Bundle Identifier and push certificate... aps-environment entitlement error
Asked Answered
R

19

70

I've read Where does xcode take application's Identifier from? , XCode bundle identifier formatting from {PRODUCT_NAME} , and loads more but...

I'm trying to get push notifications going and getting the dreaded

"Error Domain=NSCocoaErrorDomain Code=3000 "no valid 'aps-environment' entitlement string found for application" UserInfo=0x15b200 {NSLocalizedDescription=no valid 'aps-environment' entitlement string found for application}" error.

I'm fairly certain I've followed all the steps correctly, including:

  • made the push certificate well in advance of the provisioning cert
  • made a 'Entitlements.plist'
  • added a get-task-allow boolean and set it to true (ad-hoc release)

The only think I can't quite get my head around is the Bundle Identifier

The push certificate is for

XXXXXXXXXX.com.julianbaker.pwcnewsuk

The Bundle Indentifier in PwCNewUK-Info.plist is for

com.julianbaker.${PRODUCT_NAME:rfc1034identifier}

If I manually change it to

com.julianbaker.pwcnewsuk

I get a UDID mismatch error as the app is seen as PwCNewsUK

When I've Googled this there seems to be some confusion over the matter, but it seems they have to match?

QUESTION:

What should the Bundle Indentifer be to match the push certificate of
XXXXXXXXXX.com.julianbaker.pwcnewsuk ?

QUESTION:

Do I need to add a "aps-environment" entitlement to the provisioning profile, and if so where and how? (See http://www.airplaysdk.com/node/3174 amongst others)

Loving iPhone development but sheesh it can be a headbanger at times!

Rebbecarebbecca answered 15/4, 2011 at 18:59 Comment(3)
Digging a little deeper I found the ANSWER to the second question... apple should include the "aps-environment" pair in the mobileprovision file, the value should be "development" or "distribution". There is apparently a bug where this pair is sometimes omitted when generating the certificate. Check by opening the file in a text editorRebbecarebbecca
And it appears that the app Bundle Identifier is case sensitive (Indentifier field in the Properties pane of the Target Info window)Rebbecarebbecca
THIS PROBLEM MAKES ME WANT TO CRYRickierickman
K
88

I found this question when I was moving from a development environment to a production one on an application that I am working on. This process involved the creation of a new profile, a new app ID, etc. I created the app ID and a profile, but the Team Agent had to configure the push notifications. I ran into the problem of "no valid 'aps-environment' entitlement string found for application" when I tried to resume testing with the new profile (after the app had been configured for push notifications). I then remembered reading a little caveat in the documentation:

"You have to modify the profile in some way (for example, toggle an option) for the portal to generate a new provisioning profile. If the profile isn't so "dirtied", you're given the profile without the push entitlements."

Source: Local and Push Notification Programming Guide

For me, "dirtying" the provisioning profile and reinstalling it was all that was needed to fix the issue. Per the documentation, this was required because the provisioning profile was created before the app was configured for push notifications. This may or may not help anyone, but this probably explains (and eliminates) the need to manually add anything to the provisioning profile.

Kkt answered 25/9, 2011 at 18:33 Comment(4)
Totally worked for me, thanks! Absolutely unacceptable that the Apple dev site work so shoddily.Hedron
Yes it worked for me. Whenever you update App-id,update your provisioning profiles. You will not get any intimation from Apple to do so. But you have to do it. No need to edit any XML's or entitlementsAstronaut
I ran into this issue when I deleted my development app from my IPad then tried to run it again. I followed the instructions for "dirtying" the provisioning profile, redownloaded via organizer, closed and opened xcode, rebuilt and deployed, then it worked. This is a lame workaround.Giesecke
This problem is still present and caused me hours of problems with CloudKit. Checking the provisioning profile revealed the "aps-environment" key was missingI regenerated the provisioning profiles many times tried deleting them to no avail. Eventually I managed to dirty the provisioning profile by changing the iCloud containers the app could access.The provisioning profile which works still doesn't have the aps-environment key though.Dogged
C
21

I ran into the same "no valid 'aps-environment' entitlement string found for application" problem, but the above solutions did not work for me.

I could not find very good documentation about this error or even just the key "aps-environment".

After some tinkering around, here is what solved the problem for me:

Open your development provisioning certificate, "Appname.mobileprovision" with a text editor, look for the key "Entitlements" then add all of the values found here to your Entitlements file referenced by your Code Signing Entitlements setting.

