Entitlements mismatch error - where to get details? - ios

I've got the infamous
The executable was signed with invalid entitlements
error, and there have been other questions about it, but the message doesn't seem t have enough detail to fix it, or to explain the cause. It says
The entitlements specified in your application’s Code Signing
Entitlements file do not match those specified in your provisioning
profile
but which entitlements file, and which provisioning profile?
My app was fine, it's on the store, but one day I got this error and am completely stuck ever since. I don't know what I did!
My app has a main iOS app, a Now app, a watch kit app, and a watch kit extension, each with an entitlements file (I use an application group to share data). All the files have the same content. And of course, each of these targets have build settings with a code signing section. The provisioning profile is set to automatic on these. But which profile is it using?
Over time, various provisioning profiles have built up, some made by me, some made by XCode. I've got "XC" prefix ones for each target made by XCode, "iOS Team Provisioning Profile" ones, and ones I created and named. So I don't know which profiles are being used. When I set specific ones, it doesn't seem to help.
Finally when you look in the profiles, they say enabled services are "App Groups, Game Center, In-App Purchase", the first is necessary, the latter two aren't but seem to be automatic.
So. Where can I look for details about what is being matched against what, and what to change to fix this? It seems this error frustrates many, I hope Apple can add some details to this error. For example, didn't XCode, when you set the code signing settings to "Automatic" used to add which one it was using, like "Automatic (myapp development profile)"?

In your General if your bundle identifier and signing identity(Debug) and signing identity(Release) contains different provisioning profile then you get this error so make sure you have entered the same provisioning profile on both the places and always check yes to Automatically manage sigining

Related

XCode/iOS: Signed With Invalid Entitlements

Xcode is building my app successfully, but it gives me this error immediately after the build is completed:
The executable was signed with invalid entitlements.
The entitlements specified in your application’s Code Signing
Entitlements file are invalid, not permitted, or do not match those
specified in your provisioning profile. (0xE8008016).
I have read through a few other stack overflow threads on here, which lead me the try the following, all of which ended up unsuccessfully:
Ensured the same bundle identifier was provided in both the .plist file and the under "Packaging" in "Build Settings".
Restarted Xcode.
Ensured my Device ID was properly linked in my developer account.
Deleted my .entitlements file and allowed Xcode to automatically regenerate it after clicking "Fix Issue" in "Capabilities".
One thing that I think might be causing it is that my provisioning profile contains the following list of items:
Get-task-allow,
Aps-environment,
com.apple.developer.team-identifier,
Application-identifier,
Keychain-access-groups
But my entitlements file, even when automatically generated, only includes the aps-environmentkey.
I would gladly enter all the aforementioned keys manually, but I am not sure what kind of values they can take--I am willing to try a list of different values, but I can't seem to find this information on Apple's docs.
If anyone knows of such a guide, I would be grateful. If anyone also has any other suggestions to try, I am open to that as well.
EDIT: I followed Apple's Entitlement Troubleshooting guide, dowloaded my provisioning profile, obtained the dict of entitlements from it (with the exact values), and pasted it into my .entitlements file--and somehow, I am still getting the same error...
EDIT #2: If it is relevant, I am code signing manually, by downloading my provisioning profile directly from my dev account.
EDIT #3: I am only using three entitlements: Push notifications and the default Game Center and In-App Purchases. I have made sure that the push notifications are configured properly--development, but I am not sure what to do with the other two (I am not actually using them, they are just set by default).

No matching provisioning profiles found (None of the valid provisioning profiles allowed the specified entitlements)

