Blog moving

This blog is moving to: http://www.unittested.com/blog

Debugging iPhone provision profiles/certificates

If you’re in the iPhone Developer Program, you’ll be able to run you code in a phisical device, with the following process:

–
• Create a Certificate Signing Request (CSR) and submit to the developer portal
• Download and install the code singing certificate (Development/Distribution certificate) to your Keychain
• Download and install the WWDR certificate
• Create/Download a Provisioning profile listing the devices you intend to run the program on
• Install the provisioning profile to your development machine by dropping it into iTunes
• Set the Certificate/Provision profile in your XCode project

Throubleshooting/things to verify:

First re-read iPhone Developer Portal Program Guide PDF to make sure you’ve followed every step correctly.
The two basic types of issues you can have:

• The app is not signed
• The app is signed, but you cannot run/load it into the device

Verifying if your app is signed

You can check if you app is signed by verifying the followin 2 things:

• There was a CodeSign step during the build
• The built package contains a CodeResource and embedded.mobileprovision

If it’s not signed double check the followings:

• XCode project is set up correctly Code Sigining Identity is: iPhone Development: yourname or iPhone Distribution: yourname and the Code signing provisioning profile is set to a porfile you’ve downloaded. It shouldn’t be Default provisioning profile for code signing identity
• If you set these things at project level make sure they aren’t overriden in target level
• Voodoo: Quit XCode, clean, rebuild

If you can’t even select the provisioning profile in XCode check the followings:

• Is the active target in XCode the same as the settings you’re editing? Here is the thing: it seems that the provision profile popup contains profiles matching the active target’s certificate (and no the one you’re editing). So make sure that you select the current configuration in Project/Set Active Build Configuration
• Do you have the WWDR certificate installed? Check Apple Wordwide Developer Relations Certification in Keychain
• Do you have my Distribution Certificate in keychain? Check for 'iPhone Developer: name' and/or 'iPhone Distribution: name' in Keychain. There should be a gray trinangle to the left of if, and on open it should show your private key.
• Do you have the provisioning profile installed in ~/Library/MobileDevice/Provisioning Profiles/. Drag and drop the profile to iTunes to fix this.

The app is signed, but you cannot run/load it into the device

First get iPhone Configuration Utility, it’s a great app to get more information, you can check your console log, install single application and check installed provisioning profiles.

• Do you have the provisioning profile installed to your iPhone? Use iPhone Configuration Utility to verify

There can be also issues with App-ID that will prevent from application to run.

• In my experiecnce you should just use * as app id.
• If you have a entitlement 'application-identifier' has value not permitted by provisioning profile in your iPhone console log, then try using a wildcard (*) App ID

Ad Hoc profiles:

I just couldn’t get Ad Hoc profiles to work. I always have this error in my iPhone console log:
entitlement 'get-task-allow' has value not permitted by provisioning profile
I’ve tried following every step of the iPhone Developer Portal Program Guide PDF, and i still get this.
In iTunes i either get a 0xE8000001 or 0xE8000013 when trying to install an application with an AdHoc provisioning profile.

Update: Apple has just updated the instructions in iPhone Developer Portal Program Guide PDF. They now tell to add ‘Entitlements.plist’ with ‘get-task-allow’ set to false to the Entitlements.
You should also verify your provision profile with a text editor. The plist embedded should contain these lines:

<key>Entitlements</key>
<false>

You should also remove old provision profiles without the iPhone (Use iPhone Configuration Utility). As having a bad provisioning profile will prevent your app from installing.

OSX 10.5.3: enable Gmail Contact Sync without iPhone

10.5.3 adds ability to sync your address book with gmail contact list.

Unfortunately it only enabled if you’ve ever connected iPhone/iPod touch to your mac.
You can use the following terminal command, to enable the syncing option, if your mac have never seend an iPhone.

defaults write com.apple.iPod Devices -dict-add 000A27001A56740D '{ "Family ID" = 10001; }'

note this is a single line, and not a two line command.

