provisioning interview questions
Top provisioning frequently asked interview questions
In the provisioning portal, the "renew" button for my team provisioning profile is grayed out. And said profile is expired.
How can I renew it?
EDIT: I found the "automatic device provisioning" checkbox and "refresh" button in the organizer in Xcode. But when I select the team profile, check the checkbox, and push the refresh button, I get this message:
An unexpected error occurred. Please try again. If the problem persists, please contact Apple Developer Support (http://developer.apple.com/support).
I suppose I can go to support, but it would still be better to figure out what the problem is without involving them.
Source: (StackOverflow)
I'm using xcodebuild to compile my iPhone app from the command line. Is there a way to pass in some sort of option to set the provisioning profile? There seems to be not very much information about xcodebuild in general.
Source: (StackOverflow)
In the iOS Provision Portal, in Certificates, Developer (or Distribution) it says:
"*If you do not have the WWDR intermediate certificate installed, click here to download now."
I don't even know what that means. Do I need to download and run that?
or do I need to only download the current certificate only?
Source: (StackOverflow)
Just got a notice that the provisioning profile for one of my apps is about to expire. Is there some way I can renew the existing one or must I recreate a new one?
Source: (StackOverflow)
I've got a problem that I couldn't solve with a deep search in different resources as most of the "similar" points out to be an error with Icon.png size, etc...
I've tried to upload my application after verifying that:
- Correctly builds and run on my device
- That my certificates are installed properly
- That my certs / profiles are not expired.
- That the Icon.png has the proper size and format of 57x57 PNG.
- And several other things.
- Ran codesign --verify -vvvv MyApp.app which worked fine.
- My ZIP File was properly done
When I've tried to upload through the iTunes connect interface I got the simple error above, and that's why I tried with ApplicationLoader, to try and find out what's causing the error looking at the console.
The console showed the following:
16/02/10 13:25:52 ApplicationLoader[549] *** Codesign error (please ignore invalid option comments): got requirements(0x800000, 534)
Executable=/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app/MyApp
Identifier=com.realtimed.MyApp
Format=bundle with Mach-O thin (armv6)
CodeDirectory v=20100 size=829 flags=0x0(none) hashes=33+5 location=embedded
Signature size=4333
Authority=iPhone Developer: My Name (XXXXXXXXX)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=16/02/2010 13:22:24
Info.plist entries=17
Sealed Resources rules=3 files=28
Internal requirements count=1 size=144
Executable=/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app/MyApp
got entitlements(0x800400, 317)
codesign_wrapper-0.7.3: using Apple CA for profile evaluation
codesign_wrapper-0.7.3: Caling codesign with the following args:
codesign_wrapper-0.7.3: /usr/bin/codesign
codesign_wrapper-0.7.3: --verify
codesign_wrapper-0.7.3: -vvvv
codesign_wrapper-0.7.3: -R=anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and certificate leaf[field.1.2.840.113635.100.6.1.4] exists
codesign_wrapper-0.7.3: --entitlements
codesign_wrapper-0.7.3: /var/tmp/signingbox/codesign_wrapper_entitlements.plist
codesign_wrapper-0.7.3: /var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app
**/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app: valid on disk
/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app: satisfies its Designated Requirement
test-requirement: failed to satisfy code requirement(s)
codesign_wrapper-0.7.3: failed to execute codesign(1)**
Any help / feedback or ideas on how to solve the situation would be highly appreciated.
Source: (StackOverflow)
I've got my app approved a while ago and used the * provisioning profile so I created somehting like:
com.mydomain.MyApp
but now I have the necessity of adding push notifications and I can't due I am using the * provisioning profile and it needs to have its own app ID and profile.
How should I proceed in order to achieve an app update without breaking anything
Source: (StackOverflow)
Chef seems to be processing resources in a strange order, causing my build to fail. My main recipe (mytardis-chef/site-cookbooks/recipes/default.rb) starts like this:
include_recipe "build-essential"
include_recipe "mytardis::deps"
include_recipe "mytardis::nginx"
include_recipe "mytardis::postgresql"
mytardis-chef/cookbooks/build-essential/recipes/default.rb looks like this:
case node['platform']
when "ubuntu","debian"
%w{build-essential binutils-doc}.each do |pkg|
package pkg do
action :install
end
end
when "centos","redhat","fedora","scientific"
%w{gcc gcc-c++ kernel-devel make}.each do |pkg|
package pkg do
action :install
end
end
end
... (it's an older version of https://github.com/opscode-cookbooks/build-essential/blob/master/recipes/default.rb)
At runtime, for reasons I don't understand, this build-essential recipe gets loaded but not executed:
[default] Waiting for VM to boot. This can take a few minutes.
