Debugging iPhone provision profiles/certificates

July 16, 2008

If you’re in the iPhone Developer Program, you’ll be able to run you code in a phisical device, with the following process:

  • Create a Certificate Signing Request (CSR) and submit to the developer portal
  • Download and install the code singing certificate (Development/Distribution certificate) to your Keychain
  • Download and install the WWDR certificate
  • Create/Download a Provisioning profile listing the devices you intend to run the program on
  • Install the provisioning profile to your development machine by dropping it into iTunes
  • Set the Certificate/Provision profile in your XCode project

Throubleshooting/things to verify:

First re-read iPhone Developer Portal Program Guide PDF to make sure you’ve followed every step correctly.
The two basic types of issues you can have:

  • The app is not signed
  • The app is signed, but you cannot run/load it into the device

Verifying if your app is signed

You can check if you app is signed by verifying the followin 2 things:

  • There was a CodeSign step during the build
  • The built package contains a CodeResource and embedded.mobileprovision

If it’s not signed double check the followings:

  • XCode project is set up correctly Code Sigining Identity is: iPhone Development: yourname or iPhone Distribution: yourname and the Code signing provisioning profile is set to a porfile you’ve downloaded. It shouldn’t be Default provisioning profile for code signing identity
  • If you set these things at project level make sure they aren’t overriden in target level
  • Voodoo: Quit XCode, clean, rebuild

If you can’t even select the provisioning profile in XCode check the followings:

  • Is the active target in XCode the same as the settings you’re editing? Here is the thing: it seems that the provision profile popup contains profiles matching the active target’s certificate (and no the one you’re editing). So make sure that you select the current configuration in Project/Set Active Build Configuration
  • Do you have the WWDR certificate installed? Check Apple Wordwide Developer Relations Certification in Keychain
  • Do you have my Distribution Certificate in keychain? Check for 'iPhone Developer: name' and/or 'iPhone Distribution: name' in Keychain. There should be a gray trinangle to the left of if, and on open it should show your private key.
  • Do you have the provisioning profile installed in ~/Library/MobileDevice/Provisioning Profiles/. Drag and drop the profile to iTunes to fix this.

The app is signed, but you cannot run/load it into the device

First get iPhone Configuration Utility, it’s a great app to get more information, you can check your console log, install single application and check installed provisioning profiles.

  • Do you have the provisioning profile installed to your iPhone? Use iPhone Configuration Utility to verify

There can be also issues with App-ID that will prevent from application to run.

  • In my experiecnce you should just use * as app id.
  • If you have a entitlement 'application-identifier' has value not permitted by provisioning profile in your iPhone console log, then try using a wildcard (*) App ID

Ad Hoc profiles:

I just couldn’t get Ad Hoc profiles to work. I always have this error in my iPhone console log:
entitlement 'get-task-allow' has value not permitted by provisioning profile
I’ve tried following every step of the iPhone Developer Portal Program Guide PDF, and i still get this.
In iTunes i either get a 0xE8000001 or 0xE8000013 when trying to install an application with an AdHoc provisioning profile.

Update: Apple has just updated the instructions in iPhone Developer Portal Program Guide PDF. They now tell to add ‘Entitlements.plist’ with ‘get-task-allow’ set to false to the Entitlements.
You should also verify your provision profile with a text editor. The plist embedded should contain these lines:

<key>Entitlements</key>
<false>

You should also remove old provision profiles without the iPhone (Use iPhone Configuration Utility). As having a bad provisioning profile will prevent your app from installing.

32 Comments | iPhone development, Mac development | Tagged: | Permalink
Posted by boga

OSX 10.5.3: enable Gmail Contact Sync without iPhone

June 7, 2008

10.5.3 adds ability to sync your address book with gmail contact list.

Unfortunately it only enabled if you’ve ever connected iPhone/iPod touch to your mac.
You can use the following terminal command, to enable the syncing option, if your mac have never seend an iPhone.

defaults write com.apple.iPod Devices -dict-add 000A27001A56740D '{ "Family ID" = 10001; }'

note this is a single line, and not a two line command.

