Wrapping an app with extensions successfully completes about 5% of the time

Question

Wrapping an app with extensions successfully completes about 5% of the time

brj-hsy opened this issue 4 years ago · 6 comments

I am wrapping 7 enterprise iOS applications. The 4 apps without app extensions wrap successfully. The 3 apps with app extensions do wrap successfully only about 5% of the time when I run the tool with the same command repeatedly.

If I run the identical wrapping command about 20 times for an app with extensions, I get about 1 successful wrap.

The other 95% of results are split relatively evenly between 2 errors: "zsh: segmentation fault" and "The certificate input you provided does not exist in the provisioning profile. Resubmit with a certificate which exists in the input provisioning profile."

The certificate does exist in the provisioning profile. Xcode and the build server are both able to build the unwrapped .ipa with the same set of profiles and certificate.

Variations I have tried with the same inconsistent results described above (about 5% success):

Calling the tool by passing arguments from the command line
Calling the tool with arguments specified in a .plist
Using the zsh shell
Using the bash shell
Passing provisioning profile paths as absolute paths
Passing provisioning profile paths as relative paths
Various different ways of quoting and escaping the extension provisioning profile paths when passed from the command line
Re-generating all the provisioning profiles for the app and extensions
Specifying the certificate by its SHA-1 hash
Specifying the certificate by its name

System Information

macOS Catalina 10.15.5
Tried Wrapping Tool versions 12.6.1, 12.4.1, 12.3.1

Example

This command produces a successful wrap about 5% of the time.

./IntuneMAMPackager/Contents/MacOS/IntuneMAMPackager -i "MyApp/MyApp.ipa" -o "MyApp/MyAppWrapped.ipa" -p "MyApp/MyApp.mobileprovision" -x "<array><string>MyApp/MyApp_Intents.mobileprovision</string><string>MyApp/MyApp_Today.mobileprovision</string><string>MyApp/MyApp_Watch.mobileprovision</string><string> MyApp/MyApp_Watch_Extension.mobileprovision</string></array>" -c "iPhone Distribution: My Company"

Do you have any suggestions for me to try? Thank you for your help.

Answer 1 · 2020-08-10T21:45:24.000Z

Hey @brj-hsy, thanks for reporting this issue. We are investigating it and I'll let you know when there is an update. In our upcoming release we did make a fix for a potential crash that could occur when we query the keychain for the cert, as well as adding some more verbose logging, so I'd be interested to know if things improve with the next release and if you could share the verbose logs if you do still see the issue!

Answer 2 · 2020-08-14T22:51:53.000Z

Hi @brj-hsy, we believe we've found the root cause of this issue and have a fix in code review now.

Answer 3 · 2020-08-17T14:39:16.000Z

@Kyle-Reis, thank you for the update. Here is the verbose log showing the error in wrapping tool 12.7.0.

Application packaging in progress...
Version of MACOSX is 10.15.6
Version of XCode installed is Xcode 11.6
Build version 11E708

Parsing provisioning profile...
Parsing main app provisioning profile...
Parsing extension provisioning profiles...
Checking that main provisioning profile has not expired...
Checking that extension provisioning profiles have not expired...
Checking if signing certificate is valid...
Provided certificate name length matches that of SHA1 hash.
Number of certificates returned by query: 7
Checking certificate at index: 0
Getting certificate common name.
Computing SHA-1 fingerprint of current certificate.
ComputingProvidedSHA1Hash.
Checking certificate at index: 1
Getting certificate common name.
Computing SHA-1 fingerprint of current certificate.
ComputingProvidedSHA1Hash.
Checking certificate at index: 2
Getting certificate common name.
Computing SHA-1 fingerprint of current certificate.
ComputingProvidedSHA1Hash.
Checking certificate at index: 3
Getting certificate common name.
Computing SHA-1 fingerprint of current certificate.
ComputingProvidedSHA1Hash.
Possible fingerprint match found. Checking if certificate is contained in provisioning profile...
Computing SHA-256 fingerprint of certificate.
Checking if SHA-256 hash exists in provisioning profile.
Certificate was found in the provisioning profile.
Checking if certificate issuer is Apple.
Checking if signing certificate is found in each extension profile...
Computing SHA-256 fingerprint of certificate.
zsh: segmentation fault  ./IntuneMAMPackager/Contents/MacOS/IntuneMAMPackager -i MyApp/App.ipa -o

Answer 4 · 2020-09-01T19:56:49.000Z

Hi @brj-hsy, just wanted to let you know that the fix for this issue has been checked in, but it is not included in today's release (12.8.0). It will become available in an upcoming release.

Answer 5 · 2020-09-15T17:45:01.000Z

Hey @brj-hsy, this issue should be fixed in the latest release(version 12.9.0).

Answer 6 · 2020-09-15T20:44:19.000Z

@Kyle-Reis I tested and the issue is fixed in 12.9.0. Thank you!