Upload
jay-graves
View
365
Download
2
Embed Size (px)
Citation preview
Provisioning Profile Stockholm Syndrome
This presentation contains confidential information intended only for the recipient(s) named above. Any other distribution, re-transmission, copying or disclosure of this message is strictly prohibited. If you have received this transmission in error, please notify me immediately by
telephone or return email, and delete this presentation from your system.
Jay Graves - CTO POSSIBLE Mobile@skabber
Provisioning Profiles Are Everywhere
• App
• Today Widget
• Watch App
• Watch Extension
• Shared Library
• Share Extension
I want you to LOVE Provisioning Profiles
What is a Provisioning Profile?
What is a Provisioning Profile?
SMIME / PKCS#7
Thank you!Jay Graves - CTO POSSIBLE Mobile@skabber
What is a Provisioning Profile?
SMIME / PKCS#7
Provisioning Profile in vi
Read a ProfileCOMMAND LINE
security cms -D -i my.mobileprovision
Important ValuesAPPLICATION IDENTIFIER
<key>application-identifier</key>
<string>ABCDEFGHIJK.com.your.bundleid</string>
Important ValuesENTITLEMENTS
<key>Entitlements</key> <dict> ... <key>com.apple.developer.ubiquity-container-identifiers</key> ... <key>com.apple.developer.ubiquity-kvstore-identifier</key> ... <key>get-task-allow</key> ... </dict>
Important ValuesPROVISIONED DEVICES
<key>ProvisionedDevices</key> <array> <string>7af8ee3af8e4e13193bd834bab50e1d...</string> <string>a9f0d0477a6d3e8dad0ff984f7ba77e...</string> </array>
Important ValuesUUID
<key>UUID</key>
<string>E0EF8ACE-E83A-475C-9DA7-C67A147659FD</string>
Important ValuesDEVELOPER CERTIFICATES
<key>DeveloperCertificates</key> <array> <data> MIIFnDCCBISgAwIBAgIIEIdrqpJlb9MwDQYJKoZIhvcNAQEFBQAwgZYxCzAJ BgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBs ZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBw bGUgV29ybGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlv ...
Important ValuesDEVELOPER CERTIFICATES
-----BEGIN CERTIFICATE----- MIIFnDCCBISgAwIBAgIIEIdrqpJlb9MwDQYJKoZIhvcNAQEFBQAwgZYxCzAJ BgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBs ZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBw bGUgV29ybGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlv ... -----END CERTIFICATE-----
openssl x509 -text -in cert.pem
Important ValuesDEVELOPER CERTIFICATES
Certificate: Data: Version: 3 (0x2) Serial Number: 10:87:6b:aa:92:65:6f:d3 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations, CN=Apple Worldwide Developer Relations Certification Authority Validity Not Before: Nov 3 21:38:10 2012 GMT Not After : Nov 3 21:38:10 2013 GMT Subject: UID=9K9F9LCV74, CN=iPhone Distribution: Massively Overrated, OU=9K9F9LCV74, O=Massively Overrated, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:c8:57:f9:cf:af:c2:4d:7a:8a:16:62:47:4b:c2:
Install a Provisioning ProfileDON’T DOUBLE CLICK THEM!
Not human readable.
Install a Provisioning ProfileDRAG THEM INTO THE FINDER
~/Library/MobileDevice/Provisioning Profiles
Install a Provisioning ProfileDRAG THEM INTO THE FINDER
Install a Provisioning ProfileDRAG THEM INTO THE FINDER
Much better.
Tools for using Provisioning ProfilesTERMINAL.APP
Tools for using Provisioning ProfilesTERMINAL.APP + SHELL ALIAS
alias prov=‘security cms -D -i‘
Tools for using Provisioning ProfilesQUICK LOOK PLUGIN
Tools for using Provisioning ProfilesAUTOMATOR SERVICE
Tools for using Provisioning ProfilesAUTOMATOR SERVICE
Xcode
XcodeHOW DOES IT SEE PROFILES?
CODE_SIGN_IDENTITY = "iPhone Developer";PROVISIONING_PROFILE = "";
XcodeHOW DOES IT SEE PROFILES?
CODE_SIGN_IDENTITY = "iPhone Developer: Jay Graves (E6L876QFM6)";
PROVISIONING_PROFILE = "0FEB5831-22D3-4B1D-A973-59ED243E8103";
Build Error
Project Diff
What does all this mean?
•Automatic Profiles•Good if you don’t have multiple projects.•It can select the wrong profile.•Rules on automatic selection are not defined.
•Specific Profiles•Much more control over which profile is selected.•Can be a pain to update the project file every time a profile is updated.
Nick ArnottIS A FUNNY GUY
Can this be better?Yes!
Convention over Configuration
Convention over Configuration
• An Xcode Project can have multiple targets
• Every target can have multiple configurations
• Every target/configuration combination “should” have a provisioning profile
Name your profiles accordingly.
PROJECT-TARGET-CONFIGURATION.mobileprovision
Convention over ConfigurationUSE A SCRIPT
Run this script to set all the profiles properly.
set_project_profiles.sh -b -p Your.xcodeproj
http://bit.ly/ProjectProfiles
Thank You!Jay Graves - CTO POSSIBLE Mobile@skabber
Convention over ConfigurationHOW DOES IT WORK?
Magic scripts are great but how does it work?
• Create a folder at the root of every project called “CodeSign”.
• Put every profile in that directory.
• Script copies those profiles into ~/Library/MobileDevice/Provisioning Profiles
• Script inspects Xcode project for a list of Targets,
• Script gets a list of Configurations for each Target.
Convention over ConfigurationHOW DOES IT WORK?
• Script checks for any installed profile that follows the naming convention.
• Script queries the UUID for that profile.
• Script modifies the Xcode project with the appropriate UUID per Target/Configuration.
Modifying an Xcode Project!OMGWTFBBQ!
It’sJust
APLIST
PlistBuddy Demo
Modifying and Xcode ProjectIS NO BIG DEAL
Except…
PlistBuddy only outputs XML.
Tips:
• Project Specific Keychains
• Runtime asserts for missing entitlements
• Don’t click “Fix Issue”
• Read the Xcode errors
• Don’t go nuclear!
Thank you!Jay Graves - CTO POSSIBLE Mobile@skabber