Created
November 14, 2011 22:38
-
-
Save 0xc010d/1365444 to your computer and use it in GitHub Desktop.
Codesign an iOS app, with a different distribution certificate and mobileprovisioning file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Copy the delivered ipa into a directory to work in. | |
- export PlistBuddy="/usr/libexec/PlistBuddy" to get the PlistBuddy tool to your shell. If it is not added, all references to PlistBuddy | |
will need to be written as the full path. | |
- Take the delivered App.ipa and unzip it using the unzip command. This should produce a Payload directory containing the app and its | |
resources. | |
- Enter the command "codesign -d --entitlements :enterprise.plist Payload/PathToApp.app/" This pulls the entitlements out of the app, and | |
prints them to a plist, without a leading "blob" of data. Pay particular attention to the colon before the enterprise.plist file name. | |
The command "codesign -d --entitlements - Payload/PathToApp.app" prints the info to <STDOUT>. | |
- The enterprise.plist created in the above step should look similar to this: | |
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>application-identifier</key> | |
<string>7RBL83DJ7M.com.crowdcompass.YourApp</string> | |
<key>aps-environment</key> | |
<string>production</string> | |
<key>get-task-allow</key> | |
<false/> | |
<key>keychain-access-groups</key> | |
<array> | |
<string>7RBL83DJ7M.com.crowdcompass.YourApp</string> | |
</array> | |
</dict> | |
</plist> | |
This plist can be edited with the text editor of choice. | |
The references to 7RBL83DJ7M.com.crowdcompass.YourApp need to be replaced | |
with the APP_ID.bundle_id that matches the App ID created for the app on iTunes, | |
that is bound to the Enterprise Distribution Cert. | |
It's available at developer.apple.com on the detail screen of the app. | |
It should follow the same pattern as above, with a NUMBER/LETTERS mix and a url. | |
Save the changes to this file. | |
- PlistBuddy needs to be used for the Info.plist file in the app directory itself, as it's a binary file. | |
Use the following command: | |
"PlistBuddy Payload/emBrandEvent11.app/Info.plist" At the command prompt, enter print, return, which should look something like this: | |
Command: print | |
Dict { | |
CFBundleName = AppName | |
DTXcode = 0420 | |
DTSDKName = iphoneos5.0 | |
DTSDKBuild = 9A334 | |
CFBundleDevelopmentRegion = English | |
CFBundleVersion = 2.2 | |
BuildMachineOSBuild = 11C74 | |
DTPlatformName = iphoneos | |
CFBundlePackageType = APPL | |
UIStatusBarHidden = true | |
CFBundleSupportedPlatforms = Array { | |
iPhoneOS | |
} | |
CFBundleShortVersionString = 2.2 | |
CFBundleInfoDictionaryVersion = 6.0 | |
CFBundleExecutable = AppName | |
DTCompiler = com.apple.compilers.llvm.clang.1_0 | |
CFBundleURLTypes = Array { | |
Dict { | |
CFBundleURLName = nx url | |
CFBundleURLSchemes = Array { | |
nx | |
} | |
} | |
} | |
CFBundleIdentifier = com.crowdcompass.YourApp | |
CFBundleResourceSpecification = ResourceRules.plist | |
DTPlatformVersion = 5.0 | |
CFBundleIconFiles = Array { | |
Icon.png | |
[email protected] | |
} | |
LSRequiresIPhoneOS = true | |
UIPrerenderedIcon = true | |
CFBundleDisplayName = YourApp Demo | |
CFBundleSignature = ???? | |
DTXcodeBuild = 4D199 | |
MinimumOSVersion = 4.0 | |
DTPlatformBuild = 9A334 | |
UIDeviceFamily = Array { | |
1 | |
} | |
} | |
Enter the command: set CFBundleIdentifier new.url.with.no.app.number, EXAMPLE -> com.crowdcompass.appname | |
Enter print, check for typos | |
Enter save, to save the result | |
Enter quit | |
- Modifying the plist invalidated the previous code signature. | |
The next step resigns the app, while preserving the metadata created when the | |
app was initially built. The name of the certificate, (after the -s flag), | |
must match exactly what is in the Keychain. | |
The --entitlements enterprise.plist refers to the file produced in the previous step. | |
codesign -f -s "iPhone Distribution: CrowdCompass, Inc." Payload/AppName.app/ --entitlements enterprise.plist --preserve-metadata=resource-rules,requirements | |
- The next step repackages the app back into an ipa with an embedded profile for push notifications. | |
xcrun -sdk iphoneos5.0 PackageApplication -v ./Payload/AppName.app -o /Users/mhooge/Desktop/YourAppAdHocResign.ipa --embed AppName.mobileprovision | |
- Further info on the commands listed here are available on their respective man pages. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you for this gist ! Anyway, how do you verify that the package is well code signed ? Before Yosemite DP5 I was using coding --verify but now it fail with : Yourapp.app: resource envelope is obsolete.
Is is a bug from Apple ? It tried using "Validate" utility but I don't know if it reliable.
What do you think about it ?
Romain
With AirSign, modify, resign and send your iOS Apps to your testers in a minute