2

I'm having a problem with some KeyChain code causing archives created via xcodebuild to crash when distributed as ad-hoc apps and run on a device. The problem does not affect builds created via Xcode -- only those created via command line.

The code that is throwing the error: (I'm using a KeyChain library found here)

KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:@"myapp" accessGroup:nil];
NSString *testKeychain = (NSString *)[keychain objectForKey:(__bridge id) kSecAttrAccount];
if (testKeychain.length) {
    NSLog(@"KeyChain value for kSecAttrAccount: %@", testKeychain);
} else {
    NSLog(@"No KeyChain value for kSecAttrAccount");
}
[keychain setObject:@"Shared KeyChain value!" forKey:(__bridge id) kSecAttrAccount]; // <-- error thrown here

The "missing entitlement" error(s) 

2012-06-15 10:03:20 AM +0000 securityd MyApp [138] SecItemCopyMatching: missing entitlement
2012-06-15 10:03:20 AM +0000 MyApp No KeyChain value for kSecAttrAccount
2012-06-15 10:03:20 AM +0000 securityd MyApp [138] SecItemCopyMatching: missing entitlement
2012-06-15 10:03:20 AM +0000 securityd MyApp [138] SecItemAdd: missing entitlement
2012-06-15 10:03:20 AM +0000 MyApp *** Assertion failure in -[KeychainItemWrapper writeToKeychain], /Users/davidbjames/XCode/.../KeychainItemWrapper.m:305

Entitlement file:

<key>keychain-access-groups</key>
<array>
    <string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
</array>

The xcodebuild output appears to be handling the entitlement file:

setenv CODE_SIGN_ENTITLEMENTS MyApp/MyApp.entitlements
..
ProcessProductPackaging MyApp/MyApp.entitlements /etc/etc/build/MyApp.xcent
..
builtin-productPackagingUtility /etc/etc/MyApp.entitlements -entitlements -format xml -o /etc/etc/MyApp.xcent

The code functions without error in Simulator, on a debug device and as an ad-hoc distribution. The only issue occurs via command line builds. What am I missing?

David James
  • 2,430
  • 1
  • 26
  • 35
  • It's been many moons since I asked this question and I am no longer maintaining the app it affected. If anyone who is in the "thick of it" can confirm one of the answers below, please comment here and I'll mark it answered. I'm inclined towards @sglist answer, but would like another opinion. Thanks – David James Aug 25 '13 at 10:34

3 Answers3

2

After long work, i've found a solution to this issue and modified the floatsign.sh script (https://gist.github.com/mediabounds/1367348) accordingly - the entitlements have to be update like @sglist said. You can find the implementation here: https://gist.github.com/Weptun/5406993

Blitz
  • 5,521
  • 3
  • 35
  • 53
  • I have the same problem. Can you just add the code that you modified in floatsign.sh with a bit of explanation Thanks? – hariszaman Sep 29 '16 at 10:37
1

This error indicates a problem with your app's entitlements. In my experience, the cause is often that the App Identifier Prefix in the app's entitlements doesn't match the App Identifier Prefix in the provisioning profile.

To verify, use the codesign tool to view your app's entitlements:

codesign -d --entitlements - MyApp.app/

Then, compare the App Identifier Prefix to that in the provisioning profile:

cat MyApp.app/embedded.mobileprovision
sglist
  • 524
  • 5
  • 5
  • **I love you!!!** This cost me two days until i finally found your post which led me to discover where I went wrong! This simple command... – lo2ndii Sep 25 '17 at 22:49
0

I think this line is wrong:

[[KeychainItemWrapper alloc] initWithIdentifier:@"myapp" accessGroup:nil]

You will want to pass your access group name in there. It may or may not fix your problem, these things are a bit "sensitive".

Paul de Lange
  • 10,613
  • 10
  • 41
  • 56