I'm trying to write an entry to the keychain, but it fails with a return code of -25243, the documentation only lists the "common" error codes and points you in the direction of "The Open Group" for help. I've downloaded the document but haven't got a clue where to look, the document is over 1000 pages long and just appears to list a load of #define.
Can anyone help?
There are some reasons why you could be seeing this error when running on a device. Both cases I have seen happen when attempting to store a value to the keychain using an access group.
Entitlements are not enabled
Entitlements ARE enabled, but the access group does not exist
To make sure you have all of these things set up properly:
Select your app target in Xcode
Select the Summary tab
In the Entitlements section, verify that the Enable Entitlements checkbox is checked.
Verify that Keychain Access Groups includes the group you are attempting to write to.
OK, the problem appeared to be that I was trying to store a value in kSecAttrAccessGroup, changed it to kSecAttrDescription and all is well
A little late but it's worth answering properly. This error occurs when attempting to use an access group with the keychain from the simulator.
Note this snippet from the GenericKeychain example.
#if TARGET_IPHONE_SIMULATOR
// Ignore the access group if running on the iPhone simulator.
//
// Apps that are built for the simulator aren't signed, so there's no keychain access group
// for the simulator to check. This means that all apps can see all keychain items when run
// on the simulator.
//
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the
// simulator will return -25243 (errSecNoAccessForItem).
#else
[genericPasswordQuery setObject:accessGroup forKey:(id)kSecAttrAccessGroup];
#endif
I ran into this issue recently, it turned out to be that I have multiple developer accounts and Xcode chose the "wrong" Developer Certificate to sign my debug build with. This certificate didn't belong to the same Developer as the App Id, so the app didn't have access to that Keychain group anymore.
Once I forced the code signing to use the right Developer Cert then the error went away.
Related
This is the first time trying to test an app I created with LiveCode on an iPad.
I made sure that the IOS Provisioning Portal had the following set up as ad hoc:
certificates in Development and Distribution.
Ipad is registered
Apple ID is set up
provisioning in Development and Distribution.
When I try to get the app into Xcode the following error is displayed:
The executable was signed with invalid entitlements.
How do I get all of this into xCode so my LiveCode app can be tested in the iPad?
Probably, you used a distribution profile instead of a developer's profile.
The creation of the developer certificate and provision profiles are described step by step on Apple's website. I strongly recommend that you take your time to read these steps and to make sure that you follow each step correctly.
Apple's provision portal also has an assistant that helps you to create a developer's provision profile. You need to use this developer's provision profile instead of an ad-hoc prodile if you want to install your app through XCode on your own device(s).
You can use the devloper's profile in LiveCode's Standalone Application Settings window.
This is a ENTITLEMENTS error, not a code sign issue. Entitlements have to do with iCloud. In Xcode 4 this was done on the Summary page at the bottom. In Xcode 5 it is on a new page called capabilities at the top. It will be lit up with a FIX this Issue Flag. Simply select your Devel profile and you're good to go. It does require an AppID set-up with iCloud Checked. If you're not using iCloud simple delete whatever is in the Entitlements field in the build Settings.
Although I see the "read the doc" answers often. a.) Most of us do try to read the doc and b.) It rarely contains and useful granular detail needed to code or troubleshoot anything. Cheers
Entitlements are also used with the Game Center, Passbook, In-App Purchases and Maps. All are setup in the Target Tab called Capabilities.
I'm having a problem integrating iCloud with my app.
When I set test out iCloud availability, I receive Success for the function
NSURL *iCloudURL = [fileManager URLForUbiquityContainerIdentifier:#"AppID"];
but right after this, when I attempt to perform:
NSUbiquitousKeyValueStore *iCloudStore = [NSUbiquitousKeyValueStore defaultStore];
I receive the error
NSUbiquitousKeyValueStore error: no valid com.apple.developer.ubiquity-kvstore-identifier entitlement.
Any ideas on how to fix this? My App.Entitlements file is using the default macro'd prefixes, nothing changed from the auto-generated file. iCloud is definitely enabled on the AppID in iTunes Connect.
Thanks.
I had the same problem even though all of my code, settings, entitlements, etc were correct. I fixed it by physically deleting the app from my iPhone, then building in Xcode and running it on my iPhone and it worked. Just wanted to add that in case the other solutions don't work for somebody else out there.
Big warning: if your device is jailbroken, make sure you have uninstalled AppSync. I had two insane days because of that. iCloud (and Game Center) would not work on device with AppSync installed even with correct entitlements and profiles!
I did the follow to get this to work for me (Xcode 4.2.1):
In Xcode, go to your target > Summary > at the bottom, click Enable Entitlements.
In the iOS Provisioning Portal, go to App IDs and enabled iCloud support. (You may not have to do this, but it worked for me.)
