App will not install on device with Sign in with Apple capability in the provisioning profile and com.apple.developer.applesignin key is in Entitlements.plist after publishing. #21645
Comments
|
Does it work if you use a developer certificate + developer provisioning profile? And can you still reproduce if you create a new project from a template, copy over the bundle identifier + Entitlements.plist + codesigning properties? If not, please attach this project. |
rolfbjarne
added
the
need-info
|
@rolfbjarne The behavior is the same with both the Development profile and the AdHoc profile. I'll try to reproduce it with a new project with the same bundle id and Entitlements.plist. |
microsoft-github-policy-service
bot
added
need-attention
rolfbjarne
added
need-info
|
I can reproduce it with a test project using the same bundle id and entitlements.plist: |
microsoft-github-policy-service
bot
added
need-attention
|
I think I am having the same issue, trying to deploy onto any device including emulators gets stuck with the following in the build output: (omitting sensitive information) I've waited over 30 mins and still stuck. Started happening after adding an Apple Account using the new method. |
|
Ran the command from the cmd line to see if I can get more information i.e.
I'm happy to log this as as separate issue if it is but I really need to the build & deployment working including archiving a new production release on iOS. |
|
@LeoJHarris that's most likely something different, so please file a new issue. |
|
@amilici your project worked for me once I created a provisioning profile with the "Sign In with Apple" entitlement, and referenced it from the csproj. Can you get an MSBuild binlog for a build that doesn't install for the sample project? The binlog will show which certificate + provisioning profile was chosen to sign the app, maybe the build ends up using the wrong one for some reason. |
|
There is a binlog for the main project already attached to the issue. Here is the one from the test project: |
|
That looks good as far as I can tell. Can you:
|
rolfbjarne
added
the
need-info
|
@rolfbjarne the issue I was having turns out to be fixed here dotnet/android-libraries#1048 |
microsoft-github-policy-service
bot
added
need-attention
rolfbjarne
added
need-info
|
@rolfbjarne It still does not install with all the entitlements removed except com.apple.developer.applesignin. |
microsoft-github-policy-service
bot
added
need-attention
|
That's weird, I re-created a provisioning profile with exactly like you have, and my test app has the exact same entitlements, and it still works for me. Is the device you're trying to deploy to included in the provisioning profile? Can you try to create an Xcode project with the same bundle identifier, Entitlements.plist, and provisioning profile and see if that works? |
rolfbjarne
added
need-info
|
An app built with Xcode using that bundle id, provisioning profile and the Sign in with Apple entitlement does install |
microsoft-github-policy-service
bot
added
need-attention
|
@amilici can you zip up and attach the app bundle built by Xcode? |
rolfbjarne
added
need-info
|
Here it is: |
microsoft-github-policy-service
bot
added
need-attention
|
The .NET app (from here) has these entitlements: <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>9P4GQ95Q3N.com.guess.alert</string>
<key>aps-environment</key>
<string>production</string>
<key>com.apple.developer.applesignin</key>
<array>
<string>Default</string>
</array>
<key>com.apple.developer.pass-type-identifiers</key>
<array>
<string>9P4GQ95Q3N.*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>9P4GQ95Q3N</string>
<key>get-task-allow</key>
<false/>
</dict>
</plist>while the Xcode app has these: <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>9P4GQ95Q3N.com.guess.alert</string>
<key>com.apple.developer.applesignin</key>
<array>
<string>Default</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>9P4GQ95Q3N</string>
<key>get-task-allow</key>
<false/>
</dict>
</plist>I'm guessing some of the extra ones for .NET ( You can list the entitlements yourself for an app by executing the following (remember to update the path of the app): |
rolfbjarne
added
need-info
|
Interesting. The aps-environment entitlement I need for push notifications but I think I can get rid of the com.apple.developer.pass-type-identifiers one, we don't use the Wallet any more. I'll try that and let you know. |
microsoft-github-policy-service
bot
added
need-attention
rolfbjarne
added
need-info
Issue moved from dotnet/maui#25923
From @amilici on Monday, November 18, 2024 2:47:30 PM
Description
I'm not sure this is the correct place to report this.
