I have several accounts configured in Xcode under Preferences/Accounts and I use Xcode to generate certificates.
It generated a wildcard provisioning profile for all the accounts I have, with the name iOS Team Provisioning Profile: * but I can't find a way to choose which client's wildcard profile do I want to use because I have different certificates for all of them and I'd like to use the appropriate profile with the right account for each client. Now I only see the one that was last updated.
Does anybody know how to solve this?
If you have some 3rd party plugins or any other tricks/hacks I'd more than love to hear those.
No I don't think you can do anything about this, Its happening to me too, Xcode takes the WildCard ID of the Last updated Account which you add, If you want to use a Specific account to sign your app with you would have to use the developing Profile corresponding to your bundle ID, which are generated by Xcode automatically
Related
I would like to re-generate a set of provisioning profiles using App Store Connect API.
There are methods for creating new profiles, deleting existing, but I see no method to update profiles.
Is anyone aware of such a method?
The need to regenerating is that there is a big number of these profiles and I need to update the profiles preserving all the information but the certificate, which is going to expire soon.
It is possible to regenerate manually in the console, but I would prefer a pretty small script for this.
Thank you in advance.
The api doesn't support editing or updating a provisioning profile as far as I am aware.
Instead it is possible to get the details from the old provisioning profile then make a new provisioning profile with those details. Then delete the old profile.
You'd need to give it a new name, I'd personally either use a number or an alternating pattern at the end of the provisioning profile name to ensure Apple unique name constraint is upheld.
Just came across this on apple Keychain Services Concepts
Note: On iPhone, Keychain rights depend on the provisioning profile
used to sign your application. Be sure to consistently use the same
provisioning profile across different versions of your application.
I also know that provisioning profiles can change for many reasons, including adding a new functionality like push notification, adding watch support, or even adding a new team member.
Now am I correct to assume that whenever above changes occur, new versions of my app will no longer be able to access keychain items that were created with previous versions?
Thanks!
I don't think your assumption is right. The Keychain Acces only depends on the bundle identifier of your application and the profile which was first used to create the app. If it would depend of your code-provisioning profiles changes, indeed what you said would be correct, but if so, the bussinesses and the enterprises would be totally unable to develop updates for their applications, which would have also included the old info stored in the Keychain. That's because in a bussiness, people come and leave often!
Note: On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application.
You can add a team member, configure a push notification services and so on, as long as the provisioning profile stays the same.
Note: If you change the provisioning profile just to add a team member, yes, your assumption is right, but it just isn't the best way of doing this. Rather, I recommend reading this tutorial (on how to add a team member to a provisioning profile).
keychain directly depepds on Bundle id , if bundle id remain same then your app can acess keychain , so provisioning profile should map the same bundle id if app needs to acccess keychain.
A newly generated provisioning profile no longer seems to be compatible with older versions of the same app. The new app does work with the new profile, however we do not want to upgrade all apps which are linked to older version backends and are not all compatible with the newest app. We do need to renew the profiles shortly in order to keep the old apps working. We have done this before, but now we are having the following issues.
When opening the app with an updated provisioning profile, it fails with this message in the console log:
entitlement 'com.apple.developer.team-identifier' has value not permitted by provisioning profile 'My Profile'
When examining the profile, it turns out that the array containing team identifiers is now no longer an array, but a single element.
Previous provisioning profile:
<key>com.apple.developer.team-identifier</key>
<array>
<string>SomeIdentifier</string>
</array>
Renewed provisioning profile:
<key>com.apple.developer.team-identifier</key>
<string>SomeIdentifier</string>
Is it possible to add a team identifier to an iOS provisioning profile? That way it would become an array again.
In the Xcode project, I was able to find the team identifier in two places. In the pbxproj file and in a certificate. It doesn't look like it is possible to add any identifiers in the project for the same target since it's a key-value pair style assignment.
I also tried to hack the new provisioning profile and just wrap the array tags around the item (hoping it would fall outside the signature scope). Unfortunately Xcode crashes when I try to install the hacked profile to a device (probably does not handle signature exceptions).
Any way to add an identifier or an other way to get a renewed profile compatible would be greatly appreciated.
I don't think there is any way to edit provisioning profile the way you are looking. If there is then it will be Apple security breach.
Early days, We had same issues with our Enterprise Apps where App stopped opening for all our users - and the problem was certificate expired. I couldn't find to renew on the fly for Enterprise Apps like we do for AppStore Apps.
I had to automate process of creating same IPA with renewed certificate through Jenkins and storing it on server, App picks up new binary automatically and ask users to upgrade it.
If you can find out any other good way - I would be interested :-)
I am invited as a team member to a developer account. I need to send them a demo application via testflight. I checked inside the application ids list and there is no application created for this purpose. I am not able to create one either, since I only have "team member rights". What I can do though, is to download an IOS Team Provisioning Profile of Development type, that is created with the app id: Xcode IOS Wildcard App ID(*).
