Renewing an expiring Enterprise provisioning profiles, and other aggravations - iphone

Now that the app I created last year has enjoyed a year's worth of functional success, my Enterprise users are beginning to see alerts indicating that the provisioning profile is about to expire.
The Code Signing business of the app gave me tremendous difficulty in the beginning, and now it's doing it again. I think it's because all the information I can find about it refers to apps to be distributed in the App Store, but not for Enterprise apps. The "Tools Workflow Guide for IOS" seems only to be helpful for App Store distribution.
I did finally get it working just by trial and error, by setting all of the Code Signing Identities to "iPhone Developer," but I really need to understand the proper way to do it and why it works that way. And I need the "Idiot's Guide" version.
First, I think what is hanging me up is understanding the Distribution aspect. Is "Distribution" only in reference to an app that is bound for the App Store? This being an Enterprise app, does Distribution apply? Any time I try to create a Distribution profile and include it in Distribution/Release for the Code Signing Identity, compile fails. It works ok if all Code Signing Identities are set as "iPhone Developer." Does that mean it is going to always need a Developer provisioning profile, and never a Distribution profile?
The "iPhone Developer" profile always comes up in the Code Signing Identity section of Build Settings as "(currently matches 'iPhone Developer: Bill Norman(4GR2 etc) in 'iOS team". But any other profile doesn't say anything like that, and so none of the other profiles work. If they don't work, why are they there? And do I need to delete them?
And yes, there are lots of profiles listed that are the result of many trials and errors. Only one appears in the Profiles section of the iPhone's Settings, and that's the iOS Team Provisioning Profile.
If it does need a "Distribution" profile, how do I make it work?
Next question: Will my Enterprise users need to download and re-install the app to get the new provisioning profile? Or will it do it by itself, seamlessly? Or will it inform my users that the profile has expired, and they need to do such-and-such to get their app to work?
More: The Developer profile only lasts for a year, while the Distribution profile lasts three years. Obviously it would be helpful to make it last three years, but can we do that with an Enterprise app?
My apologies for my continued inability to fathom the inner workings of this stuff. And many thanks to anyone who can help.

First thing that you want to do is delete all of those extra provisioning profiles that you created through trial and error. Just totally remove them from the organizer. The difference between developer provisioning profiles and distribution provisioning profiles is that developer profiles will only work on devices that are registered with that developer profile, meaning test devices. You would not be able to sign an app with a developer profile and then put it on any device, only devices that you have registered to work with that profile. In the distribution zone you will have app store distribution and Ad Hoc distribution. App store refers to the Apple App Store which you must submit your app to apple for that. Ad Hoc distribution allows developers who have enterprise accounts to distribute to any device via the internet or other methods.
I would need more information when you say that compile fails with distribution but generally speaking, you would click the product tab and then click on archive. When the archiving is complete and the archive window pops up, you would click on the button that says Distribution in the bottom right corner. You would then click on the Save for Enterprise or Ad-Hoc deployment option. You choose your distribution code signing identity when asked which identity to use and hit next. Here comes the tricky part: On the next section where you are choosing where to save the app, you click on the option, save for Enterprise distribution. There are two fields that need to be filled in here, the first is an application url, this is the exact url where you will be hosting the ipa file, for example http://www.somewebsiteyouown.com/myApplication.ipa
The second is the ApplicationTitle which will just be your app title: myApplication.
This process will generate for you a plist and an ipa file, you put thos both on the server and link to the plist from a button or link on a webpage. The plist is like the instructions on where the ipa file is and what to do with it.

Related

Release an ios application?

