I have created a small app which I have not used any .entitlement file for running in both simulator and device. Its working fine too...But I don't know where this .entitlement file is used and how it can be created.Is it important for the app?
Entitlements are special rights with which an application can gain additional privileges and access to certain functions of the system, such as access to the keychain (keychain-access-groups entitlement), launching applications just like SpringBoard does (com.apple.springboard.launchapplications entitlement), and so on.
An Entitlements.xml file is used when codesigning an application, both by the official codesign_allocate tool that comes with Xcode and the developer tools, and by the ldid utility that can be used for fake codesigning on jailbroken devices. Essentially, it's a property list file which contains one or more of these entitlements and whose contents will be merged into the executable during the codesigning process. When the OS attempts to run the application, and it looks for the signature of the binary, it finds the now-hardcoded entitlements file, and instructs the sandbox daemon to lift certain bans of privileges accoring to the contents of that file.
Here are all documented entitlements for iOS, other undocumented ones can also be found by looking at some excutable files in iOS.
Related
I'm working on app which is distributed with Cydia. So it is installed in /Applications folder, not /var/mobile/Applications/ as usual AppStore apps. And I assume that installation give me some huge problems.
At first, keychain read & write with famous Apple's KeychainItemWrapper doesn't work at all.
Also, my settings.bundle doesn't work too. App settings don't displayed in Settings.app.
When I test application in Simulator or even deploy it from Xcode to device directly (it is deployed to /var/mobile/Applications/) everything works like a charm.
I tried moving installed .app to var/mobile/Applications/XXXXXX/myapp.app with making mobile:mobile as it's owner. It didn't help.
Any solution for making this work?
Settings Bundle
Settings work a little differently for jailbreak apps. You need to do something similar to the normal Settings.bundle, but there are differences.
See here for some information on that.
And here
And here
You should make your app depend on the preferenceloader package, which helps jailbreak apps manage Settings. So, you'll have something like this in your DEBIAN/control file:
package: com.mycompany.MyApp
Name: MyApp
Version: 2.2-2
Architecture: iphoneos-arm
Depends: preferenceloader
Description: Do something for jailbreak iPhones
...
Keychain
In order to make the keychain work for my app, I needed to add entitlements to my binary. The way I found out which entitlements were needed was to first build the app in the normal way (not a jailbreak app, just a normal 3rd-party app store app using Xcode). Then, I inspected the entitlements in the binary built by Xcode:
ldid -e MyApp.app/MyApp
And then spliced those entitlements into a new entitlements.xml file. See here for an example of applying entitlements. I believe the entitlements for your app should look something like this:
<key>application-identifier</key>
<string>L44W4W8ABC.com.mycompany.MyApp</string>
<key>aps-environment</key>
<string>development</string>
<key>com.apple.developer.team-identifier</key>
<string>L44W4W8ABC</string>
It's possible that this method of adding entitlements isn't necessary. See comments below your question for other options. However, I was adding other entitlements for other reasons, and could not do that through Xcode.
So I've inherited development work for another users iOS application, and am doing my best to be able to make a working IPA file for it. I've been trying for the better part of 7 hours fighting with provisioning profiles, Entitlements errors, etc trying to get my .ipa file to install correctly, but have yet to do so. Recently I was able to get the application on my physical device by just pressing run and allowing it to deploy that way (this means that the provisioning profile and the device are all set up to work for the application, right?). Whenever I build the archive file and and distribute it as an .ipa file and try to install this .ipa through either itunes or the Iphone Configuration Utility, however, I continue to get the "The executable was signed with invalid entitlements" error. Is something wrong with my schemes or...? I think if I can't get it working soon I'm going to reinstall xcode, and clear out all my certificates, devices, provisions and just restart from square one.
This is an older project so it still had an Entitlements.plist file with it, which I've read is now longer used in xcode 4.x. I've made sure that the filepath for it isn't referenced, but should I just delete it?
I apologize if this issue has come up before, but this seems like an error message that gets spit out for a variety of reasons.
In my case, using correct provisioning profile(including device UDID), but Build Configuration was set to "Release".
