Bug 31682 - Partial wildcard provisioning App ID in provisioning profile causes duplication, leading to "This value should be a string starting with your TEAMID" when submitting app
Summary: Partial wildcard provisioning App ID in provisioning profile causes duplicati...
Alias: None
Product: iOS
Classification: Xamarin
Component: MSBuild ()
Version: XI 8.10
Hardware: PC All
: Normal normal
Target Milestone: 8.13 (C6 alpha)
Assignee: Jeffrey Stedfast
Depends on:
Reported: 2015-07-06 18:46 UTC by Brendan Zagaeski (Xamarin Team, assistant)
Modified: 2015-08-21 13:39 UTC (History)
7 users (show)

Is this bug a regression?: ---
Last known good build:

Test case (7.34 KB, application/zip)
2015-07-06 18:46 UTC, Brendan Zagaeski (Xamarin Team, assistant)

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:

Description Brendan Zagaeski (Xamarin Team, assistant) 2015-07-06 18:46:32 UTC
Created attachment 11892 [details]
Test case

Partial wildcard provisioning App ID in provisioning profile causes duplication, leading to "This value should be a string starting with your TEAMID" when submitting app

This is very closely related to Bug 30052, but it's not 100% clear from that bug report whether the fix should resolve the issue for both iOS and Mac apps.

I am therefore filing this bug to track the fix for iOS apps. It appears the problem is already fixed in Xamarin.iOS master, so I believe the fix will be included in Cycle 5 SR 3 release.

## Regression status: Regression between XI 8.9 and XI 8.10

GOOD: Xamarin.iOS (master: c24171b)
BAD:  Xamarin.iOS    (8b265d6)
BAD:  Xamarin.iOS  (6481535)
GOOD: Xamarin.iOS     (f7736a4) 

## Steps to reproduce

1. Open the attached test case (or create a new iOS application using a template).

2. Set the active configuration to "Release|iPhone".

3. Under "Project Options -> iOS Bundle Signing", select a provisioning profile that includes a prefix _and_ a wildcard * character.

For example, in the attached test case, the provisioning profile I selected has the following display name on my computer:

> iOSTeam Provisioning Profile: com.example.*

This provisioning profile can be used to sign any application whose Bundle Identifier starts with "com.example". One way to create this kind of wildcard provisioning profile is first to create a "Wildcard App ID" of "com.example.*" on [1] and then to add a corresponding Development or Distribution provisioning profile.

> [1] https://developer.apple.com/account/ios/identifiers/bundle/bundleCreate.action

4. Build the application.

## Results

The merged `Entitlements.xcent` contains an incorrectly expanded "application-identifier" field: 

> <string>CWL9Z4NLQ4.com.example.com.example.helloworldios</string>

"com.example" should _not_ be duplicated.

### Two ways to view the merged entitlements

> $ cat HelloWorldIos/obj/iPhone/Release/Entitlements.xcent 

> $ codesign -d --entitlements :- HelloWorldIos/bin/iPhone/Release/HelloWorldIos.app

### Errors from Application Loader

If you attempt to submit an app built with this kind of wildcard distribution provisioning profile, it fails with an error due to the duplicated "com.example" prefix:

> ERROR ITMS-90046: "Invalid Code Signing Entitlements. Your application
> bundle's signature contains code signing entitlements that are not supported
> on iOS. Specifically, value
> 'CWL9Z4NLQ4.com.example.com.example.helloworldios' for key
> 'application-identifier' in 'Payload/HelloWorldIos.app/HelloWorldIos' is not
> supported. This value should be a string starting with your TEAMID, followed
> by a dot '.', followed by the bundle identifier."

## Additional version info (brief)

### Mac OS X 10.10.3

Mono 4.0.2 (detached/c99aa0c)

Xcode 6.3.2 (7718), Build 6D2105
Comment 1 Brendan Zagaeski (Xamarin Team, assistant) 2015-07-06 18:54:30 UTC
Marking as fixed to let the QA team verify that the problem is indeed fixed in on the candidate builds of Xamarin.iOS, Cycle 5 Service Release 3.
Comment 2 Danish Akhtar 2015-07-07 03:43:19 UTC
Today, I have checked this issue with X.iOS 5 Trunk) after following the steps mentioned in Bug and  we are still observing duplicity under merged `Entitlements.xcent`. 

Screencast for the same: http://www.screencast.com/t/Lx6wjntOqoS

Hence Reopening this issue.