14 Comments | Mac development | Tagged: , , | Permalink
Posted by boga

AuthorizationExecuteWithPrivileges + StdErr + PID

February 7, 2006

AuthorizationExecuteWithPrivileges is a MacOSX function can be used to programmatically execute a command as root. (It presents a dialog asking for administrator password).There’s 2 information that this function doesn’t give you back:

  • executed process’s pid – so that you can wait for it, and get the exitCode of it
  • file handle to stderr
Please note that this function is probably not secure enough. (But probably not much worse than most uses of AEWP). See the BetterAuthorizationSample code for truly secure solution.

My AuthorizationExecuteWithPrivilegesStdErrAndPID tries to overcome both limitation. Here’s the code.




									


				

				 Comments Off on AuthorizationExecuteWithPrivileges + StdErr + PID				|  Mac development								 |  Permalink

 Posted by boga				

			

			

		
			

				
Eclipse launcher

				January 22, 2006



				

					
The eclipse laucnher on MacOSX has the following problem:


If you store it in dock it creates a second icon.


Current architecure of the Eclipse launcher:


    

  • Eclipse.app: an LSUIElement=1 application, => won’t have a Dock icon. It just shows a startup screen while launching the eclipse.
    • 

  • java: will have an eclipse icon, but the location is /usr/bin/java, so will be a diffrent item in the dock.
    • 



Fixes:


    

  1. Eclipse.app shall not be an LSUIElement 1 application, so that it will appear in the dock when running.
    2. 

  2. The application that shows the startupscreen shall be an LSUIElement 1 application. Packaged inside Eclipse.app
    3. 

  3. OSX shall be fooled when launching /usr/bin/java to think that is has launched from the Eclipse.app location.
    4. 



Fooling the system about the location of the laucnhed(/usr/bin/java) application:


We have 3 solutions:


    

  1. Before laucnhing set CFProcessPath, to the bundle executable. It works, but someone has to kill the CFProcessPath variable after eclipse started otherwise all programs started from eclipse will be behaving like it has the Eclipse.app location. Unfortunatedly this doesn’t seems to work. Event tough the CFGetMainBundle will return the correct thing. (Eclipse package instead of Java) It won’t have the correct location displayed in the dock for Show Original. It’ll also create a different icon if the Eclipse.app icon is in the dock.
    2. 

  2. Launch with  a command like this:
    
exec(“/usr/bin/java”,”…Eclipse.app/Contents/MacOS/eclipse”,argv[1]..);
    
This causes java to be started but when CFBundleGetMainBundle called it will return the Eclipse bundle.
    3. 

  3. Write a custom java launcher app.
    4. 



Runtime behaviour with (2):


    

  1. User clicks tha Eclipse.app
    2. 

  2. OSX starts executing Eclipse.app and bounches the icon
    3. 

  3. Eclipse app forks, and starts EclipseLaucnher. The Eclipse.app quits bouncing stops.
    4. 

  4. EclipseLaucnher starts /usr/bin/java, and fakes Eclipse.app as the process location, this causes the icon to appear.
    5. 



See Eclipse Bug 53260, cannot keep eclipse app in the Dock.

									


				

				 Comments Off on Eclipse launcher				|  Mac development								 |  Permalink

 Posted by boga				

			

			

		
			

				
GCC dynamic_cast and type_info and symbols visibility

				January 17, 2006



				

					
In one ouf our framework i have a code like this:


XMLParser.dylib:

DOMElement.hpp:


class DLLEXPORT DOMElement : DOMNode

{


virtual ~ DOMElement() {};


}


In the application we have code like:


XMLTest.cpp:


#include “DOMElement.hpp”


if(node->getNodeType()== DOMNode::ELEMENT_NODE )


DOMElement*     element = dynamic_cast(node);




The DLLEXPORT expands to __attrbiute((visibility(“default”)) in XMLParser.framework

The DLLEXPORT expands to __attrbiute((visibility(“hidden”)) in XMLTest


The issue is that the dynamic_cast fails by returning 0.


I see the followings:


    

  1. the DOMElement class has two type_info entries:
    2. 

      

    • one inside the XMLParser.dylib with default visibility
      • 

    • one inside the XMLTest application with hidden visibiliy
      • 

    

  2. the linker looks for the type_info entry of DOMElement: __ZTIN10DOMElementE
    
It sees a __ZTIN10DOMElementE entry marked with hidden in XMLTest.cpp.o, it also sees a the same entry marked as default in XMLParser.dyld
    3. 

  3. From runtime it seems that the linker selects the hidden one. And this causes issue with dynamic_cast, as there’s two entries with the same symbol.
    4. 



