assign new provision profile to ipa after the old one is expired - ios

I got an Ipa and the provision profile of the app that is expired,
I've created a new provision profile on apple,
is there a way to assign the new one to the current Ipa?
without configuring it in xcode

You should be able to swap out the embedded.mobileprovision file in the ipa, then re-sign the app. You have a couple of options to do this:
The easiest solution is to use the fastlane's resign tool.
You can write a shell script to manually extract the contents of the IPA, replace the provisioning profile, then call codesign to re-sign the binary. More details can be found here.

You can use this shell script (Thank you Daniel Torrecillas).
prepare a directory,
add your old ipa file, a new provisioning profile (.mobileprovision) and a downloaded shell script to the directory,
open a terminal in the directory,
add permissions to the script in the terminal using the command
chmod 755 resign-ios-app
call the script with 3 or 4 parameters: 1- the path of the old ipa file, 2- the path of the new provisioning profile, 3- the name of the distribution certificate in the Keychain, 4 is optional - the new bundle identifier.
./resign-ios-app 'olderIpaFileName.ipa' 'newProvisioningProfileFileName.mobileprovision' 'Apple Distribution: TeamName (teamID)'
As a result, you get the resigned.ipa file into the directory where the shell script is (it is your working directory from step 1).
Now you can use the resigned ipa file and delete your work directory from step 1.
Note: The script creates several subdirectories and plists. They are important only for the script itself. You can delete them.

Related

How to define a output name for flutter build ipa?

I could not find a parameter to define the output filename of the ipa file. Is there an easy way to set the ouput filename?
I use an azure pipeline to build my ipa file:
- script: flutter build ipa --export-options-plist=ios/exportOptions.plist --build-number=$(Build.BuildNumber)
displayName: Build iOS adHoc
I want to generate 2 ipa files. One for the AppStore with an AppStore profile and one with adHoc Profile. For that i want a second command but i cant find an easy way to declare a filename so i can have both files generated.
I was looking for this as well. There is a note about it here.
https://flutter.dev/docs/deployment/ios
Note: When you export your app at the end of Distribute App, Xcode
will create a directory containing an IPA of your app and an
ExportOptions.plist file. You can create new IPAs with the same
options without launching Xcode by running flutter build ipa
--export-options-plist=path/to/ExportOptions.plist. See xcodebuild -h for details about the keys in this property list.

Is entitlement.plist file required while re-signing a development IPA with distribution certificate and profile of same account?

In my organization, the distribution certificate and app store provisioning profile are located and installed on a Mac machine present inside a Lab environment to which only a lab manager has access to.
For me to upload an app's IPA to app store, I need to archive a development IPA (using dev cert and profile in Release configuration mode) on my local Mac and then send across this IPA to the lab manager.
The lab manager uses a python re-signing script to re-sign the IPA on the lab Mac.
Do I also need to explicitly send a entitlements.plist file along with the IPA. My app does not use any capabilities as of now, not even Push Notifications. All Capabilities in Xcode are Off and on developer portal also the app identifier has Game Center and In-House Purchase as checked by default under the Capabilities.
I am assuming since it is the same Apple account using which lab manager will be re-signing the IPA and the app store profile present on the lab Mac contains its own entitlements, I do not need to send an explicit entitlements.plist file. Also, I assume the app will not get rejected in review.
Are these assumptions correct? Thanks in advance.
You can not magically attach an entitlements file during export; it has to be there during archiving. But you do not find out whether you got it "right" (in Apple's eyes) until distribution time.
So a situation where archiving happens in one place and exporting happens in another is not going to be a happy one.
I would describe this entire situation as unacceptable. I have had many occasions, just working on my own machine, where I was able to archive but then unable to upload to the app store or TestFlight because of an entitlements issue. And often there was no "real" issue: I just needed to do a bunch of goat sacrifices and fooling around with the settings (e.g. turn entitlements on and off). The point is, you don't know there's an issue until you export — and then to find out whether you fixed it you have to build / archive again.
1) Entitlement plist can be given while resining an ipa like below but this is optional.
codesign --entitlements entitlements.xml -f -s "IDENTITY" Payload/<app_name>.app
Please refer How do I resign app with entitlements?
2) To resign an ipa, you can follow below procedure (without giving Entitlement).
Requisites:
Distribution profile
Distribution certificate
Assuming Distribution profile stored in Desktop ~/Desktop/AdHoc.mobileprovision
Procedure :
1) unzip ipa using following command,
unzip app.ipa
2) When you unzip it You will have as an output a directory called “Payload”.
3) remove _CodeSignature file from unzipped folder “Payload” as below
rm -rf Payload/MyApp.app/_CodeSignature/
4) Rename distribution profile which is stored in Desktop to embedded.mobileprovision
5) Copy distribution profile(embedded.mobileprovision from Desktop) to Payload/.app
cp ~/Desktop/AdHoc.mobileprovision Payload/MyApp.app/embedded.mobileprovision
6) Resign using below commands,
codesign -f -s “IDENTITY” --resource-rules Payload/MyApp.app/ResourceRules.plist Payload/MyApp.app
7) Zip payload to form an ipa as below
zip -qr <app_name>.ipa Payload/

