search

dotnet / maui

.NET MAUI is the .NET Multi-platform App UI, a framework for building native device applications spanning mobile, tablet, and desktop.
https://dot.net/maui
MIT License
22.26k stars 1.76k forks source link

App will not install on device with Sign in with Apple capability in the provisioning profile and com.apple.developer.applesignin key is in Entitlements.plist after publishing. #25923

Closed amilici closed 3 days ago

amilici commented 3 days ago

Description

I'm not sure this is the correct place to report this.

App will not install on device when com.apple.developer.applesignin key is in Entitlements.plist after publishing. It is unable to find a valid provisioning profile. The Sign In with Apple capability is in the provisioning profile and it is valid. If I remove the com.apple.developer.applesignin key from the Entitlements.plist and publish again the app will install on a device.

Steps to Reproduce

msbuild.binlog.zip

  1. Have an app with the Sign in with Apple capability enabled on the Developer portal.

  2. Make sure the provisioning profile for the app is updated and downloaded to the computer that will publish the app.

  3. Add the key `com.apple.developer.applesignin

    Default ` to the Entitlements.plist file.

  4. Run the command dotnet publish with the configuration that uses the provisioning profile "dotnet publish -f net8.0-ios -c AdHoc -v n "

  5. try to install the resulting *.ipa file.

App cannot be installed because its integrity could not be verified. The relevant console output is

-[IXSDataPromise cancelForReason:client:error:]: <IXSPromisedOutOfBandTransfer(0xbf8341e00) Name:security-promise Creator:App Store UUID:A5EB49F0-64B5-4743-A091-86B09C5C7C43 PercentComplete:1.000000 IsComplete:Y DiskUsageBytes:0> : canceled by client 17 for reason Error Domain=IXUserPresentableErrorDomain Code=14 "This app was not installed because its integrity could not be verified." UserInfo={NSUnderlyingError=0xbf82b7750 {Error Domain=MIInstallerErrorDomain Code=13 "Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.ULxVAa/extracted/Payload/Guess81.app : 0xe8008015 (A valid provisioning profile for this executable was not found.)" UserInfo={NSLocalizedDescription=Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.ULxVAa/extracted/Payload/Guess81.app : 0xe8008015 (A valid provisioning profile for this executable was not found.), LegacyErrorString=ApplicationVerificationFailed, SourceFileLine=79, FunctionName=

If I remove the com.apple.developer.applesignin from Entitlements.plist and run publish again I am able to install the resulting *.ipa.

Note: The app contains a Notification Service Extension.

Link to public reproduction project repository

No response

Version with bug

8.0.82 SR8.2

Is this a regression from previous behavior?

Not sure, did not test other versions

Last version that worked well

No response

Affected platforms

iOS

Affected platform versions

iOS 18.2, iOS 17.6

Did you find any workaround?

Relevant log output

Detected signing identity:

           Code Signing Key: "iPhone Distribution: GUESS/ INC (9P4GQ95Q3N)" (7AC26FB3E6F57E0027F48FE0BF8CE51EFAF83370)
           Provisioning Profile: "Guess NSE Ad-Hoc Distribution" (6fd235d1-9fdf-4b78-a291-a6c5ac43aadb)
           Bundle Id: com.guess.alert.GuessNSE
           App Id: 9P4GQ95Q3N.com.guess.alert.GuessNSE

//...

   _CodesignAppBundle:
         Tool /usr/bin/codesign execution started with arguments: -v --force --timestamp=none --sign 7AC26FB3E6F57E0027F48FE0BF8CE51EFAF83370 --entitlements /Users/amilici/Projects/guess/GuessNSE/obj/Release/net8.0-ios/iossimulator-arm64/net8.0-ios/ios-arm64/Entitlements.xcent /Users/amilici/Projects/guess/Guess81/bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex

         Tool /usr/bin/codesign execution started with arguments: -v --force --timestamp=none --sign 7AC26FB3E6F57E0027F48FE0BF8CE51EFAF83370 --entitlements /Users/amilici/Projects/guess/Guess81/obj/AdHoc/net8.0-ios/ios-arm64/Entitlements.xcent /Users/amilici/Projects/guess/Guess81/bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app

       _CodesignVerify:
         /usr/bin/codesign --verify -vvvv "-R=anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)" bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex 
         bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex: valid on disk
         bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex: satisfies its Designated Requirement
         bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app/PlugIns/GuessNSE.appex: explicit requirement satisfied
         /usr/bin/codesign --verify -vvvv "-R=anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)" bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app 
         bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app: valid on disk
         bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app: satisfies its Designated Requirement
         bin/AdHoc/net8.0-ios/ios-arm64/Guess81.app: explicit requirement satisfied
jfversluis commented 3 days ago

This issue was moved to xamarin/xamarin-macios#21645