Ruby 1.9 porting tips/notes

1. formal argument cannot be an instance variable:
   In ruby1.8 it’s possible to use an instance variable as a block argument:

   class Foo
     attr_accessor :bar
     def test
        [1,2,3].each {|@bar| }
        # @bar will be 3 here
     end
   end
   

   This no longer works in ruby1.9, you as it always creates a new local variable block argument. The equivalent in ruby1.9:

   class Foo
     attr_accessor :bar
     def test
        [1,2,3].each {|bar| @bar=bar }
        # @bar will be 3 here
     end
   end
   

2. warning: shadowing outer local variable:
   In ruby1.9 the block arguments are always local to block, in ruby1.8 if there’s an existing variable with the same name, the block parameter will use that one:  

   i = 0
   [1,2,3].each {|i| }
   puts i
   

   This will print 0 in ruby1.9, as the variables named i inside/outside the block are different, and 3 in ruby1.8, as here the block reuses the outside variable i.

   As with most warning, this warning doesn’t means that your code is incorrect, only that it might be incorrect.
   For example the code bellow works the same in ruby1.9 and 1.8:

   options = options.inject({}) do |options,pair|
     options[pair.first.to_sym] = pair.last.to_sym; options
   end
   

   It still makes sense to rewrite the above code just to supress warnings.

   Note: You should set RUBYOPT to -w, or start your program with ruby -w, for this warning to show up

3. syntax error, unexpected ‘,’, expecting tASSOC
   ruby1.8 supports , in hash definition, in 1.9 you have to use =>.  

   So the following valid ruby1.8:

   {"a","b"}
   

   has to be rewritten in ruby1.9:

   {"a" => "b"}
   

4. invalid multibyte char:
   the default encoding in ruby 1.9 for files is US-ASCII, if you have a non ASCII character in your text file you have to specify the encoding of the source code. You can do it by adding the following line to your ruby file:  

   # coding:utf-8
   

5. NoMethodError: undefined method `to_a’ for “…”:String:
   In Ruby1.8 the String class has a to_a method, so in ruby1.8 you can write:

   lines = string.to_a
   

   The equivalent in ruby1.9 is:

   lines = string.lines.to_a
   # chars = string.chars.to_a # to get array of chars
   # bytes = string.bytes.to_a # to get array of bytes
   

   The issue with this solution, is that the ruby1.9 solution is not compatible with ruby1.8.

   Some ideas for a ruby1.9 and ruby1.8 compatible solution:

   The first one is to add a lines method to the String, so you can use the ruby1.9 syntax:

   unless String.method_defined?(:lines) then
     class String
       def lines
         to_a
       end
     end
   endif
   

   The downside is that this lines method is not 100% compatible with ruby1.9 String#lines – for example string.lines(“\n\r”) won’t work. 

   The second one is to check at each call whether it has the lines method:

   if str.respond_to?(:lines) then
     lines = string.lines.to_a
   else
     lines = string.to_a
   end
   

6. unexpected ‘:’, expecting keyword_then or ‘,’ or ‘;’ or ‘\n’:
   case or if with : instead of then  

   Ruby1.8 allows the use of : shortcut instead of then in if and case expressions. In Ruby1.9 this is no more allowed.

   case 'test'
     when 'test': print 'OK'
   end
   

   In ruby1.9 you’ll get a syntax error, so you have to replace the ‘:’ with ‘then’

   case 'test'
     when 'test' then print 'OK'
   end
   

7. no such file to load — base64:
   require "base64": ruby 1.9 ships without base64. You should use Array#pack, unpack  

    require 'base64'
    enc = Base64.encode64('Send reinforcements')
    plain = Base64.decode64(enc)
   

   In ruby1.9 you can write:

   enc = ['Send reinforcements'].pack( 'm' )
   plain = enc.unpack( 'm' )[0]
   