App will not install on device when com.apple.developer.applesignin key is in Entitlements.plist after publishing. It is unable to find a valid provisioning profile. The Sign In with Apple capability is in the provisioning profile and it is valid. If I remove the com.apple.developer.applesignin key from the Entitlements.plist and publish again the app will install on a device.
Steps to Reproduce
msbuild.binlog.zip
<key>com.apple.developer.applesignin</key> <array> <string>Default</string> </array>to the Entitlements.plist file.
App cannot be installed because its integrity could not be verified. The relevant console output is
-[IXSDataPromise cancelForReason:client:error:]: <IXSPromisedOutOfBandTransfer(0xbf8341e00) Name:security-promise Creator:App Store UUID:A5EB49F0-64B5-4743-A091-86B09C5C7C43 PercentComplete:1.000000 IsComplete:Y DiskUsageBytes:0> : canceled by client 17 for reason Error Domain=IXUserPresentableErrorDomain Code=14 "This app was not installed because its integrity could not be verified." UserInfo={NSUnderlyingError=0xbf82b7750 {Error Domain=MIInstallerErrorDomain Code=13 "Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.ULxVAa/extracted/Payload/Guess81.app : 0xe8008015 (A valid provisioning profile for this executable was not found.)" UserInfo={NSLocalizedDescription=Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.ULxVAa/extracted/Payload/Guess81.app : 0xe8008015 (A valid provisioning profile for this executable was not found.), LegacyErrorString=ApplicationVerificationFailed, SourceFileLine=79, FunctionName=
If I remove the com.apple.developer.applesignin from Entitlements.plist and run publish again I am able to install the resulting *.ipa.
Note: The app contains a Notification Service Extension.
Link to public reproduction project repository
No response
Version with bug
8.0.82 SR8.2
Is this a regression from previous behavior?
Not sure, did not test other versions
Last version that worked well
No response
Affected platforms
iOS
Affected platform versions
iOS 18.2, iOS 17.6
Did you find any workaround?
Relevant log output
Detected signing identity: Code Signing Key: "iPhone Distribution: GUESS/ INC (9P4GQ95Q3N)" (7AC26FB3E6F57E0027F48FE0BF8CE51EFAF83370) Provisioning Profile: "Guess NSE Ad-Hoc Distribution" (6fd235d1-9fdf-4b78-a291-a6c5ac43aadb) Bundle Id: com.guess.alert.GuessNSE App Id: 9P4GQ95Q3N.com.guess.alert.GuessNSE //... _CodesignAppBundle: Tool /usr/bin/codesign execution started with arguments: -v --force --timestamp=none --sign 7AC26FB3E6F57E0027F48FE0BF8CE51EFAF83370 --entitlements /Users/amilici/Projects/guess/GuessNSE/obj/Release/net8.0-ios/iossimulator-arm64/net8.0-ios/ios-arm64/Entitlements.xcent /Users/amilici/Projects/guess/Guess81/bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex Tool /usr/bin/codesign execution started with arguments: -v --force --timestamp=none --sign 7AC26FB3E6F57E0027F48FE0BF8CE51EFAF83370 --entitlements /Users/amilici/Projects/guess/Guess81/obj/AdHoc/net8.0-ios/ios-arm64/Entitlements.xcent /Users/amilici/Projects/guess/Guess81/bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app _CodesignVerify: /usr/bin/codesign --verify -vvvv "-R=anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)" bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex: valid on disk bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex: satisfies its Designated Requirement bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex: explicit requirement satisfied /usr/bin/codesign --verify -vvvv "-R=anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)" bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app: valid on disk bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app: satisfies its Designated Requirement bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app: explicit requirement satisfiedThe text was updated successfully, but these errors were encountered: