Hi, Our App relies on a keychain to store certificates and key-value pairs. However, when we upgraded from an older XCode 15.2 (1 year old) app version to a newer version XCode 16.2 (with identical keychain-groups entitlement), we found that the newer ipa cannot see the older keychain group anymore...
We tried Testflight builds, but limited to only generating newer versions, we tried using the older App's code, cast as a newer App version, and then upgraded to the newer code (with an even newer app version!). Surprisingly we were able to see the older keychain group.
So it seems that there's something different between the packaging/profile of the older (1 year) and newer (current) App versions that seems to cause the new version to not see the old keychainGroup...
Any ideas?
There are two important criteria for evaluating keychain access groups:
- The list of groups you can access.
- The default keychain access group, that is, the one used when you add an item and don’t specify a group.
Sharing access to keychain items among a collection of apps explains how these are set based on three different entitlements in your app’s code signature.
When debugging problems like this, I recommend that you unpack the old and new .ipa files (they’re a zip archive under the covers) and dump the entitlements of both apps:
% codesign -d --entitlements - /path/to/your.app
Compare the two to see what’s changed.
Once you understand what’s, you can then start investigating how the new app got signed in that way, and then work out how to fix it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
