Keychain dialog shows on signed app

Question

Created May ’17

Replies 1

Boosts 0

Participants 2

We've been having troubles preventing the popup from showing in our App Store app. The app is an Electron app, which means we're not using XCode to codesign it, but we've been able tyo get a normal (non App Store) signed version to work properly by using a requirements string. The app uses helper apps, and we've ensured that those are properly signed along with any relevant binaries. We used the com.apple.security.application-groups key and com.apple.security.inherit for child entitlements. And verified that these are being included properly.

Part of the problem is there doesn't seem to be a way to test this aspect before submitting to the App Store. We can't test apps signed with a distribution certificate, and apps signed with a developer certificate will always pop up the warning anyways.

Boost

Answer 1

DTS Engineer OP

Apple

May ’17

… apps signed with a developer certificate will always pop up the warning anyways.

They do? That doesn’t sound right to me. When dealing with the classic keychain (as opposed to iCloud Keychain) the behaviour of development, release and Developer ID signed apps should be very similar.

Most issues like this are related to the keychain item’s ACL. If you have multiple executables accessing the same item, the item’s ACL needs to list all of those executables. Most importantly, you need to set this ACL up when you create the item because changing the ACL will always generate a authorisation alert.

The Creating a Custom Keychain Item section of Keychain Services Programming Guide shows how to create an item with a custom ACL.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

WWDC runs Mon, 5 Jun through to Fri, 9 Jun. During that time all of DTS will be at the conference, helping folks out face-to-face. http://developer.apple.com/wwdc/

0