Here is an example of what keys/values you'll find inside:

<key>application-identifier</key>
<string>xyz.com.xyz.xyz</string>
<key>aps-environment</key>
<string>development</string>
<key>com.apple.developer.ubiquity-container-identifiers</key>
<array>
<string>xyz.*</string>
</array>
<key>com.apple.developer.ubiquity-kvstore-identifier</key>
<string>xyz.*</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>xyz.*</string>
</array>

After adding all of these values to my Entitlements file my app builds successfully and I can finally get back to working on Push Notifications.

I'm not sure if these values are supposed to be automatically added to your entitlements file by XCode, but they certainly weren't being generated for me in my project.

Cnidus answered 12/9, 2011 at 3:38 Comment(3)
THIS is the correct answer. The solution is just to copy the values in your .mobileprovision file to your Entitlements file. I wish Apple documented this somewhere. If you continue getting the error after doing this, restart XCode. That fixed it for me.Ineducation
It helped me too. I was sure I had the same values, and tried different combinations of them, but something was different and copypaste solved it. Maybe just order of keys was relevant.Verisimilar
Just tried this one in order to make it work for my GitHub Action, and it doesn't work and throw an error Error parsing provisioning profile at path '/Users/runner/work/reponame/reponame/ios-build-1.mobileprovision'\e[0m (FastlaneCore::Interface::FastlaneCrash). If you want to give it a try, use it with care.Mahdi
R
6

Setup:

Mac OS X 10.8 + Xcode 4.4

My Simple Solution:

  1. Reissue your ad hoc provisioning profile after you have setup push notifications for your app ID and import them to Xcode.
  2. Take a look into your .xcodeproj folder (right click -> Show Package Contents) and delete the xcuserdata folder.
  3. That's it ;)

Some hints on that issue:

After activating Push Notifications for my app I suddenly couldn't create ad hoc files anymore. I ran across errors in my Console log on my iPhone while trying to install my app such as those:

Apr  1 20:56:10 unknown installd[384] <Error>: entitlement 'keychain-access-groups' has value not permitted by a provisioning profile
Apr  1 20:56:10 unknown installd[384] <Error>: entitlement 'get-task-allow' has value not permitted by a provisioning profile
Apr  1 20:56:10 unknown installd[384] <Error>: entitlement 'application-identifier' has value not permitted by a provisioning profile
Apr  1 20:56:10 unknown installd[384] <Error>: 2ff66000 verify_signer_identity: Could not copy validate signature: -402620394
Apr  1 20:56:11 unknown installd[384] <Error>: 2ff66000 preflight_application_install: Could not verify executable at /var/tmp/install_staging.44jV0O/foo_extracted/Payload/PersonalTrainer-Tester-iPhone.app
Apr  1 20:56:11 unknown com.apple.itunesstored[392] <Notice>: MobileInstallationInstall: failed with -1
Apr  1 20:56:11 unknown installd[384] <Error>: 2ff66000 install_application: Could not preflight application install
Apr  1 20:56:11 unknown installd[384] <Error>: 2ff66000 handle_install: API failed
Apr  1 20:56:11 unknown installd[384] <Error>: 2ff66000 send_message: failed to send mach message of 71 bytes: 10000003
Apr  1 20:56:11 unknown installd[384] <Error>: 2ff66000 send_error: Could not send error response to client

There is some technical note which recommends using codesign -d --entitlements - <YourAppName>.app to check if your app is signed properly for Apple Push Notifications. In case the output of the codesign command does not have an aps-environment set to production or development there is something fishy!

As far as I knew so far, my apps signed with an adhoc provisioning profile always have an embedded.mobileprovision inside the <YourAppName>.app folder with a specific part in them such as:

<key>Entitlements</key>
<dict>
    <key>application-identifier</key>
    <string>ABCDEFGH.com.myappname.tester</string>
    <key>aps-environment</key>
    <string>production</string>
    <key>get-task-allow</key>
    <false/>
    <key>keychain-access-groups</key>
    <array>
        <string>ABCDEFGH.*</string>
    </array>
</dict>

After using codesign I realized that the actual binary in <YourAppName>.app had some XML included as well, which said something very different than my embedded.mobileprovision file:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>ABCDEFGH.com.myappname.tester</string>
    <key>get-task-allow</key>
    <true/>
    <key>keychain-access-groups</key>
    <array>
        <string>ABCDEFGH.com.myappname.tester</string>
    </array>
</dict>
</plist>

I assume this is the cause for the error message we are all experiencing. (although this error can have some different roots as well as other posts on stackoverflow suggest)

The executable was signed with invalid entitlements.
The entitlements specified in your application's Code Signing Entitlements
file do not match those specified in your provisioning profile. (0xE8008016).

My guess is that there is some bug in Xcode which keeps the settings in your plist from being updated in you schemes which then causes your app to be signed with the wrong provisioning profile in the end. So by deleting the xcuserdata folder you delete all schemes. Therefore Xcode will recreate them next time with the proper settings and you are happy again.

Reld answered 1/4, 2012 at 22:26 Comment(2)
Removing the xcuserdata folders fixed the issue for me! Thanks!Geraud
The xcuserdata fixed it for us, thanks alot! I only needed to remove the map linked to the user that formerly had control of the project.Ingenerate
R
5

Essentially the answer is the same vague one everyone else says

  • Make sure you have a "Entitlements.plist" added (New File/Code Signing/Entitlements)
  • Add "get-task-allow" (Boolean Off) to Entitlements.plist
  • Add "aps-environment" "production" pair to Entitlements.plist -- This last step may be unnecessary but it was one of the steps I did just before it worked
  • Delete old mobileprovision files from iPhone/iPod (In Settings/General),
  • Delete old mobileprovision files from XCode Organiser
  • Delete App from iPhone/iPod
  • Quit XCode
  • Download fresh copy of Provisioning Certificate
  • Check for "aps-environment" "production" pair in certificate with a Text Editor
  • Start XCode
  • Add fresh mobileprovision file by dragging to XCode Doc icon
  • Make sure you have reassigned/assigned the correct certificate in the Target Info : Code Signing : Code Signing Identity
  • Double check that the Build Results to see it it's using the correct profile and is signed correctly

Repeat these steps calmly until it works, took me about five goes of various combinations. I also switched from Development to Ad-hoc which apparently isn't necessary but did guarantee a new mobileprovision file.

Rebbecarebbecca answered 29/4, 2011 at 16:39 Comment(2)
So I didn't need the Entitlements.plist to get this working ... but I did have to redo it a few times. Mainly because the old profile kept popping up. Make sure you delete it everywhere (project and target) and keep checking to make sure it's gone!!.Longo
Like you said, not sure what combination made it work, but after days of searching your post is the only one that solved it for me. Thank you a million fold!Owlish
P
5

Using XCode4 and receiving the same "no valid 'aps-environment' entitlement string found for application" I had to do the following:

  • Delete old provisioning profiles from both Library + Device panels in Organizer
  • Regenerate new profile with APN dev enabled from the developer portal website
  • Make sure new profile is added to both Library + Device panels in Organizer
  • Manually delete my app off my device (holding till it jiggles and hitting X)
  • CMD+OPT+SHIFT+K (Clean Build Folder) and CMD+SHIFT+K (Clean)
  • Set the proper profile under Project > Build Settings > Code Signing
  • Make sure 'Use Entitlements' is not checked under Targets > Summary
Puerperium answered 15/12, 2011 at 22:5 Comment(0)
F
3

Under 'Project' -> 'Build Settings' -> 'Code Signing', make sure you have selected the correct Provisioning profile (the one with push enabled).

That was all I needed to change in order to make it work.

Fiction answered 21/5, 2012 at 18:30 Comment(0)
O
3

None of the above worked for me!

  1. Delete all Provisioning Profiles in Xcode Organizer
  2. Delete all Developers certificates in Keychain
  3. Delete all Provisioning Profiles in iPhone device
  4. In iOS Provisioning Portal, delete Development Provisioning Profile which was created automatically by Xcode
  5. Create a new Provisioning Profile by assigning the correct (Certificate/AppID/Device) combination
  6. Download the new Provisioning Profile
  7. Import the new Provisioning Profile into Xcode Organizer
  8. CMD + Option + Shift + K
  9. CMD + Shift + K
  10. CMD + R
  11. Hooray :)
Omeromero answered 31/8, 2012 at 21:49 Comment(0)
D
2

Make sure that you are using the app in the correct way with the provisioning profile.

What I mean is that if you've enabled your app for Push notifications for Distribution only, and you are trying to get push notifications to work via building with XCode, this will not work.

I ran into this problem, and by enabling push notification for Development for the App ID, and then using the development provisioning profile I no longer got the error and the correct alert view asked if I wanted to get push notifications.

Defile answered 17/4, 2013 at 13:27 Comment(0)
M
1

the solution for 10.8 Xcode 4.4 is to open the appname.entitlements file

and if the DataProtectionClass key has the value NSFileProtectionComplete, delete it!

Deleting this key allows me to test apps from Xcode on devices (it wasn't affecting simulation).

Mattheus answered 6/6, 2012 at 12:25 Comment(0)
G
1

I had the same problem. For me the fix was like this:

  1. Removed and reloaded the provisioning profiles from the organizer.
  2. Selected my named provisioning profile under project settings->code signing. Somehow it wanted to use the blabla.* identity.

The wildcard profile ([prefix].*) won't do when your trying to run a APN enabled application, you need to specify the APN enabled profile.

Gnathic answered 20/6, 2012 at 8:50 Comment(0)
D
0

I just figured this out after a few hours, so in addition to what JulianB said,

  • make sure you have an application icon. You probably have one but i happened to add push when we were between icon versions. I tried allot of different things and in the end that was all it took so it might not even be a cert or signing setting issue.
  • I've also read a corrupt image file could also be the cause
  • i did not add/see an aps-environment key in my entitlements.plist
  • clean all targets before building
Damara answered 25/5, 2011 at 14:1 Comment(0)
F
0

For me it worked after changing the bundle identifier to something random. Making sure that the signing error indeed shows up (remove all provision profiles from organizer and device and do a clean build CMD + OPT + SHFT + K then CMS + SHFT + K and then CMD + R) and then changing the bundle identifier back to appropriate one.

Footcandle answered 27/3, 2012 at 17:9 Comment(0)
R
0

My solution was to remove and create again Development Provisioning Profile. It was listed as "Invalid" - not expired and also renew failed (Xcode 4.3.2 and iOS 5.1)

Rochet answered 28/3, 2012 at 12:0 Comment(0)
F
0

Make sure you have selected correct. Provisioning Profile. I found that I was trying with Team Provisioning profile.(for application identifier: *) Further down in the list, there was correct one for the app.

Francoise answered 28/5, 2012 at 5:54 Comment(0)
E
0

My problem was this. I created app that had configured push notifications, and in app delegate I was registering for push notifications with:

[[UIApplication sharedApplication] registerForRemoteNotificationTypes:(UIRemoteNotificationTypeAlert | UIRemoteNotificationTypeBadge | UIRemoteNotificationTypeSound)];

But before releasing app I had to create new provisioning profile on other developer portal. I created new App Id, new provisioning for development and distribution, downloaded new provisioning, in application target I've set correct provisioning. Also I changed bundle identifier. But I was getting that error.

Problem was that new AppId was not configured for push notifications, but calling

[[UIApplication sharedApplication] registerForRemoteNotificationTypes:(UIRemoteNotificationTypeAlert | UIRemoteNotificationTypeBadge | UIRemoteNotificationTypeSound)];

was creating error. When I configured push notifications error did not show again.

Egoist answered 29/6, 2012 at 11:45 Comment(0)
T
0

I had this problem, the scenario was:

I had setup an app id without push notifications support. I'm using Xcode 5.1 + iOS 7.1

Later, edited the app id to add push notifications in development and production.

Created the APNs certificates for both.

When you test PN using your device attached to Xcode, everything works ok. The problem appears when you release the app to production, you keep getting:

"Error Domain=NSCocoaErrorDomain Code=3000 "no valid 'aps-environment' entitlement string
 found for application" UserInfo=0x15b200 {NSLocalizedDescription=no valid     
'apsenvironment' entitlement string found for application}" error.

The solution that worked for me was:

  1. Delete provisioning profiles for development and distribution (Xcode and Developer portal).
  2. Delete your app ID (Developer portal).
  3. Create a new App ID with Push Notifications Support for Development and Production.
  4. Create new provisioning profiles using the NEW App ID.
  5. Install them on Xcode.
  6. Test on development and distribution release.
Toilet answered 1/4, 2014 at 18:13 Comment(0)
G
0

enter image description here

Make the profile right and this work for me.Hope this help.

Gladis answered 11/6, 2014 at 10:55 Comment(0)
O
0

In my case, the solution for this error turned out to be simple after hours of tinkering with certificates...

In the Capabilities tab of the project configuration, I had to enable the Push Notification flag in order for the environment files to be generated.

macOS Sierra 10.12 - Xcode 8.1

enter image description here

Origin answered 7/11, 2016 at 9:13 Comment(0)
E
-2

Actually your provisional profile deleted from apple developer site.& you get error for

Exceeding answered 21/2, 2015 at 13:16 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.