Export .ipa in XCode 7.2 with external .p12 and .mobileprivision - ios

Basically, I want to do exactly what is already stated in this question – just in XCode 7.2.
The setup: I am developing an iOS app (using Ionic) for a client and they want to publish it to app store in their name under their account. They however don't want to give me their account login and details. I have received a distribution certificate and a provisioning profile in stead.
I have installed the .p12 distribution certificate and have received a .mobileprovision profile for App Store Distribution using this certificate. I am however completely unable to select this provisioning profile anywhere.
My only choice in the export of the archive happens when XCode asks me which developer account I want to archive with. And here I can only choose my own account (of course). That's obviously not what I want though.
"Once" (in XCode 5, according the linked question) I should have been able to select the external provisioning profile under "Code Signing", but this doesn't seem to exist anymore.
Can this be done without getting their account details? I know that I don't need to know their password, they can just export it to me. Right?

I don't think you can do exactly what you are saying without code signing it with their account (which you don't have access to). I see two possible solutions for you to achieve your goal:
Send them the Xcode project and explain to them how to sign in to Xcode, archive the app and send it up to the store
Upload the app to your personal store account and then transfer it to their account. See this link for details on how to do that: https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/TransferringAndDeletingApps.html

Related

Xcode Signing - Failed to create provisioning

Here's the story:
I created a free developer account to build an app for a client.
I used this info for the Identity and Signing:
It came time to upload the app to TestFlight and to use the client's developer account.
I created the account in xcode using their apple id and updated the signing like so:
But now I got this error.
It was clear, so I updated the Bundle Identifier to this:
But again, now I am getting a different error, and I don't know what to do.
I do not have an iOS device to register, nor do I care to get one, since I'm not doing the testing - they are.
I did create an app in the App Store Connect, and it is set up like so:
As you can see I created it to match the Bundle ID from before and still no luck.
Any help is greatly appreciated. I just want to be able to get my Xcode project onto TestFlight using someone else's developer account (with their consent of course).
It needs to have at least one iOS device registered in order to create the development profile. Ask your client for the UDID of one of their devices and add that manually to the developer portal. If they don't have one handy, feel free to use: f978c5f2e861f71b340125a4fa8d130a6254a0b3 which will work.
Alternatively, switch to manual signing and do everything manually. That's my preferred method, but some say Xcode is finally good at managing profiles etc for you.
The only way to do this without a device is to turn off "Automatically manage signing" and manage everything at the Member Center.
You will need the distribution identity / certificate first. If the team already has one, you will need them to export it to you; otherwise you cannot upload.
Then register the app.
Then make a development certificate, and a distribution certificate for the app store, and download and install them.
Now you can archive and then export to the app store.

How to submit app made by third party to iTunes Connect without giving away the distribution certificate?

I'm developing apps for other companies. My customers want their app in App Store to show as published by their own company, not mine. Also, they don't want to give me their private key for signing apps for App Store distribution. I don't want the key myself, because I don't want any legal responsibility related to the key being lost or stolen.
They can add me as a developer on their company's team inside the Apple Developer portal, and this gives me access to publish new builds for testing. In this situation, I must sign my app with their distribution certificate, or my builds would be rejected when uploading them. Is that correct?
A possibility is that I send them the app as an IPA-file, using their app's bundle id, and sign it with my own certificate. They would then resign the app with their distribution certificate and submit it to iTunes Connect using Application Loader or similar. What is the easiest way for them to do the re-signing? Will they have to use Xcode to upload the IPA, or manually run codesign on the command line?
I'm looking to make this as easy as possible. The people receiving the builds (IPA-files) are not developers.
Try this one, you can sign IPA package by your certificate and send it to them, then ask them to re-sign it using their own certificate.
How to Re-Sign an iOS App from an External Developer
In this scenario, the customer will have to resign the IPA file they recieve from the developer and upload it to iTunes Connect themselves using Apple AppLoader or Xcode. To resign it, they will need the codesign binary provided by the Xcode command line tools (full Xcode not required, but will also work). Optionally, they can use Xcode to upload and re-sign an xcarchive.
There are some apps that give a UI to codesign, like iResign and AirSyncApp, that are more user-friendly than the command line.
Thanks to #alanc-liu for contributing information.

How to build an iOS binary without setting an Apple Developer account and team?

