Clarifying questions about provisioning profiles & My specific problem - iphone

I'm having serious problems getting one of my app's to run on other people's iPhones. Another app of mine works fine, so I suppose I am at some level capable of getting it right.
I've tried a lot of different things based on Googling around, but there's just too many permutations. It's time for me to learn what is actually going on. While I dive into the documentation, I have a few questions that hopefully some people here can clarify for me:
I noticed the I can set the Entitlements and Code signing settings both on the Project (double click on the top item in Groups & File, which has the name of the project) and on the Target (under Targets, double click on your project name). What's the difference between these two? I know that with header paths, one tends to override the other (without warning of course...).
When I choose "Build and Archive" (a really cool feature by the way), it again allows me to code sign. What's the difference here?
Many forums point to a setting in Entitlements.plist called "get-task-allow" (which needs to be set to false). However, when I create an entitlements file in XCode, there is no such line. Does that mean Apple fixed that bug/feature?
What is the difference between "Code signing identify" and "Any iOs device"?
What is the difference in the provisioning portal between "Development" and "Distribution"?
In that same portal, when you create a new profile for distribution, what is the difference between Ad Hoc and App Store? I've heard people say (and I believe I also experienced this in the past) that you can use the App Store profile for Ad Hoc distribution as well (maybe not the other way around). Then again, that might be due to my confusion if XCode uses multiple profiles at the same time, so it's not clear which profile is doing what.
My situation:
I'm using XCode 3.2.4 with SDK 4.1. The app runs fine on my own phone (which actually makes it harder to debug). Errors my friends keep getting vary from "Entitlements are not valid" to 0xE8003FFE and 0x800ccc0e, depending on what I send them. One has an iPhone 3G, the other an iPod touch. Both run iOS 4.1 and are not jail broken. Both do not have "restrictions" turned on.
I have two applications:
* com.isimplifiedchinese.teacher
* com.isimplifiedchinese.student
I was able to distribute the student application by building for the device and then manually creating the .ipa file (that was before I knew about the Build & Archive feature). I'm not able to distribute it with the Build & Archive feature yet. But I would like to focus on the teacher application, which I'm not able to distribute in any way at all (even though it worked in the past, before I started changing things).
In my provisioning profile I have (for the teacher application):
* one certificate for development
* one certificate for distribution
* a list of devices including my own and those two friends
* a provisioning profile for development (with me and my two friends in it)
* a provisioning profile for distribution (with me and my two friends in it). It's configured for "App Store" (but I've also tried "Ad Hoc" in the past, albeit possibly with slightly different options elsewhere)
All profiles are still valid. They are all listed in XCode Organiser and seem to be up to date.
Deployment is set to Device 4.1 - Ad hoc. On both the project and the target build settings:
* I added "Entitlements.plist" to "Code signing entitlements".
* code signing identity is set to automatic selector which points to my iPhone Distribution certificate and the App Store profile for the application.
* Any iOS Device is set to my iPhone Developer certificate (it's not set to automatic, because if I do that it points to a provisioning profile of the student application of mine).
When I choose Build and Archive and then Share Application, I set Identity to iPhone Distribution (which matches iPhone Distribution - App Store).
I regularly, but not consistently, used Clean All Targets during my struggles
Another thing that may or may not be relevant: I started with the teacher application and after a while a cloned and renamed the clone to student application. The student application uses shared libraries from the teacher application, but not the other way around.
Needless to say there's just too many permutations here and too much magic (from my point of view). Hopefully you can either help me understand this system better or magically point me in the right direction so I never have to worry about it again.

Lots of questions indeed... Some answers:
Q4. Code signing identity is the name of the entry, which can include several sub entries: you can sign with a different identity for each possible platform. E.g. you sign with identity X for iOS 3.2 devices and with identity Y for iOS 4 devices.
Q5. Development vs Distribution: when you develop your app, you sign it with your development profile so that authorized devices will accept it, when you're ready to deploy the app, you sign it with your distribution profile, which only the App Store will accept. Apple then applies its own signature on the app so that any device will accept it when it downloads it from the app store.
Q6. App store distribution is for selling your app through Apple's App store, while Ad Hoc distribution is for distributing your app through your "own enterprise app store", your app is not available on the App Store.

