Bug 17110 - How can I check feature "code-signing to not merge the Keychain Access Groups entitlement from the specified Provisioning Profile" in X.S 4.2.3
Summary: How can I check feature "code-signing to not merge the Keychain Access Groups...
Status: VERIFIED FIXED
Alias: None
Product: Xamarin Studio
Classification: Desktop
Component: iOS add-in ()
Version: 4.2.x
Hardware: PC Mac OS
: Normal normal
Target Milestone: 4.2.3 (from master)
Assignee: Jeffrey Stedfast
URL:
Depends on:
Blocks:
 
Reported: 2014-01-08 04:58 UTC by narayanp
Modified: 2014-02-12 07:55 UTC (History)
5 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
VERIFIED FIXED

Description narayanp 2014-01-08 04:58:34 UTC
I am not sure how to check the feature "code-signing to not merge the Keychain Access Groups entitlement from the specified Provisioning Profile." it is implemented in X.S 4.2.3 and mentioned in X.S 4.2.3 Release Note

Could you please provide me some steps so that I can look into it?

Environment details:
X.S 4.2.3(build 29)
Comment 1 Jeffrey Stedfast 2014-01-08 12:21:34 UTC
Essentially, just compile an app w/o adding any keychain-access entitlements and then check the entitlements.xcent file that gets generated during compile to make sure that it doesn't have any keychain-access keys set.

You'll need to do something like this to make the xcent file readable:

plutil -convert xml1 /path/to/project/bin/AppStore/entitlements.xcent -o entitlements.xml
Comment 2 narayanp 2014-01-09 08:03:44 UTC
I have checked the Comment#1 and observed that when using command to convert .xcent to .xml it is giving error as mentioned in https://gist.github.com/saurabh360/c9f378b82e510af73890

While changing extension of file from .xcent to .xml manually and opening file it is showing me:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>application-identifier</key>
	<string>SJ4M429CQ6.com.your-company.iPhoneSingel</string>
	<key>com.apple.developer.default-data-protection</key>
	<string>NSFileProtectionComplete</string>
	<key>com.apple.developer.ubiquity-container-identifiers</key>
	<array>
		<string>7V723M9SQ5.com.your-company.iPhoneSingel</string>
	</array>
	<key>com.apple.developer.ubiquity-kvstore-identifier</key>
	<string>7V723M9SQ5.com.your-company.iPhoneSingel</string>
	<key>get-task-allow</key>
	<true/>
	<key>inter-app-audio</key>
	<true/>
	<key>keychain-access-groups</key>
	<array>
		<string>SJ4M429CQ6.com.your-company.iPhoneSingel</string>
	</array>
</dict>
</plist>

When I have check the Enable Keychain and the deploy the application and open .xml file it is:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>application-identifier</key>
	<string>SJ4M429CQ6.com.your-company.SingleAPp32</string>
	<key>com.apple.developer.default-data-protection</key>
	<string>NSFileProtectionComplete</string>
	<key>com.apple.developer.ubiquity-container-identifiers</key>
	<array>
		<string>7V723M9SQ5.com.your-company.SingleAPp32</string>
	</array>
	<key>com.apple.developer.ubiquity-kvstore-identifier</key>
	<string>7V723M9SQ5.com.your-company.SingleAPp32</string>
	<key>get-task-allow</key>
	<true/>
	<key>inter-app-audio</key>
	<true/>
	<key>keychain-access-groups</key>
	<array>
		<string>SJ4M429CQ6.com.xamarin.daysuntiltestmas</string>
	</array>
</dict>
</plist>

Both are looking me same. Please let me know is it correct or not?
Comment 4 Atin 2014-01-09 12:14:49 UTC
Now we run following command :

plutil -convert  xml1 /Users/nischal/Projects/iPhoneSingel/iPhoneSingel/bin/iPhone/Debug/iPhoneSingel.xcent -o iPhoneSingel.xml

and we got following text in iPhoneSingel.xml file :
 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>application-identifier</key>
	<string>SJ4M429CQ6.com.your-company.iPhoneSingel</string>
	<key>com.apple.developer.default-data-protection</key>
	<string>NSFileProtectionComplete</string>
	<key>com.apple.developer.ubiquity-container-identifiers</key>
	<array>
		<string>7V723M9SQ5.com.your-company.iPhoneSingel</string>
	</array>
	<key>com.apple.developer.ubiquity-kvstore-identifier</key>
	<string>7V723M9SQ5.com.your-company.iPhoneSingel</string>
	<key>get-task-allow</key>
	<true/>
	<key>inter-app-audio</key>
	<true/>
	<key>keychain-access-groups</key>
	<array>
		<string>SJ4M429CQ6.com.your-company.iPhoneSingel</string>
	</array>
</dict>
</plist>
Comment 5 Jeffrey Stedfast 2014-01-09 12:21:12 UTC
I forgot that the .xcent files were already in a readable XML format so the plutil command isn't necessary at all.

Anyway, that said, you need to make sure to remove the Keychain Access Groups key from the Entitlements.plist - if it's there, then it will be in the xcent file. The bugfix here was that if the Keychain Access Groups key/value does not exist within the Entitlements.plist, then it won't be in the xcent file either.
Comment 6 narayanp 2014-01-10 00:40:43 UTC
Jeff, I have creates a Single iPhone template application which does have check box unchecked of  'Enable Keychain' option in Entitlements.plist it means it does not contain keychain access group. Now when I deploy the application on device and open create .xml file it is displaying:
<key>keychain-access-groups</key>
	<array>
		<string>SJ4M429CQ6.com.your-company.SingleToday</string>

This is the gist for the same: https://gist.github.com/saurabh360/29cebad5c12604f951a1

And screencast of Entitlements.plist:http://screencast.com/t/C1ng1AnwbyfE
Comment 7 Jeffrey Stedfast 2014-01-10 12:30:19 UTC
This change only affects Xamarin.Mac projects.
Comment 8 Prashant manu 2014-01-13 09:01:44 UTC
I have checked the same thing for XamrinMac and observed that when  I create Xamamac project it does not contain Entitlement.plist in solution explorer. When I check the checkbox of Entitlements under Info.plist the it shows Entitlements.plist in Solution Explorer. Now when I open Entitlements.plist file it does not show  'keychain access group' option.This is the screencast for the same: http://screencast.com/t/9WcUEIF5JWW8 So I am not sure how to check this with Xamarin.mac?
Comment 10 Mohit Kheterpal 2014-02-12 07:55:24 UTC
Today we have checked this issue with XS 4.2.4 (build 17)

Now we are able to add keychain Sharing in xcode as shown in screencast : https://gist.github.com/saurabh360/783faaccaf702ade0cba

Hence closing this issue.

And we are not able to add keychain sharing from XS UI in Entitlements, so we have filled different issue for this i.e. bug 17724