I am getting an error when archiving:
Code Sign error: No matching provisioning profiles found: None of the valid provisioning profiles allowed the specified entitlements: com.apple.developer.in-app-payments.
I added apple pay capability since the last time I archived successfully, so it's probably to do with that. How do I add the entitlements to the provisioning profile? The whole certificates/provisioning profiles/app id concept is so confusing, wondering if there are any good reads (for dummies) on exactly what/why/how these work.
You need to go to developer.apple.com and log in as your developer account. Go to the Certificates, Identifiers, and Profiles section, and find the app ID for your app. Click on it to expend the capabilities for the app ID. Make sure In App Purchases is enabled for both development and distribution (more info here).
Once you've made sure it is there, you'll want to re-generate the provisioning profile for the app ID, and then re-download the profile to your Mac. I tend to remove all my old provisioning profiles when I do this, since having multiple profiles for the same application ID can sometimes confuse Xcode. Provisioning profiles on your Mac are stored in /Library/MobileDevice/Provisioning Profiles/
After doing this, it isn't necessary, but I usually recommend devs to quit and relaunch Xcode.
As for resources, I think Apple's session, What's New in Code Signing, from WWDC 2016 was a great one for understanding the components that are required for code signing to work.
The whole certificates/provisioning profiles/app id concept is so confusing
Not only for you :). You don't have to add entitlements to your provisioning profiles. Try to go to apple developer website add your mac (if you didn't do it already) and generate new provisioning profile. After that download it and click 2 times (xCode should automatically add it to the project). If it doesnt solve the problem try to look into project structure code and change developer/project numbers manually to proper one.

How to become familiar with code signing issues?

Every time when i deal with code signing and provisioning profiles strange things happens. Most times i get the error "no code signing identity found" and if not then something like "no matching provisioning profiles found" and "no provisioning profiles with a valid signing identity".
Although i am quiet familiar with the theory and the things behind code signing and provisioning, there are still lots of pitfalls I everytime ran into and i don't know how to deal with. Sometimes it fails when setting up a new App, sometimes not.
There are 5*2 different ways to select code signing identity. What is the difference between them? And if i select one for debug and one for release, what is the reason for the "Any iOS SDK"?
Also, there are two places giving this dialog: Project-Settings -> Buildsettings is the first place, and also for the Target under Build Settings. Both are not in sync, so if i change the code signing at the first place, i have to change it twice in the second place. Is there a way to keep them in sync?
Which code signing identity would fit best into the various lines (debug, debug -> any ios sdk, release, release -> any ios sdk), since i can choose between developer identities and distribution identities (i could imagine, that the distribution one is for release and the developer one is for debug, but because of everything fails, i don't know.
What I did:
There a valid certificates in the Member Center deposited for each developer of our team and one for ad hoc distribution for the Team.
We also created AppIDs which reflects exactly the same setting in the Project Settings. In between we avoid using Variables and use the exactly appid also in project-settings to reduce risks on this side and to simplify things.
When switching the provisioning profile from "Automatic" to a specific Profile for this App, the code signing identities change to different values, which are also not in sync between the project settings and target build settings:
On the Target->Build Settings we get this result:
On the Project -> Build Settings we get a different result:
Which one would be more accurate?
After "Product" -> "Archive" -> "Validate" we get the following error:
It doesnt matter here if we select different Code signing identities or not. Actually, just for playing 'trail-and-error', we tried out nearly every multiple combinations of code signing identities to learn what XCode would do then.
After this error message from Archive->Validate the previous selected provisioning profile is replaced with another one named by a randomly generated string:
Who can tell me what happens here and how to solve these issues?
I've read a lot of documents regarding this topic. But most tutorials around this topic are outdated since several changes happened between XCode 4 and XCode 6. Even the apple documents offer mostly screenshots based on outdated XCode versions and also outdated versions of Member Developer Center.
Update
As Ian McDonald pointed out correctly, the last question (covered by the last 2 screenshots) is answered. After recreating the Provisioning Profile it won't be replaced by randomly generated strings, but the IPA-creation is still not working with "no code signing identities found".
What it looks like now:
you have a long question , but If you face problem with archive or publish your app there are some steps you should follow
First code signing
If you build your app with Debug , then debug must sign with iPhone developer --> general if you use many or specific one "depend of certificate you have in your key-chain "
but If you build your app with release then you should you certification iPhone distribution ---> general or specific one
Second Provisioning Profile
If you build with Debug then the provision profile Debug should match match your bundle detail and be development
release be distribution one that you create on developer apple site
I hope this help you have a look at this also please
From what I'm reading you have changed your provisioning profile in your target from "xxx.xxx" to "xxx.xxxTests" which is in fact a different bundle identifier making the error valid. You really have two courses of action:
Change your bundle identifier back to just "xxx.xxx". This is the appropriate path of least resistance.
Create a new bundle identifier in the portal as "xxx.xxxTests" as well as a new provisioning profile for "xxx.xxxTests" tied to the same certificate. With XCode closed drag the new provisioning profile onto your XCode app icon then open your project.
You shouldn't have to change your bundle identifier to conduct testing. When you go to deploy you will only have to change which provisioning profile your target is compiling with (development vs distribution).
EDIT:
I have some more tips on provisioning profiles here: How to become familiar with code signing issues?
The quick and dirty side of provisioning works like this:
When you are added to the Apple Provisioning Portal your cert is the keys to the castle. Any code you compile has to be associated with your cert or you won't be able to properly compile/export your code.
Your bundle identifier is essentially the way iOS identifies your application. Conceptually speaking if you want to install your app multiple times on the same device create multiple bundle identifiers.
Your provisioning profile ties all of the pieces together. The prov profile tells XCode that you plan on using your cert to compile your app identified by your bundle identifier. If it's a development build it will only the devices specifically assigned to the prov profile in the portal will be able to install your app.
Within XCode you need to make sure your target bundle identifier matches what bundle identifier is in the provisioning profile. Likewise make sure your code signing identity matches the cert you setup in the portal and tied to the provisioning profile. Lastly select the appropriate provisioning profile from the drop down list below the code signing identity.