8. ‘struct RString’ has no member named ‘ptr’
   ‘struct RString’ has no member named ‘len’:
   In ruby1.9 for the RString in C extensions was changed because of optimization, you should use the RSTRING_LEN, RSTRING_PTR macros instead of directly accessing the len, ptr members.  

   len = RSTRING(foo)->len
   ptr = RSTRING(foo)->ptr
   

   Should be changed to

   len = RSTRING_LEN(foo);
   ptr = RSTRING_PTR(foo);
   

9. .methods changed from Strings to Symbols
   The contents of the methods array was changed from String to Symbol, so if you were doing something like this in ruby1.8:

   Object.methods.include?("to_s")
   

   The ruby1.9 version is:

   Object.methods.include?(:to_s)
   

   And the following works in ruby1.8 and 1.9:

   object.respond_to?(:some_method)
   

10. TypeError: cannot assign nil; use Hash#delete instead
    In ruby1.8 you can remove an environment variable by setting it to nil.
    In ruby1.9 use the delete method instead:

    ENV.delete('MY_ENV_VARIABLE')
    

Related link:

• Porting REXML to ruby 1.9
• Mongrel on ruby1.9
• Matz on ruby1.9 – RubyConf 2007
• Matz on ruby1.9 – EURUKO2008
• Matz on ruby1.9 Google tech talks
• Migrating to ruby 1.9 by Bruce Williams
• Getting Code Ready for Ruby 1.9
• Installing ruby 1.9 on MacOSX
• Purpose of Ruby 1.9? – what is/isn’t 1.9.0, 1.9.1, and 2.0.x
• Ruby 1.9 – Right for you?

AuthorizationExecuteWithPrivileges + StdErr + PID

AuthorizationExecuteWithPrivileges is a MacOSX function can be used to programmatically execute a command as root. (It presents a dialog asking for administrator password).There’s 2 information that this function doesn’t give you back:

• executed process’s pid – so that you can wait for it, and get the exitCode of it
• file handle to stderr

Please note that this function is probably not secure enough. (But probably not much worse than most uses of AEWP). See the BetterAuthorizationSample code for truly secure solution.

My AuthorizationExecuteWithPrivilegesStdErrAndPID tries to overcome both limitation. Here’s the code.

Eclipse launcher

The eclipse laucnher on MacOSX has the following problem:

If you store it in dock it creates a second icon.

Current architecure of the Eclipse launcher:

• Eclipse.app: an LSUIElement=1 application, => won’t have a Dock icon. It just shows a startup screen while launching the eclipse.
• java: will have an eclipse icon, but the location is /usr/bin/java, so will be a diffrent item in the dock.

Fixes:

1. Eclipse.app shall not be an LSUIElement 1 application, so that it will appear in the dock when running.
2. The application that shows the startupscreen shall be an LSUIElement 1 application. Packaged inside Eclipse.app
3. OSX shall be fooled when launching /usr/bin/java to think that is has launched from the Eclipse.app location.

Fooling the system about the location of the laucnhed(/usr/bin/java) application:

We have 3 solutions:

1. Before laucnhing set CFProcessPath, to the bundle executable. It works, but someone has to kill the CFProcessPath variable after eclipse started otherwise all programs started from eclipse will be behaving like it has the Eclipse.app location. Unfortunatedly this doesn’t seems to work. Event tough the CFGetMainBundle will return the correct thing. (Eclipse package instead of Java) It won’t have the correct location displayed in the dock for Show Original. It’ll also create a different icon if the Eclipse.app icon is in the dock.
2. Launch with a command like this:
   exec(“/usr/bin/java”,”…Eclipse.app/Contents/MacOS/eclipse”,argv[1]..);
   This causes java to be started but when CFBundleGetMainBundle called it will return the Eclipse bundle.
3. Write a custom java launcher app.