All good and nice, but when I chose from X-Code the team that I am a member of, it tells me that "No Code Signing Identity Found". If I press Fix issue, I get the message "Your account already has a valid certificate" and that I can revoke and request a new one.
What should I do? Is the wildcard provisioning profile a viable option to create an archive?
What does it mean that I revoke my signing identity and request a new one? Does the developer account owner need to create a new certificate specifically for me? Or what is I don't understand about it? Is the signing identity related at all to the developer account? Or I will receive a new one automatically? Can anyone explain in a bit more detail, so that I understand properly?
A wildcard simply means that it can apply to any app. If an app doesn't plan to use application specific requirements, like iCloud or inAppPurchases, then a wildcard profile is fine to use for the rest of your apps. In general, there is no need to download new profiles or certificates from develop.apple.com; you can manage them directly from xCode via Preferences>Accounts>View Detail.
The answer was simpler then I thought, however it has created an unpleasant situation.
The thing was that XCode downloads automatically the code signing identity if you have agent/admin privileges. However, if you are only a team member and no admin/agent rights, you will not get a signing identity downloaded automatically, so you will need to ask the owner of the account to create a provisioning profile using the certificate that he needs to approve for you,( requested by you via xcode), or it should simply send you the certificate used to create the provisioning profile that you are going to use (this last one is not the preferred method).
If you have been already invited, you only need to:
In Xcode, go to Preference>accounts
Select the company name in the bottom right - then click view Details
In the top screen (signing identities), click the + to get a new signing identity
You can confirm that has worked by going to the iOS member center and checking in the Certificates, Identifiers & Profiles. You will see your new certificate with your name.
I'm so confused -
after an entire day's struggle, i finally figured out how to submit my app to Apple via archiving & distributing from xcode.
... that was my free version
now i made my code changes, and on my pList file, i changed the Bundle Identifier to com.blah.mygame.pro instead of com.blah.mygame.lite
i also changed the Bundle name to be My Game Pro instead of My Game Lite
but now i'm confused - when i click on the project in Xcode, and i hit "Target" instead of "Project", i can't find my release/distribution profile! (my develop/debug profile) is still there.
if i were to click Project instead of Targets then i actually do see my previous distribution profile.
however, in my develloper portal, i had actually set my distribution profile to be linked up with the "com.blah.mygame.lite" identifier. was i not supposed to do this???
weirdly enough, when i made my distrubution profile earlier today, i say something like "mygame * -" or something that i coulda linked it to. but i just chose com.blah.mygame.lite without thinking
are you supposed to have multiple distribution profiles? one for every app? what i just want a lite and pro version?
** edit:
bonus points for this:
if i only needed 1 provisioning profile, (and since i messed up naming my previous provisioning profiles)... how do i rename all my distribution profiles without it interfering/messing up with my apps?? it's already submitted and awaiting approval
* EDIT # 2:
okay, i got both apps submitted with 2 separate distribution profiles.
however, is there any way that i can rename a distribution profiles while the app being submitted is still using it??
i had mistakenly named it "My Company Distribution Profile" when i should have named it "Distribution Profile for My Game Pro Version"
You have two options for fixing it:
Use a AppId like. com.blah.mygame.* . You can replace the * with any number of strings and use it for creating different application.
I won't recommend this approach, because the issue with this is you won’t be able to use push services or in-app purchases. You might not plan to use these services now, but if you change your mind, you won’t be able to change your app ID without creating a new app.
Create different AppId for different Apps. It'll be a good approach
Sounds like you're using a single AppID for both of your apps. You can only use one provisioning profile for multiple apps only if the AppID bound to that profile has a wildcard (e.g. "com.sample.*").
quoted from the iOS Provisioning Portal:
The Bundle Identifier portion of an App ID can be substituted with a
wild-card character (asterisk '*') so that a single App ID may be used
to build and install multiple applications. If the wild-card character
is not used, the Bundle Identifier portion of your App ID must be
input as your CF Bundle ID in Xcode to allow the application to
install on your device. The Bundle Seed ID portion of your App ID does
not need to be input into Xcode. Wild-card App IDs cannot be used with
the Push Notifications or for In-App Purchase.
I hope you have created an AppId with this bundle identifier com.blah.mygame.lite and created a distribution profile linked with this AppId. By doing like that, you can run or archive your apps only if it is having the same AppId like this com.blah.mygame.lite. If you want to create an AppId to run all apps, then you need a Wildcard AppId like this com.* . And If you think you need to run the app with AppId com.blah.mygame.pro then you need to create another appId like that and associate that appId with another distribution profile or modify the old one and download and install it and use.
There is no need of distribution profile for every app....one is enough for every time but
your bundle identifier is same as you given in your distribution provisioning profile when
you create it first time....