>
        <string>XXXXX.com.mydomain.mobile</string>
    </array>
    <key>get-task-allow</key>
    <false/>
</dict>
</plist>

prod.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>XXXXX.com.mydomain.mobile</string>
    <key>keychain-access-groups</key>
    <array>
        <string>XXXXX.com.mydomain.mobile</string>
    </array>
    <key>get-task-allow</key>
    <false/>
    <key>beta-reports-active</key>
    <true/>
</dict>
</plist>

I then copy the plist files over during deployment, and attempt to re-sign

cp $ENVIRONMENT.plist "${APPFOLDER}/Entitlements.plist"
/usr/bin/codesign -f -v -v -s "$CERTIFICATE_NAME" --entitlements="${APPFOLDER}/entitlements.plist" "${APPFOLDER}/Payload/$APPNAME.app" 
pushd ${APPFOLDER} 
zip -qr ~/Desktop/Archive/$ENVIRONMENT_NAME/$APPNAME-$APP_VERSION.ipa Payload
popd

When I do that approach, I can launch the app on an iPhone 6+ without issue, but when I try to launch the app on an iPhone 4S or iPhone 5, I get a startup crash without any crash logs.

What is the right way to re-sign an app with different entitlements for different environments? Again, the crash only occurs on 32bit devices, 64bit runs as expected even after resigning.

EDIT:

If I just build the app using Visual Studio and don't unpack/update/resign, then the app works as expected on all platforms.

EDIT:

Here is the only error output I can get. It's from the XCode Device Console.

Jul  7 11:01:02 Company-iPhone-4S SpringBoard[48] <Error>:  SecTrustEvaluate  [leaf IssuerCommonName SubjectCommonName]
Jul  7 11:01:02 Company-iPhone-4S SpringBoard[48] <Error>:  SecTrustEvaluate  [leaf IssuerCommonName SubjectCommonName]
Jul  7 11:01:02 Company-iPhone-4S SpringBoard[48] <Error>:  SecTrustEvaluate  [leaf IssuerCommonName SubjectCommonName]
Jul  7 11:01:02 Company-iPhone-4S securityd[86] <Error>:  secTaskDiagnoseEntitlements MISSING keychain entitlements: no stored taskRef found
Jul  7 11:01:02 Company-iPhone-4S securityd[86] <Error>:  secTaskDiagnoseEntitlements MISSING keychain entitlements: no stored taskRef found
Jul  7 11:01:02 Company-iPhone-4S amfid[312] <Error>:  SecTrustEvaluate  [leaf IssuerCommonName SubjectCommonName]
Jul  7 11:01:02 Company-iPhone-4S securityd[86] <Error>:  secTaskDiagnoseEntitlements MISSING keychain entitlements: no stored taskRef found
Jul  7 11:01:02 Company-iPhone-4S securityd[86] <Error>:  secTaskDiagnoseEntitlements MISSING keychain entitlements: no stored taskRef found
Jul  7 11:01:02 Company-iPhone-4S amfid[312] <Error>:  SecTrustEvaluate  [leaf IssuerCommonName SubjectCommonName]
Jul  7 11:01:02 Company-iPhone-4S kernel[0] <Notice>: xpcproxy[359] Container: /private/var/mobile/Containers/Data/Application/877013A4-BF2A-4AC9-8CEA-1598EA2CD336 (sandbox)
Jul  7 11:01:02 Company-iPhone-4S com.apple.xpc.launchd[1] <Error>: assertion failed: 13F69: launchd + 85529 [083E000D-4C31-3B98-A2C4-6FADB4D1940F]: 0x3
Jul  7 11:01:02 Company-iPhone-4S MyCompMyAppMobileiOS[359] <Warning>: Found new TLS offset at 176
Jul  7 11:01:02 Company-iPhone-4S MyCompMyAppMobileiOS[359] <Warning>: The assembly mscorlib.dll was not found or could not be loaded.
Jul  7 11:01:02 Company-iPhone-4S MyCompMyAppMobileiOS[359] <Warning>: It should have been installed in the `/Users/builder/data/lanes/3412/3cf8aaed/source/maccore/builds/install/target7/lib/mono/2.1/mscorlib.dll' directory.
Jul  7 11:01:02 Company-iPhone-4S com.apple.xpc.launchd[1] (UIKitApplication:com.MyComp.mobile[0x3eca][359]) <Warning>: Service exited with abnormal code: 1
Jul  7 11:01:02 Company-iPhone-4S SpringBoard[48] <Warning>: Application 'UIKitApplication:com.MyComp.mobile[0x3eca]' exited voluntarily.
Jul  7 11:01:03 Company-iPhone-4S kernel[0] <Notice>: xpcproxy[360] Container: /private/var/mobile/Containers/Data/Application/877013A4-BF2A-4AC9-8CEA-1598EA2CD336 (sandbox)
Jul  7 11:01:03 Company-iPhone-4S com.apple.xpc.launchd[1] <Error>: assertion failed: 13F69: launchd + 85529 [083E000D-4C31-3B98-A2C4-6FADB4D1940F]: 0x3
Jul  7 11:01:03 Company-iPhone-4S MyCompMyAppMobileiOS[360] <Warning>: Found new TLS offset at 176
Jul  7 11:01:03 Company-iPhone-4S MyCompMyAppMobileiOS[360] <Warning>: The assembly mscorlib.dll was not found or could not be loaded.
Jul  7 11:01:03 Company-iPhone-4S MyCompMyAppMobileiOS[360] <Warning>: It should have been installed in the `/Users/builder/data/lanes/3412/3cf8aaed/source/maccore/builds/install/target7/lib/mono/2.1/mscorlib.dll' directory.
Jul  7 11:01:03 Company-iPhone-4S com.apple.xpc.launchd[1] (UIKitApplication:com.MyComp.mobile[0xc803][360]) <Warning>: Service exited with abnormal code: 1
Jul  7 11:01:03 Company-iPhone-4S SpringBoard[48] <Warning>: Application 'UIKitApplication:com.MyComp.mobile[0xc803]' exited voluntarily.