[default] VM booted and ready for use!
[default] Mounting shared folders...
[default] -- v-root: /vagrant
[default] -- v-csr-3: /tmp/vagrant-chef-1/chef-solo-3/roles
[default] -- v-csc-2: /tmp/vagrant-chef-1/chef-solo-2/cookbooks
[default] -- v-csc-1: /tmp/vagrant-chef-1/chef-solo-1/cookbooks
[default] -- v-csdb-4: /tmp/vagrant-chef-1/chef-solo-4/data_bags
[default] Running provisioner: Vagrant::Provisioners::ChefSolo...
[default] Generating chef JSON and uploading...
[default] Running chef-solo...
[Sun, 08 Jul 2012 05:14:32 +0200] INFO: *** Chef 10.12.0 ***
[Sun, 08 Jul 2012 05:14:32 +0200] DEBUG: Building node object for lucid32
[Sun, 08 Jul 2012 05:14:32 +0200] DEBUG: Extracting run list from JSON attributes provided on command line
[Sun, 08 Jul 2012 05:14:32 +0200] INFO: Setting the run_list to ["recipe[mytardis]"] from JSON
[Sun, 08 Jul 2012 05:14:32 +0200] DEBUG: Applying attributes from json file
[Sun, 08 Jul 2012 05:14:32 +0200] DEBUG: Platform is ubuntu version 10.04
[Sun, 08 Jul 2012 05:14:32 +0200] INFO: Run List is [recipe[mytardis]]
[Sun, 08 Jul 2012 05:14:32 +0200] INFO: Run List expands to [mytardis]
[Sun, 08 Jul 2012 05:14:32 +0200] INFO: Starting Chef Run for lucid32
[Sun, 08 Jul 2012 05:14:32 +0200] INFO: Running start handlers
[Sun, 08 Jul 2012 05:14:32 +0200] INFO: Start handlers complete.
...
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Loading Recipe mytardis via include_recipe
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Found recipe default in cookbook mytardis
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Loading Recipe build-essential via include_recipe
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Found recipe default in cookbook build-essential
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Loading Recipe mytardis::deps via include_recipe
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Found recipe deps in cookbook mytardis
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Loading Recipe mytardis::nginx via include_recipe
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Found recipe nginx in cookbook mytardis
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Loading Recipe iptables via include_recipe
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Found recipe default in cookbook iptables
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Loading Recipe mytardis::postgresql via include_recipe
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Found recipe postgresql in cookbook mytardis
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Loading Recipe postgresql::server via include_recipe
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Found recipe server in cookbook postgresql
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Loading Recipe postgresql::client via include_recipe
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: Found recipe client in cookbook postgresql
[Sun, 08 Jul 2012 05:14:33 +0200] INFO: Processing package[postgresql-client] action install (postgresql::client line 37)
[Sun, 08 Jul 2012 05:14:33 +0200] DEBUG: package[postgresql-client] checking package status for postgresql-client
....
[Sun, 08 Jul 2012 05:14:45 +0200] ERROR: gem_package[pg] (postgresql::client line 42) has had an error
.
make
sh: make: not found
That is, the build-essential recipe is "found" and "loaded", but it's the postgres recipe that gets "processed" first. And since build-essential (which installs the C compiler) wasn't run, the latter fails.
The relevant part of my Vagrantfile looks like this:
config.vm.provision :chef_solo do |chef|
chef.log_level = :debug
chef.cookbooks_path = ["mytardis-chef/site-cookbooks", "mytardis-chef/cookbooks"]
chef.roles_path = "mytardis-chef/roles"
chef.data_bags_path = "mytardis-chef/data_bags"
chef.add_recipe "mytardis"
end
I was previously using a slightly earlier version of Chef (perhaps 10.10.0?) In that version, build-essential was also not being run, but mytardis::deps was. Now using Chef 10.12.0. Physical machine is OSX, VM is Ubuntu Lucid.
So, a few questions:
- Why is build-essential not being "processed"?
- What's the right way to do this? (I didn't write these recipes, and I understand they do or have worked for their author.)
- Should the site-cookbooks and cookbooks 'shadowing' feature still work? It's supposedly deprecated: http://tickets.opscode.com/browse/CHEF-2308 (I tried making a symbolic link under from site-cookbooks/mytardis/recipes/build-essential but no joy).
Source: (StackOverflow)
I've noticed that just in the last year or so, many major websites have made the same change to the way their pages are structured. Each has moved their Javascript files from being hosted on the same domain as the page itself (or a subdomain of that), to being hosted on a differently named domain.
It's not simply parallelization
Now, there is a well known technique of spreading the components of your page across multiple domains to parallelize downloading. Yahoo recommends it as do many others. For instance, www.example.com is where your HTML is hosted, then you put images on images.example.com and javascripts on scripts.example.com. This gets around the fact that most browsers limit the number of simultaneous connections per server in order to be good net citizens.
The above is not what I am talking about.
It's not simply redirection to a content delivery network (or maybe it is--see bottom of question)
What I am talking about is hosting Javascripts specifically on an entirely different domain. Let me be specific. Just in the last year or so I've noticed that:
youtube.com has moved its .JS files to ytimg.com
cnn.com has moved its .JS files to cdn.turner.com
weather.com has moved its .JS files to j.imwx.com
Now, I know about content delivery networks like Akamai who specialize in outsourcing this for large websites. (The name "cdn" in Turner's special domain clues us in to the importance of this concept here).
But note with these examples, each site has its own specifically registered domain for this purpose, and its not the domain of a content delivery network or other infrastructure provider. In fact, if you try to load the home page off most of these script domains, they usually redirect back to the main domain of the company. And if you reverse lookup the IPs involved, they sometimes appear point to a CDN company's servers, sometimes not.
Why do I care?
Having formerly worked at two different security companies, I have been made paranoid of malicious Javascripts.
As a result, I follow the practice of whitelisting sites that I will allow Javascript (and other active content such as Java) to run on. As a result, to make a site like cnn.com work properly, I have to manually put cnn.com into a list. It's a pain in the behind, but I prefer it over the alternative.
When folks used things like scripts.cnn.com to parallelize, that worked fine with appropriate wildcarding. And when folks used subdomains off the CDN company domains, I could just permit the CDN company's main domain with a wildcard in front as well and kill many birds with one stone (such as *.edgesuite.net and *.akamai.com).
Now I have discovered that (as of 2008) this is not enough. Now I have to poke around in the source code of a page I want to whitelist, and figure out what "secret" domain (or domains) that site is using to store their Javascripts on. In some cases I've found I have to permit three different domains to make a site work.
Why did all these major sites start doing this?
EDIT: OK as "onebyone" pointed out, it does appear to be related to CDN delivery of content. So let me modify the question slightly based on his research...
Why is weather.com using j.imwx.com instead of twc.vo.llnwd.net?
Why is youtube.com using s.ytimg.com instead of static.cache.l.google.com?
There has to a reasoning behind this.
Source: (StackOverflow)
I had a fully working build environment before upgrading to iPhone OS 3.1 and Xcode 3.2. Now when I try to do a build, I get the following:
Code Sign error: Provisioning profile 'FooApp test' specifies the Application Identifier 'no.fooapp.iphoneapp' which doesn't match the current setting 'TGECMYZ3VK.no.fooapp.iphoneapp'
The problem is that Xcode somehow manages to think that the "FooApp Test" provisioning profile specifies the Application Identifier "no.fooapp.iphoneapp", but this is not the case.
In the Organizer (and in the iPhone developer portal website) the app identifier is correctly seen as 'TGECMYZ3VK.no.fooapp.iphoneapp'.
Also, when setting the provisioning profile in the build options at the project level, Xcode correctly identifies the app identifier, but when I go to the target, I'm unable to select any valid provisioning profile.
What could be causing this problem?
Update: I've tried to create a new provisioning profile, but still no luck. I also tried simply changing the app identified in Info.plist to just "no.fooapp.iphoneapp". The build succeeds, but now I get an error from the Organizer:
The executable was signed with invalid entitlements. The entitlements specified in your application's Code Signing Entitlements file do not match those specified in your provisioning profile. (0xE8008016).
This seems reasonable, as the provisioning profile still has the "TGECMYZ3VK.no.fooapp.iphoneapp" application identifier.
I also double checked that all certiicates are valid in the Keychain.
So my question is how I can get Xcode to see the correct application identifier?
UPDATE: As noted below, what seems to fix the problem is deleting all provisioning profiles, certificates, etc., making new certificates / profiles and installing them again. If anyone has any other solutions, they would be welcome. :)
Source: (StackOverflow)
I have the following setup:
- Many different projects which are separate git repositories, but all have mostly the same server configuration
- Each project in turn depends on many other projects and we use the composer dependency manager to get them together (PHP language here).
I want to use Vagrant and include a Vagrant file in each repository, so my team members can clone a repository, run vagrant up and be ready to go.
My question is now directed towards the provisioning. I need to install several tools and packages like apache, git, mysql and several php packages, then download some files (like a recent development db dump), set everything up in /var/www and run the composer install command.
So one option to do this is using a manager using recipes like chef or puppet.
The alternative would be to write a bash file and use shell provisioning.
I have not much experience with chef / puppet, so naturally, it seems easier to use the shell option, but I want to understand if this is not a good / viable option in the long run.
Why to me it seems a bad approach to go with puppet / chef:
I understand that I will have to use several different recipes and will almost always use the same recipes for my different repositories, so I would have to include all of them in all the repositories. Consider having 20 repos and needing 10 recipes, that means that I will need to add 200 recipes as a git-submodule or alike (also each team member needs to clone the repository, then clone 10 recipe repositories and only then run vagrant up for each project). In contrast, I would just need to have a small repo with my shell script and clone it 20 times.
I am probably missing something, so please advice whether I should opt for chef / puppet and why it makes sense even if my repositories all have a very similar server setup.
Source: (StackOverflow)
The iPhone i'm developing with (building the application to, not installed via ad-hoc) receives push notifications as it should. I've got an application that just sends dummy push notifications on command, and the dev iphone receives them consistently. However, I've distributed a beta build under the release configuration to several co-workers, and none of these builds of the app have received a single push notification. I've confirmed that the app prompts the user on first run for permission to receive push notifications, and I've also confirmed that everyone has answered "yes" to this prompt. Has anyone else experienced this problem? I feel like it has something to do with provisioning, but the apple developer portal is so vague about things, I very well could be missing something important.
Source: (StackOverflow)
I updated my provisioning profile to include some more devices for Ad-Hoc testing,I added this new profile and removed the old and now I am getting this error:
Code Sign error: Provisioning profile 'Floors2Go' specifies the
Application Identifier 'com.reapptive.Floors2Go' which doesn't match
the current setting 'com.reapptive.Floors2Go'
Which if you look they are both exactly the same, I have removed, re-added a new profile, deleted and re-entered the bundle name in my plist and for the life of me I cant figure this out.
I have also tried cleaning all and rebuild but to no avail.
Any ideas?
Source: (StackOverflow)
My distribution certificate is tied to an app, that I have distributed ad hoc to number of field employees, and it says it's going to expire tomorrow. When I go into the iOS provisioning portal, I go to the certificates link, and then the Distribution tab. Under expiration date for the certificate the date is listed as tomorrow. My question is how do I renew the certificate? I've been told there may be a renew button that pops up when it expires. I've also been told this renew button is going to pop up today when it hasn't. Is there going to be a renew button? Will the renew button pop up under the provisioning profile attached to the certificate or in certificates-->distribution in the portal? None of this is documented anywhere on what I need to do to ensure no down time with my app.
Thanks for the help!
Source: (StackOverflow)
OK, I've just got myself a shiny new MacBook Pro, and having been developing my iPhone app on another MacBook, I wanted to migrate my development to my new computer.
I've got to the stage where I can build the app and run it on the simulator no problem, but when it comes to running the app on my iPhone, I keep getting "The application could not be verified". I have installed a new developer certificate, and installed the provisioning profiles (all generated new), but I'm at a loss as to why I should still be getting the error.
Anyone have any ideas as to where I'm going wrong?
EDIT
I've recreated the certificate and profisioning profile, etc... The Build succeeds, and the status at the bottom gets all the way to 'Installing on Device', then two modal dialogs are displayed with the same "Application could not be verified" error message.
Is there any output I can get to that will give me a precise error?
EDIT
OK, I've got the appropriate log from Organizer showing the problem. It looks like I haven't set up the Entitlements.plist, but in xcode, I have. (I've added an Entitlements.plist fole, then unchecked get-task-allow, then added Entitlements.plist to the project settings under Code Signing Entitlements). The log is:
Tue Jun 16 07:35:42 unknown mobile_installation_proxy[1162] <Error>: install_embedded_profile: Skipping the installation of the embedded profile
Tue Jun 16 07:35:42 unknown securityd[1158] <Error>: mobile_installat[1162] SecItemCopyMatching: missing entitlement
Tue Jun 16 07:35:42 unknown securityd[1158] <Error>: mobile_installat[1162] SecItemCopyMatching: missing entitlement
Tue Jun 16 07:35:42 unknown securityd[1158] <Error>: mobile_installat[1162] SecItemCopyMatching: missing entitlement
Tue Jun 16 07:35:42 unknown securityd[1158] <Error>: mobile_installat[1162] SecItemCopyMatching: missing entitlement
Tue Jun 16 07:35:43 unknown mobile_installation_proxy[1162] <Error>: entitlement 'get-task-allow' has value not permitted by a provisioning profile
Tue Jun 16 07:35:43 unknown mobile_installation_proxy[1162] <Error>: verify_executable: Could not validate signature: e8008016
Tue Jun 16 07:35:43 unknown mobile_installation_proxy[1162] <Error>: preflight_application_install: Could not verify /var/tmp/install_staging.1WIVsB/BouldrData.app/BouldrData
Tue Jun 16 07:35:43 unknown mobile_installation_proxy[1162] <Error>: install_application: Could not preflight application install
Tue Jun 16 07:35:43 unknown mobile_installation_proxy[1162] <Error>: handle_install: Installation failed
Tue Jun 16 07:51:53 unknown afcd[1181] <Error>: user mobile has uid 501
Tue Jun 16 07:51:53 unknown afcd[1181] <Error>: mode is 0x41e8
Can anyone shed any light on why this isn't working as expected?
EDIT
Got the build working, but I've not accepted an answer yet, as I have no idea as to what's going on. Anyone with any idea as to what is going on?
Source: (StackOverflow)
I have published an app through the testflight website to allow my colleagues to test, and as more and more of them opens the initial email and find time to go through the registration process, testers are trickling in on my testflight team.
However, the process to add them to the test seems a bit convoluted, so I thought I'd verify, and ask, if I'm doing it right, or if I have missed something obvious.
At the moment the whole procedure looks like this:
- A colleague opens up the initial email, with the invitation link
- He/she then registers the device, and registers for the test
- I am informed of this new tester through an email and through the testflight site
- I then have to download (or write down/copy) the list of UDID's of all the new testers since last time
- I then have to visit the devices part of the Apple Developers site, and upload that file
- Edit my provisioning profile to include the new devices
- Wait for it to approve, and download the provisioning profile
- I drag the provisioning profile into the Xcode provisioning profile organizer
- I then go back to MonoDevelop, and ensure it is still pointing to the right profile (I don't know if using MonoDevelop/MonoTouch complicates this process so I didn't want to leave it out, it might be irrelevant for this question)
- I rebuild, and republish on testflight
- I then visit the testflight website, find the new/updated build, and ensure all my testers are informed of it
I noticed that if I do not update the version, it will "silently" replace the existing build, and reuse the list of testers that have already been informed, so if I just check all the new testers and complete, it'll only inform the new ones.
However, it seems a bit of a work to have to keep downloading and mucking about with the provisioning profile files.
Did I miss something obvious? Is there a way for me to make any part of this easier?
For instance, I noticed that I can create a provisioning profile inside the Xcode organizer, however that dialog box doesn't list any certificates so I can't complete that dialog. If this is a key element, leave a short answer to that effect and I'll instead repost a new question about that.
This question is just: Is the above procedure correct?
Source: (StackOverflow)