I have received an iPhone application developed for the company I work for by an outsourcing company. I do not have access to the source, only a compiled binary. I want to be able to sign it using our certificate, provisioning info, etc so I can submit it to the app store. How do I go about doing this? I'm aware of the existence of the codesign but can't really grok how to use it properly for iPhone from the man page.
After you have a distribution certificate created and installed, you can codesign from the Terminal like so:
cd <path to folder containing YourApp.app>
/usr/bin/codesign -f -s "iPhone Distribution: Your Company Name" --resource-rules=<full_path_to>/YourApp.app/ResourceRules.plist <full_path_to>/YourApp.app
This is what Xcode does when it signs an app.
You've paid for an application to be developed, but you didn't get the source code in the deal?
I'd conservatively assume that the application is malware and abandon it. I'd certainly not sign it with my credentials without at least auditing the binary.
How do you expect to handle bug fixes/updates?
Create a distribution certificate from your developer program and install it in your system. Now make an app store provision profile and use that to code sign the project.
You can make the app store binary same as how you make the adhoc binary. You don't need the entitlements.plist though.
Related
I'm working with a client and they use the MDM system (Workspace ONE) they want to test my app (mostly AppConfig) before I upload the IPA to the app store where ultimately they can grab from there into the MDM system and distribute it to their users. For some reason, they don't want to have an ad-hoc build/Enterprise distribution (I suggested the re-sign option, but they declined). Anyway, they ask me for an IPA file that I use for AppStore and I provided them but they say the system returned an error saying " This app cannot be installed because its integrity could not be verified"
I wonder what could be the right approach to release the IPA file for the MDM system for testing? I don't think there is another approach for app distribution other than re-signing in-house distribution build.
Any help is greatly appreciated.
Cam
I'm trying to resign an ipa which is already signed with the developer certificate.
Now I'm resigning with the enterprise distribution certificate.
I've got proper provisioning profile, ios_distribution certificate to sign the app.
I'm following this answer Re-sign IPA (iPhone) for the resigning steps.
With this I'm successfully able to resign the ipa but when I try to install this via itools, I'm getting this error: verification failed as the authority is invalid.
Another thing is I'm resigning with the enterprise distribution certificate but still when i try to install the resigned ipa directly (keeping resigned ipa on dropbox) getting this error "safari can't download this file" which I believe should come when the app is not signed with the enterprise distribution certificate and someone try to download that file directly on iphone (not via appstore or itunes).This certificate says I can distribute this app outside the appstore, so I'm confused what I'm really missing.
I don't know about itools and the error message doesn't sound right, but it could be that
xcrun PackageApplication is copying your dev app's entitlements across to the distribution app and they don't match what's in your distribution profile. e.g get-task-allow may still be true.
If you use a distribution signing identity PackageApplication actually tries to fix this, but it just failed for me now and I get an unusable IPA. Ah, looks like it detects the "distribution-ness" of your signing identity with regular expressions. I was using the abbreviated form "My Company (ID)" form instead of "iPhone Distribution: Company Name (ID)".
If I use the longer form, the resulting binary installs fine. The more you know.
You can't install IPA files directly from Safari, you need to set up an itms anchor tag and a plist, and a bunch of absolute URLs as described here.
I have iOS Developer Program membership for which i paid $99. I have installed that certificate in one system, and I'm able to run my application on my real device.
Is it possible to install this certificate on my another system, such that I can run my application on another real device? When I try to install the same certificate on another system, I'm not able to get it working.
Read Submitting iPhone Apps To The Apple App Store – A Step by Step Guide—in particular, the last paragraph, "Managing Your Digital Identities":
Also read: iOS Development Workflow Guide: Managing Devices and Digital Identities
You can definitely install the certificate on other systems. Please tell us the error message(s) you are getting.
Please make sure that you are exporting your certificates correctly and importing them on other system with the correct password.
Hope this helps,
Thanks,
Madhup
You have two ways to install the App in to device.
One is: you can add the new device UDID to the provisioning profile and you can run through your system
If you want to run from other system then follow the 2nd one
2nd is: You have to create a .p12 certificate from you systems keychain.
Goto -> Application -> Utilities -> KeyChains.
right click on your certificate and click export, enter some password(for security reasons). Then it will create a .p12 certificate.
You have to install this certificate in the other system by giving the specific password that you have give while creating. Then those will be installed in the other system.
Thats it. Then follow the first step, and enjoy by installing app into other device.
Regards,
Satya
I have developed a number of apps using MonoTouch, and been using the emulator for the iPhone, now I need to deploy me application to my iPhone for further testing.
I have purchased the iPhone SDK from Apple, but I can't find how to deploy and activate the MonoTouch application to my iPhone.
Any pointers please?
As has been already stated you obviously need the paid version of MonoTouch and the iPhone SDK. Once you have those sorted you need to create a developer certificate in the iPhone developer portal, download it to your dev machine and add it into your keychain.
Once you have done that you must create a provisioning profile for your physical device, which again you do through the developer portal. Once you have the provisioning profile, download that to your machine, and add it to the iPhone via the Organiser app in XCode.
Then fire up MonoDevelop, and if it's all gone to plan then you should have the option of deploying the build to your iPhone. You can check that MonoDevelop has correctly detected your certs by opening up the Project Options window and under the Build section and under iPhone Bundle Signing, you should see your developer cert and provisioning profile.
Full details of the steps required on the Apple iPhone Dev Site
Here are the MonoTouch docs on building for distribution
http://monotouch.net/Documentation/Building_for_Distribution
It is my understanding that you have to have the Monotouch deployment license from Novell to deploy to a device.
According to your statement:
When I compile I get: "No Valid iPhone code signing keys found in
keychain.
This is actually a Xcode question more then a Monotouch one;
The message indicates that your keychain does not provide the signing keys used to generate the certificates and provisioning profiles.
If you follow apple's steps on generating certificate(request), followed by profiles they will also state you might want to export your private key (p13 file) and keep it somewhere safe.
If you move to another laptop for instance, you will need to import that key again to make the machine a valid one.
If something went wrong (ie: you accidentally removed your private key, ..) this message will be shown since there is no way for Xcode to verify that the profiles are being used on a valid machine.
Go to this instruction page (apple account credentials needed) to check if the steps have been followed and check in the Keychain access app on your mac if under My Certificates you see a developer certificate and - if you unfold it - you can see the private key as a child node.
I'd like to send a binary to a client without the source code.
How can here sign the app for distribution on it's own name without
recompiling everything (since he does not have the source code)
I'm not talking about adhoc distribution.
I've tried to codesign -f with another distribution profile but itunes
connect refuses it.
The client needs to send you his distribution certificate and personnal certificate with his public key, matching his iPhone developer identity, so you can compile the app with his informations.