Xcode6 error: "No matching provisioning profiles found for application"

I'm trying to submit my iOS app in Xcode6. When I click Submit or Validate in the organizer, a window pops up that says:
Failed to locate or generate matching signing assets:
Xcode attempted to locate or generate matching signing assets and
failed to do so because of the following issues:
No matching provisioning profiles found for "Applications/MyApp.app”
None of the valid provisioning profiles allowed the specified
entitlements: application-identifier, beta-reports-active,
keychain-access-groups.
I have created a distribution provisioning profile for this app in the member center and it appears in Xcode.
I've looked around and have not found anything online that has told me how to fix this. Can anyone help? Thanks.
Andy
There's a couple possibilities for your issue, but the main causes is what I got from experience as well as other SO answers.
Your certificate or profile is outdated, in which case you have to go and regenerate your profiles again. I had this problem before, but Apple has described (partially) this issue.
You haven't set your profile in the Build Settings/Code Signing area, along with the appropriate certificates. Verify your Team in General/Identity and ensure that your profile is properly set.
From Xcode 5: Code signing entitlement errors (The image is a bit outdated, but its the same as Xcode 6):
You are using a beta version of Xcode.
#jaytrixz states: "I just removed Entitlements.plist in Code Signing Entitlements under Build Settings" which could possibly work. Be sure that your provisioning profiles are configured as well.
As jaytrixz, wrote in the comments...
"I just removed Entitlements.plist in Code Signing Entitlements under Build Settings "
I did the same and it worked after an hour of trying other things!
There are a lot of answers here, some have worked for me in the past, but not this time. I'd even created a new provisioning profile but that still did not help.
Based on the "None of the valid provisioning profiles allowed the specified entitlements" part of the error I tried the following on a hunch and it worked for me:
1. add and remove a particular Capability
Go to Targets > Capabilities, and turn one on and then off.
I doubt it matters which you choose, I added "Push Notifications" (which I don't need for my app), once it was "ON", I changed it back to "OFF"
2. Archive again
I am now successfully uploading my app to the store.
Another solution, that fixed this symptom for me, can be found at: Xcode Watchkit: None of the valid provisioning profiles allowed the specified entitlements: beta-reports-active, com.apple.security.application-groups
Briefly: clear ~/Library/MobileDevice/Provisioning Profiles
If you are sure you have valid certificate and provisioning profile, then you may need to do the following:
I would suggest people to refresh the link between xCode and developer account by doing the following:
Go to Xcode -> Preferences -> Account -> View details -> (Refresh icon)
Otherwise you may not be able to see the provisioning profile as an option in the build settings (You may only see old profiles)
A lot of times it gives me connection error, you may need to retry.
Do this refresh every time you edit the provisioning profile or certificate online on apple developer member center
If certificates and build setting are all good, and you are part of multiple teams, make sure to select the proper team for the app.
Clean and archive again.
I had another cause for this problem.
I had 3 different Configurations (Debug, AdHoc, AppStore). I accidentally had the AdHoc Configuration selected in the Archive Scheme setting and tried to upload the generated archive to the AppStore.
So setting the Archive configuration to AppStore solved the problem for me.
It's the year 2017, and the provisions are still not just working. I had to put them on manual mode because automatic didn't worked after struggling half an hour. I have no idea what are those entitlements, i have no entitlements file.
After trying every possible fix in the world, I ended up just adding this to the entitlements file:
<key>beta-reports-active</key>
<true/>
Find the right entitlements file by looking in Targets > Build Settings > Code Signing > Code Signing Entitlements.
Maybe it's something to do with this Apple doc, although I couldn't follow the instructions fully as certain things were missing in XCode 7 (e.g. the refresh icon in Preferences > Accounts).
Another possible cause for this message is if you accidentally did remove the 'target inclusion checkbox' for the entitlement file – in that case the error message is slightly misleading...
In my case, the problem was caused by different Bundle Identifier in Target General tab than in Build Setttings.
If you have only development provisionning profile, just create distribution also
I played with fastlane gym, and there it gave some interesting insights:
There was an error exporting your application Unfortunately the new
Xcode export API is unstable and causes problems on some project You
can temporary use the :use_legacy_build_api option to get the build to
work again
This is the according Bug-Report. Seems to be unfixed for month.
https://openradar.appspot.com/radar?id=4952000420642816
Building the app in legacy mode worked for me.
gym --use_legacy_build_api true
Hope, this helps anyone.
In my entitlement file for Health kit there was development key. I removed that and my problem resolved.
I hope this answer could help :)
There seem to be many possible causes of this error.
In my case, my app was an Enterprise release and I was clicking "Validate" when I should have been heading straight to "Export".
I found this in the Apple docs:
Validate or Submit is not intended to be used with Development, Ad Hoc or Enterprise builds. Ad Hoc or Enterprise distributions should skip straight to Export.
Source: https://developer.apple.com/library/content/qa/qa1830/_index.html
I ran into this issue using App Groups. To resolve, I had to log into developer.apple.com and reassign the App Group ID to my App ID.
If other solutions do not work, try going to XCode -> Preferences -> Accounts -> View Details
Now look in Provisioning Profiles section. If your provisioning profile has an action button of 'Download', click the button and download. Then try again
Create a new provisioning profile
This solution worked for me when I had this problem.
Step by step :
log onto the apple developer portal and go here : https://developer.apple.com/account/ios/profile/production
Click the [+] add button and fill in a new profile name and select your app ID
Click the Download button, and once it has downloaded double click to open that file in Xcode
Re-Archive, and this time you should be able to upload succesfully to the store

