Page 1
Provisioning Profile Stockholm Syndrome
This presentation contains confidential information intended only for the recipient(s) named above. Any other distribution, re-transmission, copying or disclosure of this message is strictly prohibited. If you have received this transmission in error, please notify me immediately by
telephone or return email, and delete this presentation from your system.
Page 2
Jay Graves - CTO POSSIBLE Mobile@skabber
Page 3
Provisioning Profiles Are Everywhere
• App
• Today Widget
• Watch App
• Watch Extension
• Shared Library
• Share Extension
Page 4
I want you to LOVE Provisioning Profiles
Page 5
What is a Provisioning Profile?
Page 6
What is a Provisioning Profile?
SMIME / PKCS#7
Page 7
Thank you!Jay Graves - CTO POSSIBLE Mobile@skabber
Page 8
What is a Provisioning Profile?
SMIME / PKCS#7
Page 9
Provisioning Profile in vi
Page 10
Read a ProfileCOMMAND LINE
security cms -D -i my.mobileprovision
Page 12
Important ValuesAPPLICATION IDENTIFIER
<key>application-identifier</key>
<string>ABCDEFGHIJK.com.your.bundleid</string>
Page 13
Important ValuesENTITLEMENTS
<key>Entitlements</key> <dict> ... <key>com.apple.developer.ubiquity-container-identifiers</key> ... <key>com.apple.developer.ubiquity-kvstore-identifier</key> ... <key>get-task-allow</key> ... </dict>
Page 14
Important ValuesPROVISIONED DEVICES
<key>ProvisionedDevices</key> <array> <string>7af8ee3af8e4e13193bd834bab50e1d...</string> <string>a9f0d0477a6d3e8dad0ff984f7ba77e...</string> </array>
Page 15
Important ValuesUUID
<key>UUID</key>
<string>E0EF8ACE-E83A-475C-9DA7-C67A147659FD</string>
Page 16
Important ValuesDEVELOPER CERTIFICATES
<key>DeveloperCertificates</key> <array> <data> MIIFnDCCBISgAwIBAgIIEIdrqpJlb9MwDQYJKoZIhvcNAQEFBQAwgZYxCzAJ BgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBs ZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBw bGUgV29ybGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlv ...
Page 17
Important ValuesDEVELOPER CERTIFICATES
-----BEGIN CERTIFICATE----- MIIFnDCCBISgAwIBAgIIEIdrqpJlb9MwDQYJKoZIhvcNAQEFBQAwgZYxCzAJ BgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBs ZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBw bGUgV29ybGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlv ... -----END CERTIFICATE-----
openssl x509 -text -in cert.pem
Page 18
Important ValuesDEVELOPER CERTIFICATES
Certificate: Data: Version: 3 (0x2) Serial Number: 10:87:6b:aa:92:65:6f:d3 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations, CN=Apple Worldwide Developer Relations Certification Authority Validity Not Before: Nov 3 21:38:10 2012 GMT Not After : Nov 3 21:38:10 2013 GMT Subject: UID=9K9F9LCV74, CN=iPhone Distribution: Massively Overrated, OU=9K9F9LCV74, O=Massively Overrated, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:c8:57:f9:cf:af:c2:4d:7a:8a:16:62:47:4b:c2:
Page 19
Install a Provisioning ProfileDON’T DOUBLE CLICK THEM!
Not human readable.
Page 20
Install a Provisioning ProfileDRAG THEM INTO THE FINDER
~/Library/MobileDevice/Provisioning Profiles
Page 21
Install a Provisioning ProfileDRAG THEM INTO THE FINDER
Page 22
Install a Provisioning ProfileDRAG THEM INTO THE FINDER
Much better.
Page 23
Tools for using Provisioning ProfilesTERMINAL.APP
Page 24
Tools for using Provisioning ProfilesTERMINAL.APP + SHELL ALIAS
alias prov=‘security cms -D -i‘
Page 25
Tools for using Provisioning ProfilesQUICK LOOK PLUGIN
Page 26
Tools for using Provisioning ProfilesAUTOMATOR SERVICE
Page 27
Tools for using Provisioning ProfilesAUTOMATOR SERVICE
http://d.pr/13uj9
Page 28
Tools for using Provisioning ProfilesAUTOMATOR SERVICE
Page 30
XcodeHOW DOES IT SEE PROFILES?
CODE_SIGN_IDENTITY = "iPhone Developer";PROVISIONING_PROFILE = "";
Page 31
XcodeHOW DOES IT SEE PROFILES?
CODE_SIGN_IDENTITY = "iPhone Developer: Jay Graves (E6L876QFM6)";
PROVISIONING_PROFILE = "0FEB5831-22D3-4B1D-A973-59ED243E8103";
Page 34
What does all this mean?
•Automatic Profiles•Good if you don’t have multiple projects.•It can select the wrong profile.•Rules on automatic selection are not defined.
•Specific Profiles•Much more control over which profile is selected.•Can be a pain to update the project file every time a profile is updated.
Page 35
Nick ArnottIS A FUNNY GUY
Page 36
Can this be better?Yes!
Page 37
Convention over Configuration
Page 38
Convention over Configuration
• An Xcode Project can have multiple targets
• Every target can have multiple configurations
• Every target/configuration combination “should” have a provisioning profile
Name your profiles accordingly.
PROJECT-TARGET-CONFIGURATION.mobileprovision
Page 39
Convention over ConfigurationUSE A SCRIPT
Run this script to set all the profiles properly.
set_project_profiles.sh -b -p Your.xcodeproj
http://bit.ly/ProjectProfiles
Page 40
Thank You!Jay Graves - CTO POSSIBLE Mobile@skabber
Page 41
Convention over ConfigurationHOW DOES IT WORK?
Magic scripts are great but how does it work?
• Create a folder at the root of every project called “CodeSign”.
• Put every profile in that directory.
• Script copies those profiles into ~/Library/MobileDevice/Provisioning Profiles
• Script inspects Xcode project for a list of Targets,
• Script gets a list of Configurations for each Target.
Page 42
Convention over ConfigurationHOW DOES IT WORK?
• Script checks for any installed profile that follows the naming convention.
• Script queries the UUID for that profile.
• Script modifies the Xcode project with the appropriate UUID per Target/Configuration.
Page 43
Modifying an Xcode Project!OMGWTFBBQ!
It’sJust
APLIST
Page 45
Modifying and Xcode ProjectIS NO BIG DEAL
Except…
PlistBuddy only outputs XML.
Page 46
Tips:
• Project Specific Keychains
• Runtime asserts for missing entitlements
• Don’t click “Fix Issue”
• Read the Xcode errors
• Don’t go nuclear!
Page 47
Thank you!Jay Graves - CTO POSSIBLE Mobile@skabber