Related

Renewing an expiring Enterprise provisioning profiles, and other aggravations

Now that the app I created last year has enjoyed a year's worth of functional success, my Enterprise users are beginning to see alerts indicating that the provisioning profile is about to expire.
The Code Signing business of the app gave me tremendous difficulty in the beginning, and now it's doing it again. I think it's because all the information I can find about it refers to apps to be distributed in the App Store, but not for Enterprise apps. The "Tools Workflow Guide for IOS" seems only to be helpful for App Store distribution.
I did finally get it working just by trial and error, by setting all of the Code Signing Identities to "iPhone Developer," but I really need to understand the proper way to do it and why it works that way. And I need the "Idiot's Guide" version.
First, I think what is hanging me up is understanding the Distribution aspect. Is "Distribution" only in reference to an app that is bound for the App Store? This being an Enterprise app, does Distribution apply? Any time I try to create a Distribution profile and include it in Distribution/Release for the Code Signing Identity, compile fails. It works ok if all Code Signing Identities are set as "iPhone Developer." Does that mean it is going to always need a Developer provisioning profile, and never a Distribution profile?
The "iPhone Developer" profile always comes up in the Code Signing Identity section of Build Settings as "(currently matches 'iPhone Developer: Bill Norman(4GR2 etc) in 'iOS team". But any other profile doesn't say anything like that, and so none of the other profiles work. If they don't work, why are they there? And do I need to delete them?
And yes, there are lots of profiles listed that are the result of many trials and errors. Only one appears in the Profiles section of the iPhone's Settings, and that's the iOS Team Provisioning Profile.
If it does need a "Distribution" profile, how do I make it work?
Next question: Will my Enterprise users need to download and re-install the app to get the new provisioning profile? Or will it do it by itself, seamlessly? Or will it inform my users that the profile has expired, and they need to do such-and-such to get their app to work?
More: The Developer profile only lasts for a year, while the Distribution profile lasts three years. Obviously it would be helpful to make it last three years, but can we do that with an Enterprise app?
My apologies for my continued inability to fathom the inner workings of this stuff. And many thanks to anyone who can help.
First thing that you want to do is delete all of those extra provisioning profiles that you created through trial and error. Just totally remove them from the organizer. The difference between developer provisioning profiles and distribution provisioning profiles is that developer profiles will only work on devices that are registered with that developer profile, meaning test devices. You would not be able to sign an app with a developer profile and then put it on any device, only devices that you have registered to work with that profile. In the distribution zone you will have app store distribution and Ad Hoc distribution. App store refers to the Apple App Store which you must submit your app to apple for that. Ad Hoc distribution allows developers who have enterprise accounts to distribute to any device via the internet or other methods.
I would need more information when you say that compile fails with distribution but generally speaking, you would click the product tab and then click on archive. When the archiving is complete and the archive window pops up, you would click on the button that says Distribution in the bottom right corner. You would then click on the Save for Enterprise or Ad-Hoc deployment option. You choose your distribution code signing identity when asked which identity to use and hit next. Here comes the tricky part: On the next section where you are choosing where to save the app, you click on the option, save for Enterprise distribution. There are two fields that need to be filled in here, the first is an application url, this is the exact url where you will be hosting the ipa file, for example http://www.somewebsiteyouown.com/myApplication.ipa
The second is the ApplicationTitle which will just be your app title: myApplication.
This process will generate for you a plist and an ipa file, you put thos both on the server and link to the plist from a button or link on a webpage. The plist is like the instructions on where the ipa file is and what to do with it.

Questions about Ad Hoc distribution

I am trying to set an Ad Hoc distribution in order to test an iPhone app with some remote users. And I haven't found any good and clear tutorial up to now. By reading bits and pieces on Apple documentation and others I am now able to put the app on my iPod device doing as much as I can "as if I was remote user"; meaning I can put my app on the device without going through XCode. But when I send the xxx.mobileprovision an the app file to a remote user, things go wrong. The user gets a message saying that there is no proper signing authority.
As far as I know I included myself and the other users in the list of device UDIDs.
One thing unclear to me related to this issue is :
In the iOS Provisioning Portal section Certificates I can see one tab "Development" and another one "Distribution", I am not sure of what the difference is. I have one item in each tab, but I see no "Add" button to add more items and try something different. Is one of those two tabs important for my problem above?
Thanks.
The tabs are very important.
With certificates, Development is the Key Chain cert that grants you permission to build in Xcode directly to an iOS device connected by cable. Distribution is the Key Chain cert that grants you permission to build in Xcode app that may be installed onto an iOS device remotely.
Development is the mobile provisioning profile that has the list of registered an iOS devices you may directly build an app onto connected by cable.
Distribution is the mobile provisioning profile that has the list of registered an iOS devices you may send an app to someone else and have them install it on a registered iOS device remotely without using Xcode.
You want to do an Archive which will require a Distribution mobile provisioning profile. I might add that if you are sending an mobile provisioning profile in an email, you will likely want to Zip it with the .ipa since the profile can often get corrupted with in certain email clients.
Here's a link to another question that has very thorough step-by-step instructions for creating ad-hoc distribution profiles: how do you beta test an iPhone app. The instructions have changed slightly with newer Xcode versions, but this is still the best walkthrough I could find.

iPhone Provisioning: What's it all about?