I'm using Xcode 6.3.2, and I'd like to let another people to build and create the .ipa files of my projects, but I don't want neither to expose my Apple Developer account information, nor create users for them in my team... is that possible? Either by using Xcode, either by commands line.
Thanks in advance
EDIT: The goal is to prevent those external people from being able to submit apps to the App Store by means of my Apple Developer account and from being able to see the other apps managed in the account.
EDIT2: Does providing the distribution certificate to external people make possible to them to submit binaries to the App Store?
After reading your edits, I think I understand more clearly what you are trying to do. Basically, you will simply need to provide the other members of your team with the following:
The private key used to generate your app store distribution
certificate.
The distribution certificate
The app store distribution
provisioning profile
This will allow those team members to work on, and build the app for the app store. Without your Apple developer ID password, they will not be able to log into iTunes Connect to see the other apps you have. While they will be able to build the app for app store distribution, you (as the only one with the apple ID password) will have to be the one to submit the compiled app to the store.
So basically, your development team will create the apps. When you're ready for release, they can do an "Archive" in Xcode to create the .app that has been signed for the app store (using the provisioning profile and signing identity that you provided them in the three files I mention above. They will zip up the .app and the .dSym files into a .zip and send it to you. You will then log into iTunes Connect and set upt the app to be ready for the new binary, and then use the Application loader to upload the .zip to apple for review. Once you have gotten a successful review, you will again log into iTunes Connect to release the app. So at no point will the developers have access to submit apps or see other apps you have in the store.
Also, the development team will not need the provisioning profile, cert, and key until they need to build for the app store. During the development phase, there is no problem with them using their own developer accounts to build and test the app.
One additional thing to note is that Apple is changing the roles that are available in iTunes connect. You may want to review those new roles to see if some combination of those roles my work for your team setup.
From http://9to5mac.com/2015/06/12/wwdc-itunes-connect-testflight-limits-account-switching/
After several apps are added to an account by its admin, developers
can now assign user roles to individuals on their team— app manager,
developer, or marketer— with each allowing varying access to iTunes
Connect features. App managers, for example, will be able to create
users, assign user roles, change pricing, and submit apps for review.
Marketers will get access to updating store metadata, uploading promo
material, and requesting promo codes. Users assigned the developer
role will be able to upload binaries, and view crash logs and store
metadata.
Apple recently introduced Free-provisional-profile and/or free-developer-certificate support.
But it's limited (see below note).
To utilise that follow below steps suggested by Apple,
In Xcode, add your Apple ID to Accounts preferences, described in Adding Your Apple ID Account in Xcode.
In the project navigator, select the project and your target to
display the project editor.
Click General and choose your name fromthe Team pop-up menu.
Connect the device to your Mac and choose your device from the Scheme toolbar menu.
Below the Team pop-up menu, click Fix Issue.
Xcode creates a free provisioning profile for you and the warning text under the Team pop-up menu disappears.
Click the Run button.
Note that said support is limited, for example, the capability to sell things with "Apple Pay" would not even build with a free-certificate.
Yes, there are several ways to solve your problem.
You can create .ipa file with you provisioning profile and give them the file, they can you use application called "Application Loader", they can use this application to upload the .ipa, this should resign your application with their provisioning profile. I did not try this but it should work.
When you create an archive of you application, it will be listed in "Organizer", go to that location, and give them that .app file alone. Then they can use any third party application(can be downloaded from Mac Appstore) to resign the application with their profile. In this case, you are completely hiding your information. They can even change the application icon, default image.. etc during the resigning process.
When you build your application in release mode an .app file is created, this is unsigned binary. You can search for .app file in your Xcode project itself. Just find the location, and give them that .app file alone. Then they can use any third party application(can be downloaded from Mac Appstore) to resign the application with their profile. In this case, you are completely hiding your information. They can even change the application icon, default image.. etc during the resigning process.
Hope this helps.
No, There is no way to compile a .ipa without a provisioning profile (device compile, not simulator compile). To do this, you would go XCode->{AppTarget}->Build Settings->Code Signing->Code Signing Identity, and set 'Don't code sign".
Trying to compile afterwards will fail with
CodeSign error: Code signing is required for product type
'Application' in SDK...
EDIT: The goal is to prevent those external people from being able to
submit apps to the App Store by means of my Apple Developer account
and from being able to see the other apps managed in the account.
You have two options:
Send them your Source code + XCode Project, and not the library.
Compile the code using "iOS Developer" Code Signing identity, and not "iOS Distribution" identity.
Anything signed with iOS Developer can never be sent to the AppStore.
Anything signed with iOS Distribution can never be run on a device
unless it is downloaded from the AppStore.
They can never see what you have for sale, nor publish anything unless they have your AppleID username and password

Uploading app to client account in app store

This is my first time trying to upload app to app store, so I am completely lost. I have searched all over the web about the issue I am having, but could not find how to fix the issue.
Here is the problem:
I have developed an updated version for the existing iPhone app for client. Original version of app is already in app store for long time. Client wants me to upload new version of the app to their account in app store as "prerelease" for testing. They gave me their store account (admin role) username and password to log in. I added the account in Xcode and configured build settings to their team. But, after building the archive, when I click the "Validate" button and select their team, I am getting an error popup with the message "Your account already has a valid iOS Distribution certificate". I can't post images here, so here is snapshot image of the popup):
http://imgur.com/yLL5K1k
Apple troubleshooting documentation (documentation link here) shows that they should export developer profile and give me to import on my Mac. However, client say they don't have Mac and no Xcode, so they can't do it themselves. Apple documentation is mentioning another option - “Revoke and Request”, but I can't see that option. Also, if "revoke" is performed, will that affect client's application (more than 20 apps in app store)?
I have downloaded all of their certificates and profiles from Member center, imported to keychain, added account to Xcode, configured Xcode, but nothing helped.
Does anyone know what can I do, or ask to client, so that I can upload app to their app store account?
Thank you!
You must have downloaded the Distribution certificate from the account. That alone is not sufficient. You must get the private key from the client or developer who has created the certificate first or uploaded the application.
Log in to developer.apple.com portal, using the required credentials.
Click on "Manage your certificates, App IDs, devices, and provisioning profiles." under Certificates, Identifiers & Profiles
Then click on "Certificates"
On the new page Click on "+" button at right upper corner.
Now on this page select "App Store and Ad Hoc" under Production.
Then follow the instructions related to CSR file given on new page.
Note: Create new certificates with unique names so that you won't download old certificates to your mac, mistakenly.
For more info Distributing iOS Apps With iTunes Connect