note: I have re-generated my distribution profile so that it has the beta stuff in it, and I'm using sigh to grab the latest copy of my provisioning profiles.

note: The reason for resigning is that I have some XML config that points the app to different servers per environment (dev, test, production), and it gets updated before resigning.

Community
  • 1
  • 1
Chase Florell
  • 46,378
  • 57
  • 186
  • 376
  • Hmm... could the issue be that you are copying the $ENVIRONMENT.plist to "${APPFOLDER}/Entitlements.plist" (note the uppercase Entitlements) but then you are signing with --entitlements="${APPFOLDER}/entitlements.plist" (note the lower case). The iOS file system is case sensitive. However I would think it would fail on 64 bit devices also, but it seems worth mentioning. – jgoldberger - MSFT Jul 07 '16 at 19:22
  • @jgoldberger You know, I thought of that, and so I moved that piece of code into the powershell portion of my deployment `Copy-Item "$here\entitlements\$environment.plist" "$here\$($this.ipaName)\entitlements.plist"` – Chase Florell Jul 07 '16 at 19:30
  • I grabbed the console output from the iPhone 6+ launch and there was nothing of significance in there. Same app downloaded from HockeyApp, two completely different outputs. – Chase Florell Jul 07 '16 at 19:33

1 Answers1

0

I'd like to make one thing clear: the codesign is just to create a signature to verify that every byte within the .app file is exactly the same as when it was signed by it’s creator (specified by the signing identity). So theoretically this should have nothing to do with which platform the app is deployed on.

And I also want to understand your scenario more clearly: Do you want to test your app through TestFlight or just for ad-hoc testing via HockeyApp? Since the beta entitlement is only a requirement for beta testing through TestFlight. It also has nothing to do with your crash on 32bit platform.

Then for your issue, my suggestion is:

1) Check your app's configuration, especially its target platforms to verify whether ARMV7 is supported;

2)Test your app via Xcode to exclude any other signing/profile issues. This can verify whether your app could work correctly both on 64 bits and 32 bits in development mode.

3)Last and most important, it would be appreciated to attach the error log created both from Xcode output or from the device during the deploy. It would be of great help for the trouble shooting.

Fangfang Wu - MSFT
  • 1,062
  • 6
  • 7
  • The app is written in C# (Xamarin). It supports ARMv7 and ARM64. We test "Dev" and "Test" environments in HockeyApp (Ad-Hoc), and we test the "Production" environment (smoke test) in TestFlight before public release. If `codesign` is just checking as you say, what command is required to actually re-sign? The best part is there is no crash load (as I said before). I've also made an edit. – Chase Florell Jul 05 '16 at 16:13
  • 1. codesign is to create a signature, and it is the right tool to do the re-sign. 2. Could you get any log from the crashed iphone device? 3.Do you have the same problem if distributed via HockeyApp? I am asking this is because even for ad-hoc distribution, we still need to do the codesign before uploading to HA. – Fangfang Wu - MSFT Jul 06 '16 at 01:55
  • I've added the error message that I get out of XCode to the original question. – Chase Florell Jul 07 '16 at 18:04
  • This does seem like an Apple iOS issue, not a code signing issue. You could find similar bug report here: https://forums.developer.apple.com/thread/20193. Per the discussion in this thread, I suppose this may be related with memeory pressure: https://forums.developer.apple.com/thread/4743? – Fangfang Wu - MSFT Jul 18 '16 at 03:59
  • Thanks for that. Yeah I found that thread and was looking into it. Problem I'm having is that I can get the app to run on older devices prior to re-signing it :( - so confused. – Chase Florell Jul 19 '16 at 15:35