Environment info:

=== Xamarin Studio ===

Version 5.9.5 (build 3)
Installation UUID: 2939b8b4-8977-42bd-82d6-100275ccd9cd
	Mono 4.0.2 ((detached/5f447f9)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 400020016

=== Apple Developer Tools ===

Xcode 6.2 (6776)
Build 6C131e

=== Xamarin.iOS ===

Version: (Enterprise Edition)
Hash: e4cb14c
Branch: master
Build date: 2015-07-03 04:03:14-0400

=== Xamarin.Mac ===

Version: (Enterprise Edition)

=== Xamarin.Android ===

Version: (Enterprise Edition)
Android SDK: /Users/360_macmini/Library/Developer/Xamarin/android-sdk-mac_x86
	Supported Android versions:
		2.3    (API level 10)
		4.0.3  (API level 15)
		4.1    (API level 16)
		4.2    (API level 17)
		4.3    (API level 18)
		4.4    (API level 19)
		4.4.87 (API level 20)
		5.0    (API level 21)
Java SDK: /usr
java version "1.7.0_75"
Java(TM) SE Runtime Environment (build 1.7.0_75-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.75-b04, mixed mode)

=== Xamarin Android Player ===

Version: Unknown version
Location: /Applications/Xamarin Android Player.app

=== Build Information ===

Release ID: 509050003
Git revision: 5716b0c7ef341fff65ce7bd750be2b9ae64a1807
Build date: 2015-06-30 15:34:42-04
Xamarin addins: 8adf470161f63b54bcfea78416e4541f6d55d7bb

=== Operating System ===

Mac OS X 10.9.4
Darwin 360-MACMINIs-Mac-mini-2.local 13.3.0 Darwin Kernel Version 13.3.0
    Tue Jun  3 21:27:35 PDT 2014
    root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64
Comment 3 PJ 2015-07-13 12:34:17 UTC
Missed freeze deadline for C5SR3, updating milestone.
Comment 4 Rolf Bjarne Kvinge [MSFT] 2015-07-14 05:24:26 UTC
@Jeff, can you identify the hashes in master that would fix this, so we can evaluate if we want it in SR4 or not?
Comment 5 Jeffrey Stedfast 2015-08-12 18:01:29 UTC
Looks like this one:

commit cfbbf13f47b3b1be2eda59009ba6a1f21ffb114d
Author: Jeffrey Stedfast <jeff@xamarin.com>
Date:   Wed May 13 19:52:43 2015 -0400

    [msbuild] Modified CompileEntitlements logic for expanding *'s
    Partial fix for bug #30052
Comment 6 Rolf Bjarne Kvinge [MSFT] 2015-08-13 04:10:34 UTC
@Brendan, this is not fixed in Cycle 5 (any SR), currently it's only in Cycle 6 (and XI 9). Is this something that's heavily affecting customers?
Comment 7 Brendan Zagaeski (Xamarin Team, assistant) 2015-08-13 11:09:49 UTC
So far I haven't seen any customer reports of it. My guess is that the use of these "Partial wildcard provisioning App IDs" is fairly uncommon.
Comment 8 Rolf Bjarne Kvinge [MSFT] 2015-08-13 11:12:29 UTC
OK, I'm pushing this to Cycle 6 then.
Comment 9 Mohit Kheterpal 2015-08-13 11:53:26 UTC
I have checked this issue and observed that this issue is fixed with latest build of master i.e. monotouch-
as shown in screencast :  http://www.screencast.com/t/Hq76OFJj9

Hence closing this issue.
Comment 11 Brendan Zagaeski (Xamarin Team, assistant) 2015-08-21 13:39:01 UTC
## Possible workaround

There is at least one "brute force" way to work around this problem:

1. Follow the steps on [1]. These steps are directed primarily toward XamarinVS users, but the same general approach will work on Mac as well. (The main difference on Mac is just that the `obj/` and `bin/` folders will by default be in the project directory rather than the `~/Library/Caches/Xamarin/mtbs/builds` folder.)

[1] https://kb.xamarin.com/customer/en/portal/articles/2048920-can-i-add-files-to-or-remove-files-from-an-ipa-file-after-building-it-in-visual-studio-

2. Skip step 9 from [1]. In other words, do _not_ add any files to or remove any files from the IPA. Instead, open the `obj/iPhone/AppStore/Entitlements.xcent` file in a text editor before step 15 and remove the duplicated names.

## Supplemental contact info

To any customers with Business or higher licenses who might find this bug report and be looking for more detailed help completing this "brute force" workaround, be sure to contact the Support Team via email [2]. For other users, feel free to post on the forums to request assistance from the broader Xamarin community.

[2] https://kb.xamarin.com/customer/portal/articles/1632104-how-do-i-contact-xamarin-for-support-