I've an iOS project developed by someone else, now I have to update it and build a release for client so that they test it.
I've updated it and while archive it in release mode, get error-
The identity 'iPhone Developer: XYZ' doesn't match any valid, non-expired certificate/private key pair in the default keychain
I am new to iOS. I have some idea that I have to change developer id or something similar in certificate. But do not know how. Can anyone help me to fix this issue?
Thanks.
You need to have Apple development certificate and .p12 file of that account of which that provisioning profile exists.
If you don't have, you need to create it from keychain, by requesting a certificate from authorised authority->generate csr and submit in you developer account.
hope it helps you........
You need to do an "Ad Hoc" distribution.
Build your App for "Release".
Go to the "Organizer" and select the Archive.
Select your build in the Archive.
Use the "Distribute" button and select the middle radio button. "Save for Enterprise or Ad Hoc Distribution".
That will produce a .ipa and ask you where you want to save it. You can put that on your desktop and distribute it.
In order to build an Ad Hoc Build, you have to get yourself an "Ad Hoc Distribution" certificate. You do that in the Apple iPhone Developer site in the provisioning portal area, located here:
iOS Provisioning Portal
You will also need to authorize the devices you want run test versions on in the same way you authorized your own devices for development.
If you have to run the App on many test devices and the testers are not technical. I suggest you take a look at a pretty good service online called "TestFlightApp".
You don't have a valid keychain item for the developer certificate, is what the error is telling you. It's a case of creating one and installing it.
But for delivering a test build - you need to create an adhoc distribution, using a distribution certificate that has the test device's udid included.
In either case - and for further troubleshooting - Apple have a handy Technical Note for dealing with these kinds of issues and how to solve them.
If you go to your project in Build Settings -> Code Signing -> Code Signing Identity, you can change the signing certificate to your own.

Clarifying questions about provisioning profiles & My specific problem

I'm having serious problems getting one of my app's to run on other people's iPhones. Another app of mine works fine, so I suppose I am at some level capable of getting it right.
I've tried a lot of different things based on Googling around, but there's just too many permutations. It's time for me to learn what is actually going on. While I dive into the documentation, I have a few questions that hopefully some people here can clarify for me:
I noticed the I can set the Entitlements and Code signing settings both on the Project (double click on the top item in Groups & File, which has the name of the project) and on the Target (under Targets, double click on your project name). What's the difference between these two? I know that with header paths, one tends to override the other (without warning of course...).
When I choose "Build and Archive" (a really cool feature by the way), it again allows me to code sign. What's the difference here?
Many forums point to a setting in Entitlements.plist called "get-task-allow" (which needs to be set to false). However, when I create an entitlements file in XCode, there is no such line. Does that mean Apple fixed that bug/feature?
What is the difference between "Code signing identify" and "Any iOs device"?
What is the difference in the provisioning portal between "Development" and "Distribution"?
In that same portal, when you create a new profile for distribution, what is the difference between Ad Hoc and App Store? I've heard people say (and I believe I also experienced this in the past) that you can use the App Store profile for Ad Hoc distribution as well (maybe not the other way around). Then again, that might be due to my confusion if XCode uses multiple profiles at the same time, so it's not clear which profile is doing what.
My situation:
I'm using XCode 3.2.4 with SDK 4.1. The app runs fine on my own phone (which actually makes it harder to debug). Errors my friends keep getting vary from "Entitlements are not valid" to 0xE8003FFE and 0x800ccc0e, depending on what I send them. One has an iPhone 3G, the other an iPod touch. Both run iOS 4.1 and are not jail broken. Both do not have "restrictions" turned on.
I have two applications:
* com.isimplifiedchinese.teacher
* com.isimplifiedchinese.student
I was able to distribute the student application by building for the device and then manually creating the .ipa file (that was before I knew about the Build & Archive feature). I'm not able to distribute it with the Build & Archive feature yet. But I would like to focus on the teacher application, which I'm not able to distribute in any way at all (even though it worked in the past, before I started changing things).
In my provisioning profile I have (for the teacher application):
* one certificate for development
* one certificate for distribution
* a list of devices including my own and those two friends
* a provisioning profile for development (with me and my two friends in it)
* a provisioning profile for distribution (with me and my two friends in it). It's configured for "App Store" (but I've also tried "Ad Hoc" in the past, albeit possibly with slightly different options elsewhere)
All profiles are still valid. They are all listed in XCode Organiser and seem to be up to date.
Deployment is set to Device 4.1 - Ad hoc. On both the project and the target build settings:
* I added "Entitlements.plist" to "Code signing entitlements".
* code signing identity is set to automatic selector which points to my iPhone Distribution certificate and the App Store profile for the application.
* Any iOS Device is set to my iPhone Developer certificate (it's not set to automatic, because if I do that it points to a provisioning profile of the student application of mine).
When I choose Build and Archive and then Share Application, I set Identity to iPhone Distribution (which matches iPhone Distribution - App Store).
I regularly, but not consistently, used Clean All Targets during my struggles
Another thing that may or may not be relevant: I started with the teacher application and after a while a cloned and renamed the clone to student application. The student application uses shared libraries from the teacher application, but not the other way around.
Needless to say there's just too many permutations here and too much magic (from my point of view). Hopefully you can either help me understand this system better or magically point me in the right direction so I never have to worry about it again.
Lots of questions indeed... Some answers:
Q4. Code signing identity is the name of the entry, which can include several sub entries: you can sign with a different identity for each possible platform. E.g. you sign with identity X for iOS 3.2 devices and with identity Y for iOS 4 devices.
Q5. Development vs Distribution: when you develop your app, you sign it with your development profile so that authorized devices will accept it, when you're ready to deploy the app, you sign it with your distribution profile, which only the App Store will accept. Apple then applies its own signature on the app so that any device will accept it when it downloads it from the app store.
Q6. App store distribution is for selling your app through Apple's App store, while Ad Hoc distribution is for distributing your app through your "own enterprise app store", your app is not available on the App Store.