Edit your Provisioning Profile to force it to update; then download this profile and open it so it automatically launches in Xcode.
Clean and build your app to your device.
I ran into this problem when attempting to debug a Mac (not iOS) application. The problem turned out to be that I was not signing the debug build, and did not have the deployment phase of the project with "Skip Install" set to "Yes".
Apparently, iCloud will not function properly with an unsigned application.
Add com.apple.developer.ubiquity-kvstore-identifier in your Entitlements with the following value:
$(TeamIdentifierPrefix)$(CFBundleIdentifier)
In my app, I need push notifications. I am implementing all the instructions from the push notifications docs. But I got an error from Push Notification:
Fail To Register For Remote Notifications With Error:
Error Domain=NSCocoaErrorDomain Code=3000 "no valid 'aps-environment'
entitlement string found for application" UserInfo=0x2340a0
{NSLocalizedDescription=no valid 'aps-environment' entitlement string
found for application}
What I am doing wrong?
Generate a new provisioning profile, after you enable Push, and it will work!
I am using Xcode 6.1.1
You don't have to delete or recreate anything. You just have to make Xcode update your active certificates (including the new push notification certificate).
Simply go to Xcode > Preferences > Accounts > pick your Account > pick your Team > View Details
There click the refresh button in the lower left corner. (Also check your code signing in build settings)
I had same problem,I solved it making sure in Built Settings, Code Signing Identity for debug is set to proper Provisioning Profile in which you enabled push notifications.
First, you need to make sure you use an app ID without a wildcard.
Then you need to enable that app for push notifications for development.
Check this tutorial, for example.
Even after you've enabled your app id for push, it might take a couple of hours for it to work.
That was making me crazy. I cross-checked everything but still was getting the same error.
Tried all the other solution given on the web as well.
However, this did the trick for me. I create .mobileprovision file before enable APNS. This was the real mistake.
Resolution of this problem :
Create App ID
Enable APNS
Then create Provision File
If you have created provisioning profile earlier and the you have enabled APNS , you should delete provisioning file from everywhere in your system(XCode,keychain,iTuneConnect). And then create provisioning file again.
I just dealt with this issue. While there are probably a lot of things going on, here is what I learned.
When you make changes to an app ID, such as enabling push notifications, you need to create a new provisioning profile. I must have created my app ID, made a provisioning profile using it and then enabled notifications on the app ID.
Once I removed the provisioning profile from the portal, and device, I made a new one using the modified app ID. Downloaded it, tossed it on my device, wham bam thank you ma'am it worked. Hope this helps people in the future!
This just solved it for me so I will share.
If you update your app id you then must delete the profile from your device, xcode, and developer.apple.com. Then create a new matching provisioning profile that is updated with the new app id settings. Its best to name it something slightly different so you know you are selecting the correct one.
First thing you have to run applcaiton in device.
This is will happen in xcode 3.2.6. Because when you are getting everything perfect. But your application is not registering in your iphone, ipad or ipod. You need to generate a Entitlement.plst file.
Step: First select your project in xcode create a file. Select codesign file named it entitlement.plist(default name).
Put it on resource folder.
Right click open as xml editor.
Then open your provisionfile like your_apllicationName.mobileprovision (which you have created for Apns server ) in textedit mode.
Now copy some lines like the following from your provisioning profile into your entitlements file:
<key>application-identifier</key>
<string>xyz.com.company_name.app_name</string>
<key>aps-environment</key>
<string>development</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>xyx.*</string>
</array>
Save the entitlement.plist file.
Run your applcation you will notify by Apns server.
Make the Profile right.Maybe you do not set the profile.
For me -> go to project settings -> app target -> Capabilities
enable Push Notifications!
Just make sure that you are using the specific provision certificate
go to: https://developer.apple.com/ios/manage/provisioningprofiles/index.action
check the status of your provision certificate, in worst cases just create new one, download it and assigne it to your project again.
Make sure which type of provision you are using, "development" or "distribution"
I got same too. Here is how I solved.
1) Deleted provisioning profiles at ~/Library/MobileDevice/Provisioning Profiles
2) Deleted profiles from Developer Account
3) Created and installed new profiles
Note that regenarating of profiles didn't solve.
ok, a little embarrassing, but sometimes you spend hours on the most idiotic bugs -
so, I run the application on DEBUG mode instead of AD-HOC.
to change that, do:
scheme -> Edit Scheme...
select Run on the left, and change to Ad-Hoc dist under Build Configuration.
*of course you need to have the suitable adhoc provisioning profile under build-setting\code signing as well as the suitable APNS certificate attached to it when you create the provisioning profile.
** once you run it, it'll crush cause its not on DEBUG mode, but you can still run in from the device.
If you're managing more than one apps pushes on one server then consider the following facts.
