Blog moving

March 31, 2009

This blog is moving to:


Debugging iPhone provision profiles/certificates

July 16, 2008

If you’re in the iPhone Developer Program, you’ll be able to run you code in a phisical device, with the following process:

  • Create a Certificate Signing Request (CSR) and submit to the developer portal
  • Download and install the code singing certificate (Development/Distribution certificate) to your Keychain
  • Download and install the WWDR certificate
  • Create/Download a Provisioning profile listing the devices you intend to run the program on
  • Install the provisioning profile to your development machine by dropping it into iTunes
  • Set the Certificate/Provision profile in your XCode project

Throubleshooting/things to verify:

First re-read iPhone Developer Portal Program Guide PDF to make sure you’ve followed every step correctly.
The two basic types of issues you can have:

  • The app is not signed
  • The app is signed, but you cannot run/load it into the device

Verifying if your app is signed

You can check if you app is signed by verifying the followin 2 things:

  • There was a CodeSign step during the build
  • The built package contains a CodeResource and embedded.mobileprovision

If it’s not signed double check the followings:

  • XCode project is set up correctly Code Sigining Identity is: iPhone Development: yourname or iPhone Distribution: yourname and the Code signing provisioning profile is set to a porfile you’ve downloaded. It shouldn’t be Default provisioning profile for code signing identity
  • If you set these things at project level make sure they aren’t overriden in target level
  • Voodoo: Quit XCode, clean, rebuild

If you can’t even select the provisioning profile in XCode check the followings:

  • Is the active target in XCode the same as the settings you’re editing? Here is the thing: it seems that the provision profile popup contains profiles matching the active target’s certificate (and no the one you’re editing). So make sure that you select the current configuration in Project/Set Active Build Configuration
  • Do you have the WWDR certificate installed? Check Apple Wordwide Developer Relations Certification in Keychain
  • Do you have my Distribution Certificate in keychain? Check for 'iPhone Developer: name' and/or 'iPhone Distribution: name' in Keychain. There should be a gray trinangle to the left of if, and on open it should show your private key.
  • Do you have the provisioning profile installed in ~/Library/MobileDevice/Provisioning Profiles/. Drag and drop the profile to iTunes to fix this.

The app is signed, but you cannot run/load it into the device

First get iPhone Configuration Utility, it’s a great app to get more information, you can check your console log, install single application and check installed provisioning profiles.

  • Do you have the provisioning profile installed to your iPhone? Use iPhone Configuration Utility to verify

There can be also issues with App-ID that will prevent from application to run.

  • In my experiecnce you should just use * as app id.
  • If you have a entitlement 'application-identifier' has value not permitted by provisioning profile in your iPhone console log, then try using a wildcard (*) App ID

Ad Hoc profiles:

I just couldn’t get Ad Hoc profiles to work. I always have this error in my iPhone console log:
entitlement 'get-task-allow' has value not permitted by provisioning profile
I’ve tried following every step of the iPhone Developer Portal Program Guide PDF, and i still get this.
In iTunes i either get a 0xE8000001 or 0xE8000013 when trying to install an application with an AdHoc provisioning profile.

Update: Apple has just updated the instructions in iPhone Developer Portal Program Guide PDF. They now tell to add ‘Entitlements.plist’ with ‘get-task-allow’ set to false to the Entitlements.
You should also verify your provision profile with a text editor. The plist embedded should contain these lines:


You should also remove old provision profiles without the iPhone (Use iPhone Configuration Utility). As having a bad provisioning profile will prevent your app from installing.

OSX 10.5.3: enable Gmail Contact Sync without iPhone

June 7, 2008

10.5.3 adds ability to sync your address book with gmail contact list.

Unfortunately it only enabled if you’ve ever connected iPhone/iPod touch to your mac.
You can use the following terminal command, to enable the syncing option, if your mac have never seend an iPhone.

defaults write Devices -dict-add 000A27001A56740D '{ "Family ID" = 10001; }'

note this is a single line, and not a two line command.

