Xcode 8 : codesign and wildcard certificates management

Question

nico67000 OP

Created Sep ’16

Replies 3

Boosts 0

Views 1.5k

Participants 4

Hello,

The Xcode team has made great improvments to Xcode codesign, especially for beginners.

Still i am having some troubles using wildcard certificates.

Wildcard certificates are, as for as I am concerned, convenience certificates that we, as an agency, use when we do not want to bother with the app ID (might not be declared on the client account yet, some developers might not have been invited yet, some might only backup for a few days), allowing us to develop on any code written in the company.

Of course there were some drawbacks : any entitlement-related feature would not work but we were fully aware of this limitation.

With Xcode 8 I am facing 2 issues :

• First the iOS devices seems to check the existence if the bundle id before running. It means an app signed with a wildcard certificate but using an undeclared bundle (we append ours with .prod .preprod .stubs to be able to install all environments on a devices) will not run.

• Second : Xcode will refuse to sign an app that as entitlements with a wildcard certificate, raising a (legitimate) codesign issue https://i.imgur.com/YMPW2K3.png

Does anyone face the same issues? Are those behaviors intended?

Nicolas

Boost

Answer 1

tijmen OP

Sep ’16

We have as similar problem. One of our earliest apps is signed with a wildcard certificate. This certificate does not include the Game Center and in-app purchase entitilements (that was not needed back then).

But with Xcode 8, this certificate cannot be used anymore because it Xcode says it misses those entitlements. But we must sign with this profile because of the specific app prefix used in there. Right now we are stuck, we cannot sign any builds of this app with Xcode 8. Now what?

0

Answer 2

mnguyen OP

Oct ’16

We have a similar issue. What used to work for us on Xcode 7, was to sign our AppStore targeted app (export Options specifies app-store) using a wildcard profile . We'd then ship it to our customer and they'd resign it using their explicit id. We were also able to resign the same AppStore build with an AdHoc profile so we could load the app directly onto the device. With the introduction of Xcode 8, we can no longer do the 2nd option anymore. The builds install but won't launch.

Has anybody experienced this?

0

Answer 3

Developer Tools Engineer OP

Apple

Oct ’16

It looks like you're using manual signing? I can suggest a couple of things to try:

Xcode 8.1 beta 2 resolved a few bugs related to entitlements and manual signing. Have you checked to see if the same issues occur there?
You may need to create an additional build configuration with a reduced entitlements file for developers who work on your product but can't get a profile with an explicit app ID. You could probably also achieve a similar effect by defining xcconfig files that provide the appropriate build settings overrides for the various types of developers on your team

If these suggestions don't help resolve the issue, please send us a bug report on bugreporter.apple.com and include your project file, profiles, and more details. I suggest filing a report regarding the iOS runtime issue as well, and include a copy of your device's syslog and a copy of your built app if possible.

0