-initWithDocumentTypes iCloud crashes only in production build

I am using iCloud capabilities to choose files from iCloud by using UIDocumentMenuViewController. It is working fine in development build but whenever I upload build with production provisioning profile on Testflight my app produce a crash in line [[UIDocumentMenuViewController alloc] initWithDocumentTypes:#[#"public.data"] inMode:UIDocumentPickerModeImport];
I make archive in one machine and then create production build by using command-line on different machine.
I also checked the provisioning profile for production, and found all the capabilities are included under entitlement section.
Can someone help ?
Problem: As I was creating archive with command-line without code-signing (provisioning profile) system was ignoring the entitlements ad not creating the entitlements file (entitlement file archived-expanded-entitlements.xcent was not being created inside archive package or APP_NAME.xcarchive).
Solution: I wanted archived-expanded-entitlements.xcent file, so I created archive with Xcode by including provisioning profile and the package had the archived-expanded-entitlements.xcent file inside it. I copy this file everytime when I create archive by command-line without code signing. I copy this archived-expanded-entitlements.xcent file inside the archive package.
PS: If we change app capabilities we need to create new archived-expanded-entitlements.xcent as entitlements would changed.
Thanks everyone for your suggestion and comments :-)

Failed to locate or generate matching singing assets:When i'm triyng to generate ad hoc ipa

Anyone can help me.Actually i'm 6 month kid for ios app development,this is my first app to submit in appstore.When i'm trying to generate the ad_hoc distribution IPA,it shows error(as like the below screenshot).But for appstore IPA generated successfully,i'm so confused.....what a magic this!
I have tried the follwing things To solve this problem:
1.Deleted all my mac keychain certificates.
2.Delete all xcode caches and and provisioning profiles and also deleted the developer account from xcode.
and restarted my mac...
then,
1.Reinstalled the certifcates in keychain from exported .P12 from another mac
2.login in xcode preferences accounts tab.... and refresh it. it downlods all provisioning profiles from my developer account.
Status: Not working,still the same issue....all of another projects of my mac and appstore ipa too.
Even i have generated new developer certificate and updated all my project provisioning profiles.still have the same issue...,then try with it new bundle id and new provisioning profiles..i can't got it!
Bcoz of this problem i can't generete ipa for allof another app from my mac..for this issue i wasted entirely 2 working days.totally disturbed.....
Once i solve this then only i can sleep well.pls help me ,thanks in advance to you....
I was having same trouble few weeks back. Though I haven't yet figured out the exact issue behind it but I found that exporting an .ipa file via commandline works.
Archive your project using your desired build settings.
Locate the .xarchive file in finder (DON'T follow the usual procedure from this point).
Copy it and paste it to your project directory (Where your .xcodeproj file is). (Though I usually rename it to remove all the spaces from the name as well)
cd to your project directory in terminal
Run following Command:
xcodebuild -exportArchive -archivePath YourArchiveName.xcarchive -exportPath YourIpaName.ipa -exportFormat ipa -exportProvisioningProfile YOUR_PROVISION_PROFILE_NAME
Your .ipa file will be generated in your project directory. Use it as you will.
For example if My archive name was mySillyApp and I wanted to create an ad hoc ipa from it named mySillyApp with provisioning profile named MySillyProfile, I'd run it like this
xcodebuild -exportArchive -archivePath mySillyApp.xcarchive -exportPath mySillyApp.ipa -exportFormat ipa -exportProvisioningProfile MySillyProfile
NOTE: Even though this doesn't fix the issue of xcode but it gets the ipa. Just thought it would help someone looking for a quick way to get the ad hoc build, who doesn't have the time to figure out what's wrong with Xcode.
If you are doing this for distribution environment, and previously if you
have already created the distribution certificate from different mac then
Either export that same certificate from that mac and import it here or
Revoke the same certificate from your mac, that will be then added to your key chain (https://help.como.com/hc/en-us/articles/201708891-Revoke-Your-iOS-Distribution-Certificate-P12-File-)
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html
After doing this just restart your XCode and give try
Hope this will help you!