So, after setting to "Build", it works.
I need to submit my app to the App Store. So before I do this, I validated my application using Xcode's validate process.
When submitting for Validation, it required a entitlement file to be added to the project. I was unable to create this file so I dragged an entitlement file from another project and included in mine. This entitlement file did not contain any data in it (it was an empty file). However when I submitted it to validation through Xcode the validation passed successfully.
What I want to know is, What does a entitlement file do (since the entitlement file included in my project is empty) and will my app get rejected from appStore for dragging and dropping an entitlement file from another project?
According to Apple Reference
Entitlements confer specific capabilities or security permissions to your app.
Specifically
Set entitlement values in order to enable iCloud, push notifications, and App Sandbox (App Sandbox is Mac OS X only). Each entitlement has a default value, which in most cases disables the capability associated with the entitlement. When you set an entitlement, you are overriding the default by providing an appropriate key-value pair
Entitlement file is just a plist file, you can see it as another setting file that include a few highlevel configuration and is essential for code-signing an adhoc build prior to xcode 4.x
Empty entitlement file is valid as XCode will treat empty entitlement file as you want to use all the default value specified by Apple's reference. Leaving an entitlement file in your app project won't cause any harm, unless you specify something that your app is not capable of , i.e. icloud storage. Better to just delete that file if you don't need local distribution. :)
According to Apple Technical Note TN2250 (I recommend you to get rid of the entitlement file)
If you are defining a custom Code Signing Entitlements file within
your Target > Build Settings, you might try removing that
configuration entirely and rebuilding/resubmitting. More often than
not, Code Signing Entitlements are defined unnecessarily. You only
need to specify a custom Code Signing Entitlements file if your
application is utilizing custom keychain access sharing or iCloud.
Otherwise, remove the Code Signing Entitlements configuration from all
build configurations on your Xcode project's Target > Build Settings,
the rebuild and reattempt your submission/validation.
Specifying a code signing entitlements file unnecessarily is the most
likely cause of errors such as -
The app 'Foo' was not installed on the iPhone "foobar's iPhone"
because the entitlements are not valid.
In most cases, those entitlements seen above should be the only
entitlements in your App's Signature. Applications using Apple Push
Notification or iCloud will add a couple entitlements. Otherwise,
extra entitlements than those listed above, or improperly spelled, or
formatted versions of those entitlements will likely result in "failed
codesign verification" preventing upload to the store, or for Ad Hoc
builds produce the iTunes installation error 'the application was not
installed because the entitlements are not valid'.
Please see Reference
I'm trying to distribute my iPhone application and doing everything like in apple's manuals. And finally, there is no embedded.mobileprovision in MyApp.app. And also there is nothing about it in Built results. I followed all the recommendations (like clean all targets, clear CodeSign identity, remove all build directories and launch xCode again) and still have no progress.
What am i doing wrong?
There is one more thing i'd like to ask about. In Distribution configuration I've added Entitlements.plist, but builder shows me a warning:
CodeSign warning: entitlements are not applicable for product type 'Application' in SDK 'Device - iPhone OS 3.1.2'; ignoring...
May be these two things are connected with each other?
For distribution on the AppStore, you need not to have an Entitlements file.
I read in the iOS Enterprise Developer Program docs that a provisioning profile can be embedded with the application.
I am wondering how this is done. Is it simply added to the Payload directory of an IPA, or included in the project directory?
I also wonder whether this technique is generally available for all deployment modes/Programs, or is it just for Enterprise distribution deployments?
The file should be called embedded.mobileprovision
It should be placed inside the .ipa zip file, in the directory Payload/.app/
XCode's "Build and Archive" then "Share..." functionality automatically adds it (so you can use unzip on the .ipa generated by XCode's share feature to see where the files should go).
I'm unclear exactly which scenarios this is supported in, however it definitely works for adhoc builds when you're installing directly from the web onto the device (ie. using the method described here: http://developer.apple.com/iphone/library/featuredarticles/FA_Wireless_Enterprise_App_Distribution/Introduction/Introduction.html )