Ruby 1.9 porting tips/notes

April 15, 2008
  1. formal argument cannot be an instance variable:
    In ruby1.8 it’s possible to use an instance variable as a block argument:

    class Foo
      attr_accessor :bar
      def test
         [1,2,3].each {|@bar| }
         # @bar will be 3 here

    This no longer works in ruby1.9, you as it always creates a new local variable block argument. The equivalent in ruby1.9:

    class Foo
      attr_accessor :bar
      def test
         [1,2,3].each {|bar| @bar=bar }
         # @bar will be 3 here
  2. warning: shadowing outer local variable:
    In ruby1.9 the block arguments are always local to block, in ruby1.8 if there’s an existing variable with the same name, the block parameter will use that one:  

    i = 0
    [1,2,3].each {|i| }
    puts i

    This will print 0 in ruby1.9, as the variables named i inside/outside the block are different, and 3 in ruby1.8, as here the block reuses the outside variable i.

    As with most warning, this warning doesn’t means that your code is incorrect, only that it might be incorrect.
    For example the code bellow works the same in ruby1.9 and 1.8:

    options = options.inject({}) do |options,pair|
      options[pair.first.to_sym] = pair.last.to_sym; options

    It still makes sense to rewrite the above code just to supress warnings.

    Note: You should set RUBYOPT to -w, or start your program with ruby -w, for this warning to show up

  3. syntax error, unexpected ‘,’, expecting tASSOC
    ruby1.8 supports , in hash definition, in 1.9 you have to use =>.  

    So the following valid ruby1.8:


    has to be rewritten in ruby1.9:

    {"a" => "b"}
  4. invalid multibyte char:
    the default encoding in ruby 1.9 for files is US-ASCII, if you have a non ASCII character in your text file you have to specify the encoding of the source code. You can do it by adding the following line to your ruby file:  

    # coding:utf-8
  5. NoMethodError: undefined method `to_a’ for “…”:String:
    In Ruby1.8 the String class has a to_a method, so in ruby1.8 you can write:

    lines = string.to_a

    The equivalent in ruby1.9 is:

    lines = string.lines.to_a
    # chars = string.chars.to_a # to get array of chars
    # bytes = string.bytes.to_a # to get array of bytes

    The issue with this solution, is that the ruby1.9 solution is not compatible with ruby1.8.

    Some ideas for a ruby1.9 and ruby1.8 compatible solution:

    The first one is to add a lines method to the String, so you can use the ruby1.9 syntax:

    unless String.method_defined?(:lines) then
      class String
        def lines

    The downside is that this lines method is not 100% compatible with ruby1.9 String#lines – for example string.lines(“\n\r”) won’t work. 

    The second one is to check at each call whether it has the lines method:

    if str.respond_to?(:lines) then
      lines = string.lines.to_a
      lines = string.to_a
  6. unexpected ‘:’, expecting keyword_then or ‘,’ or ‘;’ or ‘\n’:
    case or if with : instead of then  

    Ruby1.8 allows the use of : shortcut instead of then in if and case expressions. In Ruby1.9 this is no more allowed.

    case 'test'
      when 'test': print 'OK'

    In ruby1.9 you’ll get a syntax error, so you have to replace the ‘:’ with ‘then’

    case 'test'
      when 'test' then print 'OK'
  7. no such file to load — base64:
    require "base64": ruby 1.9 ships without base64. You should use Array#pack, unpack  

     require 'base64'
     enc = Base64.encode64('Send reinforcements')
     plain = Base64.decode64(enc)

    In ruby1.9 you can write:

    enc = ['Send reinforcements'].pack( 'm' )
    plain = enc.unpack( 'm' )[0]
  8. ‘struct RString’ has no member named ‘ptr’
    ‘struct RString’ has no member named ‘len’:
    In ruby1.9 for the RString in C extensions was changed because of optimization, you should use the RSTRING_LEN, RSTRING_PTR macros instead of directly accessing the len, ptr members.  

    len = RSTRING(foo)->len
    ptr = RSTRING(foo)->ptr

    Should be changed to

    len = RSTRING_LEN(foo);
    ptr = RSTRING_PTR(foo);
  9. .methods changed from Strings to Symbols
    The contents of the methods array was changed from String to Symbol, so if you were doing something like this in ruby1.8:


    The ruby1.9 version is:


    And the following works in ruby1.8 and 1.9:

  10. TypeError: cannot assign nil; use Hash#delete instead
    In ruby1.8 you can remove an environment variable by setting it to nil.
    In ruby1.9 use the delete method instead:


Related link:

AuthorizationExecuteWithPrivileges + StdErr + PID

February 7, 2006

AuthorizationExecuteWithPrivileges is a MacOSX function can be used to programmatically execute a command as root. (It presents a dialog asking for administrator password).There’s 2 information that this function doesn’t give you back:

  • executed process’s pid – so that you can wait for it, and get the exitCode of it
  • file handle to stderr
Please note that this function is probably not secure enough. (But probably not much worse than most uses of AEWP). See the BetterAuthorizationSample code for truly secure solution.