how to get .mobileprovision to build phonegap iphone app at windows?

I'm using windows 8 to building applications with phonegap,
every thing is good except building apple application at:
https://build.phonegap.com
this appears:
phonegap build "no key selected"
how to get the key or .mobileprovision file?
You have to create them on https://developer.apple.com/, as AJD mentioned.
Go to your Apple developer portal
Click Devices to register your iOS device. You need to connect your device to iTunes to obtain your UUID
Click Certificate
Create a certificate for Production (to use PhoneGap Build, otherwise Development)
Download the certificate
Convert the certificate to a p12 file (See the screenshots below) - Double-click the .cer file to open it in Key Chain Access. Then click My Certificates under the category, Ctrl-click the certificate and export. When you save the .p12 file, you are asked to create a password that you will need later.
Create a provision file on Apple developer portal, then download. Again, to make this work on PhoneGap Build, you need one for Distribution, otherwise Development.
Actually, I blogged about it because using PhoneGap Build is not as easy as it should to develop iOS apps.
http://www.pubnub.com/blog/converting-your-javascript-app-to-an-ios-app-w-phonegap/
I know this question is made a year ago, but I hope this helps to everybody who has the same question.
You create and download the provisioning profile and an associated certificate on the Apple developer site.
Go
https://developer.apple.com/
Go member center > manage certificates and profiles...
A valid provisioning profile is connected to a valid distribution certificate. You will need both active.
Building for iOS
We're now able to offer support for building to iOS devices through Adobe® PhoneGap™ Build. The process for completing iOS builds is slightly different than that for other platforms: all iOS builds need to be signed by a developer certificate and a provisioning profile, that is tied to your Apple developer account and the device you wish to test on. This document covers how to set this up.
Note: Since PhoneGap Build uses Apple's standard development process to build applications, you will need to sign up for their developer program to build iOS applications on PhoneGap Build. You will also need a Mac to configure your certificate and provisioning profile.
When you upload a new application to PhoneGap Build, if you don't have a default certificate-profile pair attached to your account, you will be alerted that the iOS build can not be completed:
iOS Key Required
Your key will actually consist of two files: a certificate and a provisioning profile. Apple has extensive documentation for setting up your environment locally: the best approach is to ensure you can build an iOS application to your iOS device locally, to be sure that both your certificate and your provisioning profile are set up correctly for code signing.
Once you have these set up, you can export them for upload to PhoneGap Build. For the provisioning profile, you will need a file with the mobileprovision extension, which looks like this:
Provisioning Profile in Finder
Ensure that this provisioning profile is correctly paired with the device(s) you wish to test on.
Note that when you create your profile, you will specify the App IDs that are linked to the profile. This is important when using PhoneGap Build: the package name you specify for your app, in your config.xml (the id attribute of the widget element) or through the Edit App page, will have to match the ID for the provisioning profile. If they fail to match, your app will not be built correctly.
Apple appends a "Bundle Seed ID," or "App ID Prefix," to the provisioning profile when you generate it through the iOS Developer Center. Note that you do not to include this App ID Prefix in your config.xml for PhoneGap Build to build successfully. You just need the reverse-domain style Bundle Identifier - com.domainname.appname. This will also be best compatible with building for other platforms.
To prepare your certificate, you will need to open the Keychain Access utility on your Mac, and identify the certificate that you use for iOS development. Right click on that certificate and select Export ...
Export from Keychain Access
Save the certificate in a location you can remember, and enter a password. Remember the password: you will need to give it to PhoneGap Build, otherwise we cannot use your certificate.
Enter Certificate Password
Now back to the website. On the app detail page, simply select the "new key..." option from the signing key dropdown for the app in question, and then, from the list of platforms with signing available, hit add a key for iOS. Fill out the form: add your p12 certificate file and your mobileprovision file, and enter the password associated with your certificate.
Add Certificate to PhoneGap Build
Once your key is added, we'll attempt to rebuild the application for iOS. If all goes well, you should see a link for the built ipa file available.
You can then download the ipa file and use iTunes to install it directly on your provisioned iOS device.
Happy building!

Resources