Questions:


    

  • It seems that linker prefers the hidden symbol the same DSO to the visible in the different DSO?! Is this a rule?!
    • 





It seems to make sense: You have a DSO with NewWindow, then you have an internal function called NewWindow (“hidden”). If the linker should choose, it should prefer the “hidden” one to the one in different framework.




    

  • If so wouldn’t it be logical to have an “imported” visibility, where the visible symbol in the different DSO would be preferred over the “imported” symbol in the same DSO.
    • 

  • Setting the type_info visible in both modules seems to solve the problem. Why? What happens if the linker sees 2 visible entries, one in the actual module the other in a different DSO?!
    • 



References:


									


				

				 Comments Off on GCC dynamic_cast and type_info and symbols visibility				|  C++ development, Mac development, Software development								 |  Permalink

 Posted by boga				

			

			

		
			

				
First MachOViewer release 1.0a0

				January 15, 2006



				

					
I’ve just relased the first MachOViewer alpha.


Features:


    

  1. Opens Frameworks, Bundles, Applications
    2. 

  2. Displays used libraries, can open used library by double clicking it’s name
    3. 

  3. Universal Binary aware (you can select the architecture you’re interested in in the top left corner)
    4. 

  4. Displays imported exported symbols filter for library name or imported symbol name.
    5. 



machoviewer_10a0

									


				

				 2 Comments				|  Mac development, MachOViewer, Python development								 |  Permalink

 Posted by boga				

			

			

		
			

				
OSX: dumping LaunchServices database

				January 15, 2006



				

					
How to dump & interpret the contents of the LaunchServices database


You shall use the lsregister command:/System/Library/Frameworks/ApplicationServices.framework/Frameworks/LaunchServices.framework/Versions/Current/Support/lsregister


Examples:

cd /System/Library/Frameworks/ApplicationServices.framework/Frameworks/LaunchServices.framework/Versions/Current/Support/

lsregister local -dump


Related links

http://www.kernelthread.com/mac/apme/security/url.html

http://www.macosxhints.com/article.php?story=20031215144430486

									


				

				 Comments Off on OSX: dumping LaunchServices database				|  Mac development								 |  Permalink

 Posted by boga				

			

			

		
			

				
PyObjC vs PyDev: debugging/running PyObjC apps.

				January 15, 2006



				

					
PyObjC is a Cocoa wrapper for python. PyDev is a python development environemnt for Eclipse. You can get debugging/running of a PyObjC appilication from eclipse.






Configuring a py2app builder:








First you have to create an OSX application with py2app. For me it looks something like:




python setup.py py2app --alias --dist-dir=Debug


This will create you an OSX bundle using links to refer resources and python sources (–alias flag). This is usefull since this allows you running uptodate version of the app without reexecuting setup.py.I usually add this thing to the Builders of the project:


    

  1. Right click on the project, select Builders
    2. 

  2. Press New and select Program
    3. 

  3. Fill in Edit launch configuration properties:
    4. 

      

    1. Location: /usr/bin/python
      2. 

    2. Working Directory: ${project_loc}
      3. 

    3. Arguments: ${build_project:setup.py}  py2app –alias  –dist-dir=${project_loc}/Debug
      
pydev_builderssettings.png
      4. 

    



To rerun setup.py, select Clean.. from Project menu.

Configuring a PyObjC application runner:


The next step is adding a pydev runner configuration to the project.


    

  1. From the Run menu select Run…
    2. 

  2. Select Python Run and click New…
    3. 

  3. In the main tab set the following:
    4. 

      

    1. Project: click browse and select the project
      2. 

    2. Main module: select the python file containing the main code for of the PyObjC app
      3. 

    

  4. In the environment tab set the following:
    5. 

      

    1. CFProcessPath: ${project_loc}/Debug/Foo.app/Contents/MacOS/Foo
      
This is needed because the OS looks for nibs and other resources in the executable’s bundle. In this case the executable is the python interpreter /usr/bin/python – so  tell CoreFoundation to look for the resources in the Foo.app application package.
      2. 

    

  5. Press apply to save the run configuration, then press Run to try it out. You should be able to debug with the same run configuration.
    
pydev_runssettings.png
    6. 




									


				

				 2 Comments				|  Mac development, Python development, Software development								 |  Permalink

 Posted by boga