iOS Enterprise: Re-certify existing IPA with new certificate

We are enrolled in the iOS Enterprise Program. The provisioning profile used for our released apps is about to expire, so I got a new certificate and provisioning profile.
I need to re-distribute some of our apps with the new provisioning profile, without building them anew. How?
(I vaguely remember seeing a utility program that did exactly this: You choose an IPA and a provisioning profile, and it would create a new IPA using the new profile and certificate. What was the tool’s name, and where can I get it?)
In theory whoever built the last IPA in XCode should have used Archive - this creates a build you can sign to create an IPA (using XCode).
You could also try using the command line signing tool XCRun to re-sign the App bundled in your existing IPA:
http://skabber.com/package-your-ios-application-with-xcrun
OK, turns out when you know what term to google, there‘s lots of excellent resources…
They all point to xcrun. I made it work with this shell snippet, adapted from this promising build script:
APP_FILENAME=MyApp.app
BUILD_DIRECTORY=/Path/To/Target/Dir
IPA_FILENAME=MyApp.ipa
DISTRIBUTION_CERTIFICATE='iPhone Distribution'
PROVISIONING_PROFILE_PATH='/Path/To/Profile.mobileprovision'
/usr/bin/xcrun -sdk iphoneos PackageApplication -v "$APP_FILENAME" -o "$BUILD_DIRECTORY/$IPA_FILENAME" --sign "$DISTRIBUTION_CERTIFICATE" --embed "$PROVISIONING_PROFILE_PATH"
The codesign command-line utility, included with the iOS SDK tools, will allow adding/changing the certificate and provision with which a developer built app is signed.
As hotpaw2's anwaswer states. You can also resign using the codesign tool.
The way I do it (this may not be the most efficient, but it works)
Rename the .ipa to a .zip and extract
Run The following:
/usr/bin/codesign -f -s "iPhone Distribution: Company Name" "Payload/MyApp.app"
Re-zip the Payload folder and rename to .ipa
Note: You can also use this method to edit the embedded.mobileprovisioning file! Just remember to remove the .DS_Store (rm Payload/.DS_Store) if you are using finder.
You can do manual way if you just resigning app from same account with following steps.
All this is using shell script and super easy provided you know how to use shell commands.
Rename IPA to zip
unzip this file to temp folder
Remove the old _CodeSignature folder from all targets (if you have multiple targets like main,watch, watch extn, siri, widget, message, etc)
bring all the targets prov-profiles in one folder and replace all the embedded.provisioningprofile files for each target with the new ones
remove the archived....xccent file as this is old one (optional)
code sign with the entitlements.plist created for all the entitlements if any used by the app.
Zip the folder back after code sign all okay with no errors
Rename the zip to IPA
Note: To validate the IPA before upload to apple you can just use the altool from inbuild XCode App Loader to check the new IPA.
Reference: The steps for commands is also explained here:
http://www.enterpriseios.com/forum/topic/Resigning_3rd_party_apps
If you want to get rid of manual sign use the fastlane tool as its quite simple and easy to configure.https://fastlane.tools/

Resources