iOS 10 needs keychain entitlements

[dbankier]

Not sure where you want to update the README.md, but for iOS10 you need to have a custom Entitlements.plist file in your project with the following content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.keystore.access-keychain-keys</key>
    <true/>
    <key>com.apple.keystore.device</key>
    <true/>
</dict>
</plist>

[dbankier]

this might only be for the simulator...

[benbahrenburg]

Hi @dbankier was planning on updating. You'll need this for both Simulator and deploy.

[dbankier]

Thanks. Not sure why, but I only seemed to need it for the simulator. Was getting an entitlement conflict on an adhoc deploy to device... Probably my issue.

[ndastur]

@benbahrenburg @dbankier shouldn't need a custom Entitlements.plist.

Should be able to place keys in tiapp.xml
<ios>
<plist>
<dict>

[markruys]

I've added the entitlements, but still get with iOS 10, securely V.2.2.0:

[ERROR] Unable to set value to keychain Error Domain=com.samsoffes.sskeychain Code=-34018 "errSecDefault" UserInfo={NSLocalizedDescription=errSecDefault}

Or this another issue?

[benbahrenburg]

Hi @markruys ,
I ran into a similar issue in the beginning. The process of adding is alittle confusing. If you are using Alloy, there are two platform / ios directories. Depending on your version you'll need to make sure you are using the correct one.

Also make sure you clean your project.

You might also want to check your team-id. This could have an impact.

There is some good information on how to add and work with entitlements here https://www.appcelerator.com/blog/2016/09/ga-release-for-titanium-sdk-5-5-0-appcelerator-cli-5-5-0-appcelerator-studio-4-7-1/

[joshualambert]

I'm seeing this behavior also. Not completely clear on what it is I'm supposed to do.

[joshualambert]

I added a appname.plist file to app/platform/ios/appname.plist that looks like this per the comment above:

`

com.apple.keystore.access-keychain-keys com.apple.keystore.device `

Still getting this error:
[ERROR] Unable to set value to keychain Error Domain=com.samsoffes.sskeychain Code=-34018 "errSecDefault" UserInfo={NSLocalizedDescription=errSecDefault}

Does anybody know what I'm missing here? I'm a bit lost as to where I'm jumping the tracks here. Using SDK 5.5.1.

[joshualambert]

Also tried creating a file in app/platform/ios/entitlements.plist with those same values and see the same error also. Lost here.

[benbahrenburg]

@joshualambert this worked for me.

1. Create an entitlement file called myApp.entitlements , my app is called myApp
2. Contents of the file are below, please note the com.hello.myapp which matches my organization identifier

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>keychain-access-groups</key>
    <array>
        <string>$(AppIdentifierPrefix)com.hello.myapp</string>
    </array>
</dict>
</plist>

3. The app I'm building an an Alloy app. So I place this file in /project/app/platform/ios
4. Clean project

Another trick is you can go into the SDK folder and enable keychain support. But would recommend trying the above before doing that.

[markruys]

@benbahrenburg, adding the myApp.entitlements file with a keychain-access-groups to the Alloy iOS platform directory fixed the "Unable to set value to keychain" error for me. Thanks!

[taylor4502]

I had previously added the myApp.entitlements file and all was well (I uploaded a build in December). But now I've started to get code signing entitlement errors when uploading. The errors relate to com.apple.keystore.device and com.apple.keystore.access-keychain-keys.

Any ideas?

[benbahrenburg]

With the latest version of Ti, I've found you don't need the entitlements. You might also want to double check your Xcode template

[mcvendrell]

I'm having the same problems, with the latest version: SDK 6.0.1, XCOde 8.2.1, iOS simulator
10.2.

I tried the myApp.entitlements solution without success. Any idea?

[reymundolopez]

Same problem here, anyone has any idea on how to fix it for the sim?

[agersoncgps]

I have tried creating the myappid.entitlements file and placing the xml keys directly in tiapp.xml. I am still getting the error [ERROR] : Unable to set value to keychain Error Domain=com.samsoffes.sskeychain Code=-34018 "errSecDefault" UserInfo={NSLocalizedDescription=errSecDefault}

[benbahrenburg]

@agersoncgps would recommend double checking you are running the latest version of Xcode (8.3), Ti SDK (6.0.2) and Securely. I am running this combination in production without the need for an entitlements or modification to tiapp.xml file. The only non standard configuration I use is setting the min iOS target to 9.

If in your configuration you are running into this error in the simulator, I would recommend writing a proxy that uses a plist save strategy when in the simulator and a keychain strategy when on device.