Grepping around, I see that I'm not AT ALL alone in being... challenged... by the process of setting up an iPhone app, getting it to run, giving it my testers, and so on.
I've gotten it to work. Somehow I emailed a copy or two to testers, and eventually got my li'l app into the store, and that was fine.
But I can't say a really, deeply understand it! (And I don't do iOS dev every day. Even now my recollection of what I did is kind-of hazy.)
I'm moderately capable of understanding things, if presented, well, you know, in a way I can understand.
Can anyone point me to a crystal clear explanation of what provisioning actually is?
I feel that if I understood it, the recipes to do it would be obvious.
Thanks!
Development provisioning profiles sign your application, and allow the phone to know it's OK to run. These days, XCode automatically makes a Development Profile for you (the "Team Profile").
The other kind of profile, when you are talking about other people running you app, is a Distribution Profile. You need a Distribution profile for either giving your app to the store, or for giving to beta-testers.
The profile is what allows other people's phones to know it's OK to run your app, basically it includes a list of device ID's approved to run that application on the phone in question, along with being signed so that the phone knows the whole thing is valid.
If you read advice around the web concerning distribution, it's easy to get confused because things used to be a lot harder. You used to have to send Distribution certificates separately from your app to beta testers. These days the certificates are included in your app bundle so you don't have to worry about that.
Furthermore, sending an AdHoc build can be all kinds of unpleasant - for testers using Windows. These days, the absolute best way to do beta testing is have a link on the web that uses the Enterprise ad-hoc deployment feature, to let a user with iOS4 or higher automatically download and install your application with no iTunes or copying work at all. In fact I would at this point refuse to use beta testers running windows who were not on iOS4 or higher.
The guide link posted should have a section about the enterprise ad-hoc, but basically the way it works is there's a small plist file the phone downloads, that has a link to the IPA file containing your app. You point the phone to a specially formatted link to the plist file and the phone fetches the application directly.
All of this is predicated on using the "Build and Archive" option for building any ad-hoc distribution build. You should do that anyway because it also saves out a symbol file for you to use in debugging crash reports.
EDIT:
Here's a little more detail on enterprise deployment (which works for any registered developer, not just Enterprise registered developers):
http://jeffreysambells.com/posts/2010/06/22/ios-wireless-app-distribution/
The Developer Program User Guide should be helpful.

Code Sign Error When Building iPhone Application

I am new to iPhone development. I just registered with Apple for the iPhone Developer Program. When I try to build, I am receiving an error:
Code Sign error: a valid provisioning profile matching the application’s identifier could not be found
I'm not sure what is wrong. I tried browsing the Internet but I get confused. Can anyone help me with what I should do?
At first it seems a complex process, but it's pretty straightforward when you've been through it a few times.
In a nutshell the process is this:
(I'm assuming you've set up your iPhone/iPod touch as a test device)
Via the iPhone Developer Portal
Create an App ID
(give your application a name, this is just for reference on the website and nothing to do with your own build of your application)
enter a string to identify it, like com.yourcompany.appname
(this is important and should be the same as in your .plist file inside Xcode)
Click and Save this
Go to Provisioning
There are 2 provisioning profiles you'll need
a) development - so you can install your application on a test device (i.e. your iPhone / iPod touch)
b) distribution - if you want to sell the application via the App Store
You can create the profiles by selecting your App ID, created in the previous step, from the drop down list and clicking Save
In a few moments (usually, though it can be longer) the certificate is available for download. Download this to your Mac and drop it onto the Xcode icon. Sometimes the development profile doesn't work for me like this and I drop it directly into the Organiser window in Xcode that shows my connected device.
Besides, if you are in a team account, team admin need to edit Development Provisioning Profiles, and add modify your certificates privilege.
In Xcode inside 'Edit Project Settings' you can select the certificate you wish to code sign with. Usually for debug I sign with the development certificate. Follow the instructions on the apple site and clone the release profile and call it something like release and sign this with your distribution profile. (You won't be able to load the app onto your phone with the distribution profile selected)
Make sure you select the target device as Device and not Simulator when building for the App Store!
Hope that helps, it's from memory so apologies if I've skipped some small steps.
xcode top left corner make sure you're running as "similator" "iphone"
Did you set up an iPhone provisioning profile for either development, ad hoc distribution, or app store distribution?
If not go to the iPhone developer program portal, which is linked from the developer.apple.com/iphone. Apple has provided a great series of video tutorials.
Just make sure you install the certificates or the profile won't be selectable in the project configuration. When you download the certificates double-click on them to install.
Possibly more use for others seeing this issue on a previously configured dev environment.
This error is also shown if your provisioning profile has expired, in this case you can go through the steps in Neosionnach's answer or you can go to Organizer, click on the profile and click Refresh.
This was the winner for me when I had this issue.
As of July 2012, you can go here:
https://developer.apple.com/ios/manage/overview/index.action
Then launch the "Development Provisioning Assistant." It walks through all the steps outlined by FiddleMeRagged.
You can use this process to create a Wildcard ID, if you're just looking to test your app on your iOS device and don't need to deploy to the App Store right away.