Runtime behaviour with (2):

1. User clicks tha Eclipse.app
2. OSX starts executing Eclipse.app and bounches the icon
3. Eclipse app forks, and starts EclipseLaucnher. The Eclipse.app quits bouncing stops.
4. EclipseLaucnher starts /usr/bin/java, and fakes Eclipse.app as the process location, this causes the icon to appear.

See Eclipse Bug 53260, cannot keep eclipse app in the Dock.

GCC dynamic_cast and type_info and symbols visibility

In one ouf our framework i have a code like this:

XMLParser.dylib:
DOMElement.hpp:

class DLLEXPORT DOMElement : DOMNode
{
…
virtual ~ DOMElement() {};
…
}

In the application we have code like:

XMLTest.cpp:

#include “DOMElement.hpp”
…
if(node->getNodeType()== DOMNode::ELEMENT_NODE )

DOMElement* element = dynamic_cast(node);

The DLLEXPORT expands to __attrbiute((visibility(“default”)) in XMLParser.framework
The DLLEXPORT expands to __attrbiute((visibility(“hidden”)) in XMLTest

The issue is that the dynamic_cast fails by returning 0.

I see the followings:

1. the DOMElement class has two type_info entries:
• one inside the XMLParser.dylib with default visibility
• one inside the XMLTest application with hidden visibiliy
2. the linker looks for the type_info entry of DOMElement: __ZTIN10DOMElementE
   It sees a __ZTIN10DOMElementE entry marked with hidden in XMLTest.cpp.o, it also sees a the same entry marked as default in XMLParser.dyld
3. From runtime it seems that the linker selects the hidden one. And this causes issue with dynamic_cast, as there’s two entries with the same symbol.

Questions:

• It seems that linker prefers the hidden symbol the same DSO to the visible in the different DSO?! Is this a rule?!

It seems to make sense: You have a DSO with NewWindow, then you have an internal function called NewWindow (“hidden”). If the linker should choose, it should prefer the “hidden” one to the one in different framework.

• If so wouldn’t it be logical to have an “imported” visibility, where the visible symbol in the different DSO would be preferred over the “imported” symbol in the same DSO.
• Setting the type_info visible in both modules seems to solve the problem. Why? What happens if the linker sees 2 visible entries, one in the actual module the other in a different DSO?!

References:

• GCC Visibility documentation
• GCC FAQ/DSO

First MachOViewer release 1.0a0

I’ve just relased the first MachOViewer alpha.

Features:

1. Opens Frameworks, Bundles, Applications
2. Displays used libraries, can open used library by double clicking it’s name
3. Universal Binary aware (you can select the architecture you’re interested in in the top left corner)
4. Displays imported exported symbols filter for library name or imported symbol name.

OSX: dumping LaunchServices database

How to dump & interpret the contents of the LaunchServices database

You shall use the lsregister command:/System/Library/Frameworks/ApplicationServices.framework/Frameworks/LaunchServices.framework/Versions/Current/Support/lsregister

Examples:
cd /System/Library/Frameworks/ApplicationServices.framework/Frameworks/LaunchServices.framework/Versions/Current/Support/
lsregister local -dump

Related links
http://www.kernelthread.com/mac/apme/security/url.html
http://www.macosxhints.com/article.php?story=20031215144430486

operator::new[] overflow bug and Mac compilers

There’s a bug in the code generated operator new[] which causes potential overflow in VS C++ 2003 or previous versions. This seems to be fixed in VS C++ 2005. What about CodeWarrior and XCode (GCC 4.0):

Testcode:
struct Large {
public:
char data[256*256];
};

void testlargeallloc(long num)
{
try {
Large* large = new Large[num] ();
for (int i = 0; i rlwinm r0,r0,16,0,15
0x0000daac mr r3,r0
0x0000dab0 bl 0xde80

The effect is a bit different from pre 2005 VisualC++ where the code crashes in new. Here the program crashes when trying to access the elements.