The first update to the beta release Xcode Treasures went out yesterday, and it's a doozy: Security . In fact, in my original proposal and disposition for the book, this was called Code-Signing Hell . Of course I knew I had to cover it, but did not look forward to the experience.
When I dug into the material again – we covered code signage and App Store submission in IOS 10 SDK Development and its predecessors, after all – it turns out that the approach to This new book really helped out. All in all, all Xcode touches is fair game so I could start with a single Mac-kun concept: sandboxing. This allows the chapter to start with a simple introduction to the current target field tab, before entering the entire kielbasa of iOS code signing and submission of the App Store.
After a simple look at only local sandbox problems, it actually fell into place for a coherent story. Go beyond sandboxing and find out there are capabilities like push notifications and iCloud that affect Apple's backend or user's private data, and therefore require rights . And to handle rights, you need an AppID that specifies your rights, which you manage at https://developer.apple.com/account.
and when you find AppID in "Certificates, Identifiers, and Profiles" you are already on top of the other two parts of the equation: the profile that will link an AppID to an allowed action such as installing on a development device or distributing via the App Store and the certificate you use to sign it, thereby proving your identity to Apple and eventually your end users.
Xcode's automatic signing helps to teach these things because you can let it generate all of these for you automatically. It makes it much easier to get to the final step, which covers manual signing. It's a pain, but it feels like having made the trip there, step by step to see how the pieces fit together and take care of yourself (if you have to).
It really helps my editor, Tammy Coron, is also an Xcode user and has been dealing with app signing match so she could take care of that the line through this material was clean made me reorganize some things where AppIDs are introduced), and pressed me to justify manual signing in the era of automatic signing.
The second thing that helped this case in place re-titles the chapter "Security", even if it's misleading. This is not just about Xcode keeping you safe. To a large extent, these systems exist to protect Apple and its users from you or at least someone who seems to be you. It does not feel good to have to jump through the hoops and show bona fides to get your app up in the store, but it's also not unjustified.
And honestly, it's a hell much better than it used to be. For me, the biggest improvement has been that you can have one development certificate per machine, instead of per account. In the bad old days, you would inevitably capture your laptop with bad configuration, manually remove your old certificate and create a new one and then clean up everything when you return to your desktop Mac. Several development sites, plus automatic signing, made this material easier to write than it was five years ago.