My AuthorizationExecuteWithPrivilegesStdErrAndPID tries to overcome both limitation. Here’s the code.

Eclipse launcher

January 22, 2006

The eclipse laucnher on MacOSX has the following problem:

If you store it in dock it creates a second icon.

Current architecure of the Eclipse launcher:

  • an LSUIElement=1 application, => won’t have a Dock icon. It just shows a startup screen while launching the eclipse.
  • java: will have an eclipse icon, but the location is /usr/bin/java, so will be a diffrent item in the dock.


  1. shall not be an LSUIElement 1 application, so that it will appear in the dock when running.
  2. The application that shows the startupscreen shall be an LSUIElement 1 application. Packaged inside
  3. OSX shall be fooled when launching /usr/bin/java to think that is has launched from the location.

Fooling the system about the location of the laucnhed(/usr/bin/java) application:

We have 3 solutions:

  1. Before laucnhing set CFProcessPath, to the bundle executable. It works, but someone has to kill the CFProcessPath variable after eclipse started otherwise all programs started from eclipse will be behaving like it has the location. Unfortunatedly this doesn’t seems to work. Event tough the CFGetMainBundle will return the correct thing. (Eclipse package instead of Java) It won’t have the correct location displayed in the dock for Show Original. It’ll also create a different icon if the icon is in the dock.
  2. Launch with a command like this:
    This causes java to be started but when CFBundleGetMainBundle called it will return the Eclipse bundle.
  3. Write a custom java launcher app.

Runtime behaviour with (2):

  1. User clicks tha
  2. OSX starts executing and bounches the icon
  3. Eclipse app forks, and starts EclipseLaucnher. The quits bouncing stops.
  4. EclipseLaucnher starts /usr/bin/java, and fakes as the process location, this causes the icon to appear.

See Eclipse Bug 53260, cannot keep eclipse app in the Dock.

GCC dynamic_cast and type_info and symbols visibility

January 17, 2006

In one ouf our framework i have a code like this:


class DLLEXPORT DOMElement : DOMNode

virtual ~ DOMElement() {};


In the application we have code like:


#include “DOMElement.hpp”

if(node->getNodeType()== DOMNode::ELEMENT_NODE )

DOMElement* element = dynamic_cast(node);

The DLLEXPORT expands to __attrbiute((visibility(“default”)) in XMLParser.framework
The DLLEXPORT expands to __attrbiute((visibility(“hidden”)) in XMLTest

The issue is that the dynamic_cast fails by returning 0.

I see the followings:

  1. the DOMElement class has two type_info entries:
    • one inside the XMLParser.dylib with default visibility
    • one inside the XMLTest application with hidden visibiliy
  2. the linker looks for the type_info entry of DOMElement: __ZTIN10DOMElementE
    It sees a __ZTIN10DOMElementE entry marked with hidden in XMLTest.cpp.o, it also sees a the same entry marked as default in XMLParser.dyld
  3. From runtime it seems that the linker selects the hidden one. And this causes issue with dynamic_cast, as there’s two entries with the same symbol.


  • It seems that linker prefers the hidden symbol the same DSO to the visible in the different DSO?! Is this a rule?!

It seems to make sense: You have a DSO with NewWindow, then you have an internal function called NewWindow (“hidden”). If the linker should choose, it should prefer the “hidden” one to the one in different framework.

  • If so wouldn’t it be logical to have an “imported” visibility, where the visible symbol in the different DSO would be preferred over the “imported” symbol in the same DSO.
  • Setting the type_info visible in both modules seems to solve the problem. Why? What happens if the linker sees 2 visible entries, one in the actual module the other in a different DSO?!