712 - Push Notifications - Codesign verification

Solar2D Daily Builds and Public Releases
#1

I mentioned this over in the blog post for this, but we shouldn’t pollute the comments of the blog post, so I’m moving this here.

I have followed the blog post to a TEE except that I’m using an existing AppID in the provisioning portal. While all the cert/key making stuff is enough to make me cry at times, I do kind of understand it and I’m very very comfortable in the provisioning portal. I took an existing app that I want to add this too, enabled the APS for that app.

I seem to have everything correct. There is one extra step I did that isn’t documented which is to copy the provisioning profile to ~/Library/MobileDevice/Provisioning Profile/ which I do with every provisioning profile.

I then launched Corona SDK via the terminal app and told it to build against this provisioning profile and I get this error:

warning: Application failed codesign verification. The signature was invalid, or it was not signed with an iPhone Distribution Certificate. (-19011)  
Executable=/Users/rmiracle/Lua/AppBuilds/tACKY.app/tACKY  
codesign\_wrapper-0.7.10: using Apple CA for profile evaluation

Now I have successfully built this app pre-push with no problems. I am using build 712. I have XCode 4.2.1 installed.

In the console log I get the following messages if it helps:

Dec 21 23:00:23 unknown installd[16628] : entitlement ‘keychain-access-groups’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘aps-environment’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘application-identifier’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘keychain-access-groups’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘aps-environment’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘application-identifier’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘keychain-access-groups’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘aps-environment’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘application-identifier’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘keychain-access-groups’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘aps-environment’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown installd[16628] : entitlement ‘application-identifier’ has value not permitted by a provisioning profile
Dec 21 23:00:23 unknown SpringBoard[10714] : Killing com.omnigeekmedia.tacky for termination assertion
Dec 21 23:00:24 unknown installd[16628] : 00381000 verify_signer_identity: Could not copy validate signature: -402620393
Dec 21 23:00:24 unknown installd[16628] : 00381000 load_application_info: Could not load signer identity from /private/var/mobile/Applications/9914ABA9-9DAE-400A-AA3C-A0402F732186/tACKY.app/tACKY
Dec 21 23:00:24 unknown SpringBoard[10714] : Reloading application state for ‘com.omnigeekmedia.tacky’ as its modification date or path has changed
Dec 21 23:00:24 unknown SpringBoard[10714] : Reloading and rendering all application icons.

I obviously messed something up, but for the life of me I’m not sure where.

In the provisioning portal, I only have one certificate listed when making a new provisioning profile (my main certificate, which seems normal).

Any thoughts? [import]uid: 19626 topic_id: 19493 reply_id: 319493[/import]

#2

Haven’t tried this yet, but another short cut with regards to the provisioning files that you pull down from the Provisioning portal for that extra step I thought I would share out if it helps anyone as they are going through this process…

Development Provisioning files will sync up automatically within XCODE with the ones you have created in the Provisioning portal. (assuming you have the “Automatic Update” box checked)

To see this in action open up Organizer from within XCODE.

(open XCODE, then in the menu open Organizer via “Window” --> Organizer)

Under “Library” select Provisioning Profiles and you can see all the local provisioning files and their expiration dates. This will sync up all the Developer Provisioning files, if you don’t want to wait for it to sync you can manually force it by clicking “Refresh” at the bottom of the screen. Also notice the “Automatic Update” - check that if you want XCODE to handle this for you, which is nice.

Distribution profiles do NOT automatically sync for whatever reason, so within the provisioning portal you need to download them - Here’s the shortcut I mentioned above… You can just drag the downloaded “*.mobileprovision” file right onto your XCODE icon and you will be done.

Sorry I strayed a bit off topic, but hopefully these tips can help someone else not so familiar with the provisioning process and I hope we flush out your error along the way!

–Croisened
[import]uid: 48203 topic_id: 19493 reply_id: 75230[/import]

#3

I’ve never ever installed provisioning profiles this way. I just put them in ~/Library/MobileDevice/Provisioning Profiles/ and then build for device with Corona SDK and then install the app to my phone via Xcode (Device->Applications on the sidebar) and I’ve never had these kinds of problems.

But I’m looking at the error and its almost like the profile doesn’t have the APS things in it.

Dunno, this is all above my pay-grade.

[import]uid: 19626 topic_id: 19493 reply_id: 75233[/import]

#4

@Croisened is completely right about the distribution profile not getting into Xcode for whatever reason. I`ve pased by exactly this a week ago when submitting my app for Apple.

Another strange thing about the distribution provisioning profile is as @Croisened said above that it does not sync automatically with Xcode/Organizer and so we should “push” it into Organizer by dragging it into for example and ALSO be knowing that after “some time” or if you do close your Xcode for any reason after inserting the distribution profile into it, when you open Xcode/Organizer again you probably will MISS again the distribution profile and so if you still need it youll have to drag it into again. So disturbing! It got me mad last time but Ill not forget this strange behaviour.

Cheers,
Rodrigo. [import]uid: 89165 topic_id: 19493 reply_id: 75234[/import]

#5

Well I built my app for adhoc and I didn’t get the message above, but I still had some key/cert issues going on. But as of right now…
I have received a push notification on my device!!!

I rebuilt the development key/certs and the proper provisioning profiles and still got the warning above. But I went ahead and installed the app on my phone and then once I got the development device token in place it started to work.

I’m pretty sure I have my production keys all set, so once I’m good to flip the switch I’ll be a-okay.

The truly sad part about this is its for my son’s music blog (the RSS app I built) and he’s probably not going to be posting anything new for a couple of months until his music scene fires back up.

So now to actually get the app to register the device ID and respond to the push notifications. WOOT!
[import]uid: 19626 topic_id: 19493 reply_id: 75716[/import]