Multiple iPhone Developer Accounts on One Mac?

I have searched but cant find this question anywhere. My wife and I are about to take on iPhone development and we've only got the funds to purchase one iMac 24" to do this. Anyone out there with iPhone development experience know if two different Apple developer accounts can be profiled on one development Mac? Not only via the developer program but also does the XCODE (I believe it is) IDE support it?
What we're hoping to be able to do is that I can log in with my profile and developer/debug, etc my iPhone application and her do the same under her own profile (not seeing mine and vice-versa). Time sharing wont be an issue as I work from home while she works away from home and we'll be able to figure out that part no problem.
Please understand that we're both completely new to the Mac, OS X as well as the iPhone development arena and so we have no idea if this is possible. If not our second option would be to purchase two Mac Mini's (keyboards and mice too) and figure out some KVM to each of our existing PC's monitors that we already have, and develop that way. We would rather not and just share one iMac between two developer accounts and IDE profiles.
UPDATE: My wife and I invested in a 24" iMac from Best Buy utilizing a 12 month no-interest offer, which made it the choice over the 20" iMac. Its got plenty of RAM (4G out of 8G max) and HD space (640G) and we're getting used to the MAC OS X and will begin developing soon. We've created two OS X accounts, to keep settings and such separate. Either Windows moved closer to OS X or vice-versa as things on OS X seem quite intuitive and we were highly impressed at the whole un-box and setup time of about 8 minutes! So far, so good.
Sure. Just make two user accounts on the iMac. Easy!
I have two iPhone developer accounts that I work with, so instead of two accounts and two people, it's two accounts and one person. Unfortunately, being the same person both accounts ended up with the same Agent name (and it appears nearly impossible to change this - my case requesting the change has been open with Apple for months).
This resulted in two sets of keys and certificates and the keys have the same name. This causes problems in Xcode, both in the Organizer and in code signing. I filed bugs on these 6635822) some time ago, but ended up just now finding a work-around for both problems. I wrote it down in a blog entry in case it'd be helpful to others.
http://geekanddad.wordpress.com/2009/07/25/work-around-for-multiple-iphone-dev-account-and-code-signing-and-xcode-organizer-problems/
Update: Jan 2010: it looks like Apple has addressed this with their certificate generation - User Names now seem to have a number appended to them in parenthesis (e.g., My Name (A340D)). I have not tried to regenerate certificates on previous accounts to see if they get this hash added, but newly created ones are having this added.
Update: Feb 12 2010: Yes, if you regenerate the certificate on the account it appends a number to the name and this whole issue is a non-issue. So you can just have one keychain and all your certificates there now - thanks apple!
That's one way. You can share the single copy of the /Developer tools, but each have your own login name, preferences, and keychains.
If you share the same Mac OS X user account, but have two ADC identities, on the Safari side you just have to make sure you log out of the ADC website when you trade places.
On the Xcode side, you'll need to add both Developer Certificates to your keychain, and both Provisioning Profiles to Xcode's organizer. I recommend that you each have your own phone, if you're going to have separate Provisioning Profiles and Developer Certificates.
The crucial part is that for each project you work on, you need to set the Code Signing Identity to the full and exact identity for the person who owns it. The projects come set up with a wildcard identity of "iPhone Developer"; you need to change it to "iPhone Developer—John Appleseed" to use your signing certificate and profile, and your wife has to do the same on her projects.
Also, if you copy an app from one developer account and try to use the identity and provisioning profile associated with the other account, it won't work. You'll have to quit XCode and edit the project.pbxproj file which you'll find inside the .xcodeproj bundle. Find every term next to CODE_SIGN_IDENTITY or PROVISIONING_PROFILE and delete the value in double quotes (leave the double quotes). Then restart XCode and select the provisioning profile in the Get Info's Build tab for both the main object in the upper left of Groups and Files, and also any and all Targets. Then it should work. Apparently, when an app has been build using a provisioning profile for one ADC account, XCode doesn't fix up all the information necessary to allow you to change to a different ADC account.