I'm trying to install a beta app to an iOS device and am hosting the manifest.plist and IPA file on HTTPS with a self-signed certificate. When I hit the itms-services:// link, I get an error of "Cannot connect to <ip address>".
itms-services link:
itms-services://?action=download-manifest&url=https://10.0.1.2:1338/ipa/manifest.plist
plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>https://10.0.1.2:1338/ipa/test.ipa</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>com.company.test</string>
<key>bundle-version</key>
<string>1.0</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string>test</string>
</dict>
</dict>
</array>
</dict>
</plist>
Try adding your certificate to the trusted ones (probably, easiest thing to do is to mail a cer file to device and open it from standard mail app to install).
Another thing you need to make sure is that your server supports TLS 1.2 and Forward Secrecy.
You can use nscurl --ats-diagnostics https://example.com/app.ipa to check if everything done right.
Its possible:
Create the certificate file (export as DER encode X.509)
Access file from device via HTTP (like the manifest.plist in your example)
Agree to install it in device
Turn it on: https://support.apple.com/en-au/HT204477
Related
I am currently using a plist to run a shell script.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.name.set</string>
<key>Program</key>
<string>/Users/username_here/Desktop/simple.sh</string>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>5</integer>
<key>StandardErrorPath</key>
<string>/tmp/com.name.example.stderr</string>
<key>StandardOutPath</key>
<string>/tmp/com.name.example.stdout</string>
</dict>
</plist>
This works! But when I change the program name to be
<string>/Desktop/simple.sh</string>
it doesn't run the script. also ~/Desktop/simple.sh does not work.
Is there a way to run the script without knowing the username and using an absolute path?
I am also getting this error message when I tail launchd.
com.apple.xpc.launchd[1] (com.name.example[8178]): Service could not initialize: 14F27: xpcproxy + 13421 [1402][AD0301C4-D364-31CE-8BA7-B5DBECE64D0A]: 0x2
Thanks!
Using a shell as arg0 and giving it a path relative to the user's home folder works for me:
<key>ProgramArguments</key>
<array>
<string>zsh</string>
<string>-c</string>
<string>~/CLI/scripts/list_open_jira_tickets --skip=5297 > ~/CLI/tmp/open_jira_tickets.txt</string>
</array>
If daemon is run as a per-user agent (installed in ~/Library/LaunchAgent) you can use a period get the relative path. Which would be the home folder (~/)
So you can do this:
<key>Program</key>
<string>./Desktop/simple.sh</string>
It might be nicer to save your program next to your plist:
./Library/LaunchAgents/simple.sh
I added this to my app Info.plist file to opt out of ATS:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Still getting this error when I try to do a GET request from my http resource (have no control over the server):
App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
My complete Plist file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>com.owlpixel.xxxxx</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>FMWK</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>$(CURRENT_PROJECT_VERSION)</string>
<key>NSPrincipalClass</key>
<string></string>
</dict>
</plist>
ATS should be disabled, why does it still block me? any ideas?
You should give following code in your plist.
NSAllowArbitraryLoads boolean yes
SOURCE for question is below
Transport security has blocked a cleartext HTTP
Try to find if there are a lot of .plist files in you Xcode project (or Workspace).
I had the same problem and it was resolved by finding all Info.plist files in my Workspace and adding NSAppTransportSecurity logic to responsible for external (http://) calls .plist file.
Heyy, I have spent the last day or so racking my brain trying and failing to disable the ATS, I know it is deemed bad too, but I am currently only working on the app internally. I have tried many suggestions online to no avail, latest try below of info.plist. I am lost as to what to do?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>BNDL</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>localhost</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
</dict>
</plist>
Debug console eror print
error=Optional(Error Domain=NSURLErrorDomain Code=-1022 "The resource
could not be loaded because the App Transport Security policy requires
the use of a secure connection."
UserInfo={NSUnderlyingError=0x7f9670e85620 {Error
Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"},
NSErrorFailingURLStringKey=http://localhost/sfc/manualorder.php,
NSErrorFailingURLKey=http://localhost/sfc/manualorder.php,
NSLocalizedDescription=The resource could not be loaded because the
App Transport Security policy requires the use of a secure
connection.})
If you want to disable ATS, you can just add this to the Info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
And when you're finished working on your app, you can re enable it and go granular with whitelisting your domains.
Like this, the first includes all subdomains and the second does not:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>maindomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
<key>other.domain.net</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
One added step that you may require if you're testing on simulator, is to both clean the project and reset the content and settings of the simulator, then build and run again.
I am trying to setup Yaws (installed via Homebrew) to start automatically under OS X Yosemite using the following PLIST:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>ca.seidlitz.yaws</string>
<key>ProgramArguments</key>
<array>
<string>sh</string>
<string>-c</string>
<string>/usr/local/Cellar/yaws/1.98/bin/yaws --daemon --conf /usr/local/Cellar/yaws/1.98/etc/yaws/yaws.conf</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>WorkingDirectory</key>
<string>/usr/local/opt/yaws</string>
<key>StandardOutPath</key>
<string>/tmp/yaws.log</string>
<key>StandardErrorPath</key>
<string>/tmp/yaws_err.log</string>
</dict>
</plist>
I tried to load this plist using sudo launchctl load /Library/LaunchDaemons/ca.seidlitz.yaws.plist
but with no luck. I don't get any error in /var/system.log, while the /tmp/yaws.log contains this error: "1> *** Terminating erlang (nonode#nohost)"
I also tried running it as daemon and in interactive mode. Daemon doesn't generate any errors in the log file but Yaws is not running.
Can anyone spot any issues with the plist?
You should make the /usr/local/Cellar/yaws/1.98/bin/yaws script executable if it isn't already, get rid of the sh -c invocation, and properly declare the yaws script and its arguments as separate strings, all like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>ca.seidlitz.yaws</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/Cellar/yaws/1.98/bin/yaws</string>
<string>--daemon</string>
<string>--conf</string>
<string>/usr/local/Cellar/yaws/1.98/etc/yaws/yaws.conf</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>WorkingDirectory</key>
<string>/tmp</string>
<key>StandardOutPath</key>
<string>/tmp/yaws.log</string>
<key>StandardErrorPath</key>
<string>/tmp/yaws_err.log</string>
</dict>
</plist>
When loading my .strings file for localization via this command: --strings-file ja.lproj/localizable.strings en.lproj/AdvancedSearchView.xib --write ja.lproj/AdvancedSearchView.xib I continually get this error:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.ibtool.errors</key>
<array>
<dict>
<key>description</key>
<string>The strings file "localizable.strings" could not be applied.</string>
<key>recovery-suggestion</key>
<string>The stringsfile localizable.strings could not be parsed.</string>
<key>underlying-errors</key>
<array>
<dict>
<key>description</key>
<string>The strings file "localizable.strings" could not be applied.</string>
<key>recovery-suggestion</key>
<string>The stringsfile localizable.strings could not be parsed.</string>
</dict>
</array>
</dict>
</array>
</dict>
</plist>
However, when I load my file into plutil via plutil -p ja.lproj/localizable.strings the strings file parses correctly. Any help as to have ibtool parse the file correctly would be highly appreciated.