Bug 7883 - Invalid Code Signing Entitlements error from Apple (icloud)
Summary: Invalid Code Signing Entitlements error from Apple (icloud)
Status: RESOLVED FIXED
Alias: None
Product: Xamarin Studio
Classification: Desktop
Component: iOS add-in ()
Version: 3.0.x
Hardware: Macintosh Mac OS
: High major
Target Milestone: ---
Assignee: Jeffrey Stedfast
URL:
Depends on:
Blocks:
 
Reported: 2012-10-17 13:04 UTC by Neal
Modified: 2012-11-05 14:19 UTC (History)
1 user (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Neal 2012-10-17 13:04:00 UTC
Hello,

I submitted my app and Apple auto-rejected the binary as the entitlements were incorrect.  After further research it appears that when compiling in MD 3.0.4.7 that it used the wrong distribution certificate in signing.  It used the one for another app so I had to choose the specific certificate to ensure the proper entitlements (team/bundle) identifier were being set correctly.  The team identifier for the other app was being used.

FYI
Comment 1 Jeffrey Stedfast 2012-10-18 09:11:59 UTC
What was it originally set to? Automatic? Or was it set to the other certificate/provision?
Comment 2 Neal 2012-10-18 10:10:36 UTC
It was automatic, when I set the cert specifically to my Distribution cert it actually failed to sign.  I had to go into XCode 4.5 and remove the certs for the other app I'm developing so only my "Logbook Pro" app certs were available and that worked.  It still used a different team ID but at least the entitlements for use of iCloud used the proper team ID for the app paired to the bundle ID.
Comment 3 Neal 2012-10-21 09:35:04 UTC
Hello,

I wanted to follow up with more details.  I'm including screen captures of the binary details as seen in the app waiting for review in iTunes Connect.  Notice how the different TeamID's are being used which I'm concerned may break iCloud now or with a later update if these change.  My other app is called APDL and notice it has a different team ID from Logbook Pro which is the app now in distribution and waiting for review.  I don't even have a APDL Distribution certificate created yet so the Automatic selection of signing certificate for Distribution in MD should only find Logbook Pro's info.

I originally had a problem which caused an auto-reject of the binary until I deleted APDL's certs from Xcode and then rebuilt and submitted Logbook Pro again.  I tried selecting Logbook Pro Dist instead of Automatic and it failed to sign, my guess is an internal conflict with team ID's/Bundle Id's.

I would expect that the com.logbookpro....bundle id would be used to find it's associated cert in Xcode and therefore determine the correct team id.  Also be advised that you cannot prevent the automatic team id from being attached to the entitlement if you were to enter it explicitly (teamid.bundleid) so I tried that and it failed.

Hopefully this is making some sense, if what I think is true above then I would suggest this issue may need to be escalated to "critical" if it could break iCloud sync and app submissions.
Comment 15 Jeffrey Stedfast 2012-10-30 17:41:45 UTC
I've just implemented the logic to warn if multiple provisions end up matching the bundle id and signing key. I've also fixed the logic that collects a list of installed provisioning profiles to use the most-recently updated version of a provisioning profile if there are multiple copies of it.
Comment 22 Jeffrey Stedfast 2012-11-02 12:25:40 UTC
Implemented filtering of Provisioning Profiles that do not match the app's specified Bundle Id, so that only valid Provisioning Profiles are included in the drop-down menu in the iPhone Signing Options panel.

This fix will be included in MonoDevelop 3.0.6