Jay Graves

Provisioning Profile Tips & Tricks

Use this command to verify a .mobileprovision file and output its contents.

openssl smime -in /path/to/your.mobileprovision -inform der -verify

If you are on Linux you may not have Apples Cert installed into openssl so you can use

openssl smime -in /path/to/your.mobileprovision -inform der -verify -noverify

Use the Latest Version of Clang

Update You must use an absolute path in step 3 or you could get a crash. Thanks @hyperjeff

At the time of this writing the latest version of Xcode (4.3.2) was released on March 22nd 2012. The latest version of Clang (267) was released on June 1 2012. There have been 4 updates to Clang since Xcode 4.3.2 has shipped and those updates fix bugs and add better support for blocks. See the Clang release notes.

It is really easy to take advantage of these updates on your development machine or on your build servers.

On your local development machine

  1. Download Clang curl -L -o clang.tar.bz2
  2. Untar it tar -jxvf clang.tar.bz2
  3. Tell Xcode about the updated Clang sudo ./checker-267/set-xcode-analyzer --use-checker-build=$ABSOLUTE_PATH_TO_CLANG

Now Xcode will use this updated version of Clang instead of the built in version. If you ever want to change back you run sudo ./checker-267/set-xcode-analyzer --use-xcode-clang

On your build servers

The Jenkins Clang Scan-Build Plugin has settings that define where Clang lives outside of Xcode. I install Clang in /usr/local/bin/checker

Clang Scan-Build Plugin Settings

With all that done you can now enjoy the benefits of the most up to date static code analysis.

Also, I love the graphs that the Clang Scan-Build Plugin creates

Reverse Proxy on OS X Server for Jenkins & Github

When I first started using Jenkins with Github I was using scm polling to check github for changes. This is bad, there is a much better way. Have github tell you when changes have been pushed via a Service Hook. The problem is that your Jenkins might be behind a private network. The solution is to use a Reverse Proxy.

Setting up a Reverse Proxy on OS X Lion is easy.

  1. Download jenkinsProxy.plist
  2. Modify the url to your local Jenkins server
  3. Move jenkinsProxy.plist into /etc/apache2/webapps/
  4. Run sudo webappctl start org.jenkins.proxy
  5. Point the Github Jenkins Service Hook ^fn to your external IP/Domain Name /github-webhook

And you’re done. Every push to your github repo will ping your local Jenkins server to check for updates.

iOS Sharing Services

Ole Begemann has a nice post on What iOS Should Learn from Android and Windows 8. Specifically the post is about how Android, Windows 8 and iOS implement the sharing of things. The short version is that both Android and Windows 8 include a generic way to share things between applications and iOS has a very specific few ways to share only certain things.

There has been a lot of “Back to the Mac” talk in the last year however I think iOS could take a page from the Mac in this scenario. OS X has had the ability to share different types of media between applications using what are called Services. You can probably find Services on your machine right now. Just select an image file in the Finder and then click Finder -> Services from the Menu. This is what mine looks like

Take for example that “Upload with CloudApp”. The on my machine has registered a Service with the OS that accepts an image file.There are even more Services installed for sharing a URL
Check out that Tweet Service. Thats provided by the official It’s like a Twitter Share Sheet right here in OS X Lion.

The Technical Details

Applications can register the Services they support by declaring them in the Info.plist. Lets go back to and see what that declaration looks like.

All this boils down to mean any selected text is sent to the tweetService method as a NSString from the Pasteboard. This is what the method signature of that Service probably looks like in thw AppDelegate

- (void)tweetService:(NSPasteboard *)pboard userData:(NSString *)userData error:(NSString **)error;

What if iOS had this?

Imagine if you could share a photo you took in Camera+ with Path without having to first save it to the Camera Roll and do a bunch of App Switching. The flow would go like this.

  1. Path registers a Service in it’s Info.plist telling iOS that it supports image files.
  2. Camera+ tells iOS it has an image to share.
  3. iOS presents a list op App Services that support image files.
  4. The user selectes a the Path App Service.
  5. Path is launched with the image data passed to it’s Service method that was registered in step #1.

If that sounds a bit like Déjà vu, it’s because it’s very similar to how iOS already supports Documents.


Does iOS already have this?

One of the things Apple touted about iOS 5 was that it had some new “System Wide Services” including Dictionary lookup provided by iBooks. This iOS 5 preview from Macworld references it.


I don’t see anything Service related in the iBooks Info.plist. That doesn’t mean that the frameworks to support this doesn’t already exist. Maybe it’s just not exposed to us yet.

Install a Certificate via the Command Line.

If you ever need to install a certificate into the OS X Keychain on a remote machine in such a way that Xcode can sign a build with it, then this command is for you.

security import /tmp/MyCertificates.p12 -k $HOME /Library/Keychains/login.keychain -P MyPassword -T /usr/bin/codesign

This allows you to not get that annoying “Always Allow” dialog the first time you try to use the cert to sign a build.

Package Your iOS Application With Xcrun

I have updated my example over the air distribution script to use “xcrun PackageApplication” instead of manually creating the Payload directory and zipping that.

This allows you to use the same flow to package and sign your application that Xcode does. It also allows you to choose the signing certificate and provisioning profile completely separate from what was defined in the Xcode project.

You can see how to use “xcrun PackageApplication” here

Thanks to for finding this. 

How to Use Keygrinder

Every so often I get an email like this “How do I use KeyGrinder?”. This is a fair question. KeyGrinder does not do a very good job of teaching people how to use it. I always figured that if people didn’t know about PwdHash they wouldn’t even bother to download it. However it turns out that there are people out there hungry for better password security and are seeking something to help them.

This post is for them.

KeyGrinder uses the Stanford PwdHash algorithm to mix together a URL domain and a master password to come up with a strong password that is unique to that domain.

For example the domain “” plus a master password of “prettybird” gives us a PwdHash of “n2A0x64KS1BC”.

The domain “” plus a master password of “prettybird” gives us a PwdHash of “lYuZHW5JZHM3”.

Thats the same master password used at a different domain giving us a completely different password. If you are the type of user that uses the same password for most of your online logins, KeyGrinder allows you to have a unique strong password for every website you use. Simply change your passwords on the sites you visit to the ones generated by KeyGrinder and you are good to go.

The KeyGrinder iOS and Mac apps allow you to enter in your domain and master password and then copy the resulting PwdHash into your clipboard, ready for you to paste into whatever web site or app you are logging into. If you are away from your devices or are using a computer that does not have KeyGrinder installed you can always use to get your password.

KeyGrinder iOS is available in the App Store.


KeyGrinder Mac is available in the Mac App Store.