Share my iPhone app for testing

I'm writing a new iPhone app and want to share it with a couple of friends for testing and general feedback and sign-off. Is there a way I can do that?
They are located in a different state, and they don't have a Mac either.
Edit: I wrote this post a long time ago. Since then, services such as TestFlight have come along which do this entire process. This is really the way to go!
You need to make an ad hoc build which your friends can install on their phones. It's a bit of a pain, but basically, the procedure goes like this:
Go to the Apple Developer Center's Provisioning Portal and register their device ID's. You will need to have your friends give you their device ID's, which can be done by clicking on the "Serial Number" field in iTunes on the device page.
Generate a distribution certificate for ad hoc distribution in the Provisioning Portal under Provisioning -> Distribution
Download that certificate yourself (the .mobileprovision file) and install it into Xcode by dragging it on the Xcode icon.
Duplicate your "Release" build setting in Xcode for an Ad Hoc build. Everything should be the same as Release, except in the "Code Signing" section you will want to select the new Ad Hoc profile generated in step 3.
Make an Ad Hoc build by going to Build -> Build and Archive
When Xcode brings up the organizer window, right click on the archived build and make a .ipa file by saving it to disk
Tell your friends to drag the mobile provisioning profile to the iTunes icon (or with File -> Open for windows users) to install it on their phone.
Tell your friends to drag the .ipa file you made into iTunes, and sync their phones
At this point, the app should be installed on their phone, but lots of things can go wrong, so you should definitely read Apple's documentation on the subject as well.
Note that this procedure won't work unless your friends are using iTunes to sync applications with their phones. Also, as noted, you will need to be a paying developer in ADC to even access any of the Provisioning Portal stuff.
You need to create an ad-hoc provisioning profile and build your app with that. Then send both a .zip compressed build and the profile to your friends (maybe over e-mail). They don't necessarily need Macs... Windows will do just fine, as long as they have the latest iTunes installed.
There's more information (including how-tos) at the iOS Provisioning Portal.
All this assumes you've paid your $99 and are a registered iOS developer.