You need to process a separate private key as a p12 file to prepare pem file and this private key is generated in keychain app when you create a .certSigningRequest file. So, this CSR can be reused for same app upon expiration but a separate is needed for any other app.
I got same error in XCode 4.6.1, It worked for me then I delete the previous APNS profiles from the Mac and redownload the APNS provisioing profile from member center. In Build Settings at target mode, Code Signing Identity should only in Debug Mode as iphone Developer for Release put as nil or delete the developer or distribution.
I got another new account for the AppStore, I setup the new account certificates on my MAC. Now when I try to publish XCode gives me the error
CodeSign error: Certificate identity 'iPhone Distribution: 'Name' appears more than once in the keychain. The codesign tool requires there only be one.
How can I change my certificate identity for the other account? While I have to leave my Name as it is on both itunes profiles.
How can avoid this problem without have to remove one certificate each time I need to publish app on appstore.
Thank you.
Look in the keychain app on your Mac. You may have expired entries as well as current entries. Delete the expired entries and you will be okay. Worked for me today.
I create a keychain for each team, and put all the related files (public key, private key, certificate) for the team in the keychain. The only downside is that you have to set your default keychain to the team keychain when building for a device.
I have just had this problem, and my current temporary solution was to export then delete one of the distribution identities, leaving me with one identity which then XCode is happy with. So I will have to export, delete, and import each time I want to switch to a different project to make a distribution, which isn't ideal.
I am still looking for a nicer solution.
The keychain approach sounds ok in principle, but in practice it appears to be require using the "Reset the default keychain" option in Keychain Preferences, which I have not tried yet but doesn't sound like a low-risk activity.
I did publish multiple apps on multiple app store accounts using multiple certificate (for the same identity, aka "me") and Xcode manages to understand which certificate to use for which app so far (i may have to help him out by selecting the correct provisionning profile manually from time to time in the "project info" menu).
What i'm doing is to create a new certificate for every new "app store" account i'm working on, and of course never collide the app ids. That means my keychain is full of "iPhone developer - Ben (XDFUHSD)", "iPhone developer - Ben (DSUKJNSD)", etc... certificates, each beeing used for a different client.
Xcode does give me the error you mention from time to time, but it really only happens when one of my certificate has expired and i've just redownloaded a new one.
Hope this helps
For what it's worth, I got this error even though there was only one copy of the offending certificate in my keychain. The only odd thing about my setup was I'd added the keychain file from my 10.6 partition into Keychain Access, so I had two "login" keychains. Even though the other one didn't any certificates in it at all, the "appears more than once" error went away when I removed it from Keychain Access.
On the plus side, Automatic Provisioning seems to work pretty well these days, so clearing and reloading all my profiles wasn't the nightmare I'd thought it would be..
Finally got MGTwitterEngine stuff to
compile (by setting the Header Search Paths to /usr/include/libxml2 iphoneos3.0/usr/lib/libxml2)
AND link (by removing the Twitter LibXML Parsers code and assigning a weak role to libxml2.2.dylib in Targets: Link Binary With Libraries).
But when I do a Build and Go to the iPhone (not the simulator), I get this error:
"This provisioning profile does not have a valid signature (or it has a valid, but untrusted signature)."
I have followed the official Apple Developer process of getting a certificate and provisioning, etc. Obviously, I did something wrong somewhere. Has anyone come across this problem or have any ideas on how to solve it?
Things to check:
In Keychain Access, make sure you have a code sign identity (public and private keys and a certificate titled "iPhone Developer: Your Name"
In your Info.plist, make sure your Bundle Identifier matches your App ID that you created in the dev portal
Make sure you installed the .mobileprovision (from Terminal> open x.mobileprovision)
In the dev portal, make sure your provisioning profile has your certificate, your App ID, and your device all enabled. If it doesn't, fix that and re-download and re-install your provisioning profile.
Follow the instructions very carefully when creating your Certificate. One time, in Keychain Access, when I went to Request a Certificate, I had something else selected in the list panel and so it created the wrong kind of certificate. Make sure nothing in the list is selected when you do this part.
Restarting Xcode may also work... (Work for me couple of times)
Troy It looks like the issue is you don't have a keypair that is tied to the provisioning profile installed. It's tough to tell for sure but that is my best guess.
If that is the case, I've been working in a similar situation - what you need is to either generate a private key using the iphone development portal under the same account your boss used and then add that new key to the provisioning profile you are building with.
OR
You can get your boss to export the key he generated when he created the provisioning profile - he can export it from keychain and give it a password that will allow you to install it but protect it from anyone else installing it.
I guess the fifth time's the charm. I basically deleted the certificate and the provisioning file, etc., and started completely over. Viola! Now for those pesky memory leaks! :-) Oh, Java, wherefore art thou, Java? (and your majic garbage collection!)
One of the things that I tried and worked for me was to reset the keychain access
http://support.apple.com/kb/TS1544