contains entitlement values that are not supported

Have created an app-id as normal.
Then created an app-store distribution profile...as normal.
Set up the game in itunes connect
Installed the profile
Built the game with GS...all goes fine.
But when I upload my binary is rejected with that error : Invalid Code Signing Entitlements
Invalid Code Signing Entitlements :
The signature for your app bundle contains entitlement values that are not supported. For the com.apple.developer.ubiquity-container-identifiers entitlement, the first value in the array must consist of the prefix provided by Apple in the provisioning profile followed by a bundle identifier suffix.
The bundle identifier must match the bundle identifier for one of your apps or another app that you are permitted to use as the iCloud container identifier.
Specifically, value "(my team bundle seed id is here).*" for key "com.apple.developer.ubiquity-container-identifiers" in basejumpxl is not supported.
Really not sure what I have done wrong...as I have done this loads of times, and never had this issue
Anyone point me in the direction of what my obvious mistake might be??
I finally successfully submitted the app, and it's now "Waiting for Review" status.
The problem is with the new "Enable for iCloud" configuration in App ID's.
Here's what I did to fix it. Hopefully this will help anyone who's having this issue.
In iOS dev portal:
Save yourself some time and just go ahead and delete the provisioning file you previously made for the new app you're trying to submit. (you may have luck by simply renewing it, but probably not.)
Go to your App ID, and click on configure. Once in configure, UNCHECK "Enable for iCloud" and click "DONE". iCloud configuration is what's causing the error. (This option had disappeared earlier, but is back again.)
Make a brand new provisioning file for Appstore distribution, and select the proper app id.
Download this new provisioning file.
Add this newly downloaded provisioning file into Xcode's organizer. Easiest way is to just drag and drop the file overtop Xcode's app icon.
Re-publish your game in Gamesalad, making sure to choose the NEW provisioning file you just created. (I went ahead and deleted the problematic provisioning file so I didn't get confused and accidentally choose the wrong one when publishing.)
Re-submit through Application Loader.
Hope this helps. :)

Resources