Code Sign Error When Building iPhone Application

I am new to iPhone development. I just registered with Apple for the iPhone Developer Program. When I try to build, I am receiving an error:
Code Sign error: a valid provisioning profile matching the application’s identifier could not be found
I'm not sure what is wrong. I tried browsing the Internet but I get confused. Can anyone help me with what I should do?
At first it seems a complex process, but it's pretty straightforward when you've been through it a few times.
In a nutshell the process is this:
(I'm assuming you've set up your iPhone/iPod touch as a test device)
Via the iPhone Developer Portal
Create an App ID
(give your application a name, this is just for reference on the website and nothing to do with your own build of your application)
enter a string to identify it, like com.yourcompany.appname
(this is important and should be the same as in your .plist file inside Xcode)
Click and Save this
Go to Provisioning
There are 2 provisioning profiles you'll need
a) development - so you can install your application on a test device (i.e. your iPhone / iPod touch)
b) distribution - if you want to sell the application via the App Store
You can create the profiles by selecting your App ID, created in the previous step, from the drop down list and clicking Save
In a few moments (usually, though it can be longer) the certificate is available for download. Download this to your Mac and drop it onto the Xcode icon. Sometimes the development profile doesn't work for me like this and I drop it directly into the Organiser window in Xcode that shows my connected device.
Besides, if you are in a team account, team admin need to edit Development Provisioning Profiles, and add modify your certificates privilege.
In Xcode inside 'Edit Project Settings' you can select the certificate you wish to code sign with. Usually for debug I sign with the development certificate. Follow the instructions on the apple site and clone the release profile and call it something like release and sign this with your distribution profile. (You won't be able to load the app onto your phone with the distribution profile selected)
Make sure you select the target device as Device and not Simulator when building for the App Store!
Hope that helps, it's from memory so apologies if I've skipped some small steps.
xcode top left corner make sure you're running as "similator" "iphone"
Did you set up an iPhone provisioning profile for either development, ad hoc distribution, or app store distribution?
If not go to the iPhone developer program portal, which is linked from the developer.apple.com/iphone. Apple has provided a great series of video tutorials.
Just make sure you install the certificates or the profile won't be selectable in the project configuration. When you download the certificates double-click on them to install.
Possibly more use for others seeing this issue on a previously configured dev environment.
This error is also shown if your provisioning profile has expired, in this case you can go through the steps in Neosionnach's answer or you can go to Organizer, click on the profile and click Refresh.
This was the winner for me when I had this issue.
As of July 2012, you can go here:
https://developer.apple.com/ios/manage/overview/index.action
Then launch the "Development Provisioning Assistant." It walks through all the steps outlined by FiddleMeRagged.
You can use this process to create a Wildcard ID, if you're just looking to test your app on your iOS device and don't need to deploy to the App Store right away.

Do I need to make an Ad Hoc Provisioning Profile to debug my app on my iPhone?

I think I'm just cloudy on how debugging works on a real device - is that how to go about it? I've been reading through Apple's docs on creating provisioning profiles for distribution, but I'm not finding any information for simply debugging my app, which is running on my device, through Xcode. Can someone point me in the right direction?
Edit (2/19/09):
I'm getting conflicting answers on whether or not I need to create an ad-hoc provisioning profile to debug my app. If I don't need to create an ad-hoc provisioning profile, what else do I have to do to debug my app, other than having my development provisioning profile and certificate for myself?
Edit (2/20/09):
This link, iPhone Development Guide: Preparing Devices for Development, seems to say that you do need a development provisioning profile for debugging on a device. In my last edit, I mentioned that I was getting conflicting answers on whether or not I need to create an ad-hoc provisioning profile. The answers are not conflicting, I just didn't understand the difference between an ad-hoc provisioning profile and a development provisioning profile.
Any time you're writing software to be installed on an iPhone, you need two things: a key and a provisioning profile. The key identifies the person who developed the application; it stays on your computer and is used to sign the apps you build. The profile identifies which devices are allowed to run applications signed by a given key; it needs to be installed onto the device.
Distribution keys are basically one per company, and are only meant to be used when you are building a version of an app that's intended to be distributed outside your development team. (App Store builds must be signed with a distribution key.) Development keys are intended to be one per developer, but are only meant to be used when actively developing an app.
(If you are an individual developer, of course, you have only one developer key and one distribution key. On my machine, I've set up Keychain to require a password for the distribution key, so even if somebody steals my laptop they can't release an update to one of my apps that compromises user security. The developer key, which can only install software onto my personal phone, is not passworded.)
When you're testing on your own personal device and installing through Xcode, you need a development provisioning profile and a development key. This development profile should be installed into Xcode, which will then install it onto your phone.
When you're distributing to a small number of others (for example, for beta testing, or if you wrote an app that's specialized for a specific customer), you need an ad-hoc profile and a distribution key. You'll need to send the ad-hoc profile to the user along with the app. The user can then drop both the profile and app into iTunes and sync their phone to install.
When you're distributing through the App Store, you need an App Store profile and a distribution key. Builds made in this way cannot be run on any device you control, but Apple's submission tools require them to be built using this profile.
So to answer your question: You need to provision your device, but it has to be a development provisioning profile, not an ad-hoc profile.
No, you don't need an Ad Hoc provisioning profile to debug an app, you only need a development provisioning profile and certificate for yourself on your device.
You need to provision the device, yes. IIRC you need to use Apple's online tool, and then provision it using Xcode, after which you will be able to debug it on the device.
See the first post on this blog for more.