I am facing an issue in Re signing of IPA file. My requirement is to rename the app and resign it with new provisioning profile and certificate. So i have changed the "CFBundleIdentifier" to the new app name. Then I followed the below steps to re sign the IPA file.
extract the IPA file:unzip Myapp.ipa
remove existing code signature:
rm -r "Payload/MyApp Mobile.app/_CodeSignature" "Payload/MyApp Mobile.app/CodeResources" 2> /dev/null | true
replace the existing Provisioning Profile:
cp "MyEnterprise.mobileprovision" "Payload/MyApp Mobile.app/embedded.mobileprovision"
re-sign the executable:
/usr/bin/codesign -f -s "iPhone Distribution: Certificate Name" --resource-rules "Payload/MyApp Mobile.app/ResourceRules.plist" "Payload/MyApp Mobile.app"
re-package the IPA file for distribution:
zip -qr "MyApp.resigned.ipa" Payload
I am just re signing this IPA with the new Provisioning profile and the certificate which i have received from my vendor. I have followed the steps and resigned the app. While installing in Mobile Iron it is giving error as "ipa file does not contain provisioning profile". But i can see that my new provisioning profile is inside the IPA file.
Please anyone tell what could be the issue. I am new to this Apple app.
I think your device UDID is not added in your provisioning profile.Most probably this error comes at this point.The following link can help you-
A valid provisioning profile for this executable was not found for debug mode
Related
I built a flutter app and am struggling to upload ipa file for testflight now. I built ipa file with following steps:
$ flutter build ios -t lib/main_stg.dart
Get Runner.app from step 1
Create ProjectName folder and put the app file in it
Zip ProjectName folder and rename it ProjectName.ipa
$ xcrun altool --upload-app -f ProjectName.ipa -t ios -u username -p pass
Then got the error after step 5.
*** Error: Error uploading 'ProjectName.ipa'.
*** Error: ERROR ITMS-90174: "Missing Provisioning Profile - Apps must contain a provisioning profile in a file named embedded.mobileprovision." (-18000)
I saw below page and changed "New build system" to "Legacy Build System" at Build System, but am still getting the same error:
Missing Provisioning Profile :Apps must contain a provisioning profile in a file named embedded.mobileprovision
I checked the contents of Runner.app generated at step 2 and found "embedded.mobileprovision" there. However not sure where to check for provisioning profile and how to add it if its missing.
I'm using MacOS Big sur, xcode 12.5.1, flutter 2.3.0-17.0.
You can check the Provisioning profile in Xcode like image below
I'm using Fastlane which will handle sharing provisioning profiles to your team but anyways You can go check in Xcode to see if you download and install provisioning profile correctly. If it's correct it shouldn't show any warning or errors
After reading Einzeln's answer, I checked xcode settings.
Firstly, I unticked "Automatically manage signing" and noticed similar error message "Provisioning profile xxx doesn't include signing certiicate" at "Signing Certificate" part.
I added "Apple Distribution" in Xcode->Preferences->Manage Certificates. Then added profile with "Apple Distribution" in Apple Developer Portal. At this stage (or rebooted mac was necessary?) error message was gone on xcode.
I still got the same error with xcrun command somehow. However, building from xcode GUI worked this time(It didn't work before so I decided to use command. probably because Provisioning Profile wasn't set). Then build the app->distribute done successfully.
My organization has developer account (not enterprise) and have added me as a "team member" to the organizations team account and shared the developer certificate and development provisioning profile(includes 1 device). Using those, I could develop an app, archive and created an IPA from XCode (selected method of distribution as "Development") and exported to a folder on disk. When exported I have the following files created on my disk
DistributionSummary.plist
ExportOptiona.plist
manifest.pList
Packaging.log
app.ipa
The admin of my organization wants to resign this ipa to distribute to app store and followed all the steps mentioned below, with distribution certificate and dist. provisioning profile (app store). The resigned ipa is then distributed(OTA) to users and it will not install on their phones.
I followed the below steps to re-sign our ipa
unzip the app
unzip -q *.ipa
Remove the old signature
rm -rf Payload/*.app/_CodeSignature/
Replace embedded provisioning profile
cp "XXXXXXXXXX_distribution.mobileprovision" Payload/*.app/embedded.mobileprovision
Extract entitlements from app
codesign -d --entitlements :entitlements.plist Payload/*.app/
Re-sign embedded frameworks
codesign -f -s "iPhone Distribution: Certificate Name. (ABC44343XZ)" --entitlements entitlements.plist Payload/.app/Frameworks/
Re-sign the app (with entitlements)
codesign -f -s "iPhone Distribution: Certificate Name. (ABC44343XZ)" --entitlements entitlements.plist Payload/*.app/
Zip re-signed app
zip -qr resigned.ipa Payload
Cleanup
rm entitlements.plist
rm -r Payload/
Can I re-sign an app from a developer to distribute to app store? Can somebody tell me where I am going wrong? Any help is greatly appreciated.
Note: I'm answering what you're saying in the comments
[Update] I received an email from apple with the following issue to be fixed "Invalid Swift Support - The SwiftSupport folder is missing. Rebuild your app using the current public (GM) version of Xcode and resubmit it." Can anyone help me here?
I can't do it directly on comments as I don't have enough reputation.
When you unzip the .ipa the first time, you should see at least four folders: one is the Payload (where you do all the signing operations, and changes regarding configuration), Symbols, BCSymbolMaps and a SwiftSupport folder. When you do the zip you have to add also the SwiftSupport folder to the .ipa:
zip -qr yourNewApp.ipa Payload/ SwiftSupport/
After doing this, you upload through Application Loader or you can validate your .ipa running this:
/Applications/Xcode.app/Contents/Applications/Application\ Loader.app/Contents/Frameworks/ITunesSoftwareService.framework/Support/altool -v -f yourNewApp.ipa -u yourItunesConnectUser#mail.com
I've successfully resigned my app. However there are still some open questions. These are the steps i did to resign the app:
I downloaded the appropriate provision profile from the apple member center.
I unzipped the ipa file: unzip {AppName}.ipa
Removed the old signature: rm -rf Payload/{AppName}.app/_CodeSignature/
Copied the new provisioning profile into the App:
cp new.mobileprovision Payload/{AppName}.app/embedded.mobileprovision
Resign the App: codesign -f -s "iPhone Distribution: {CertificateName}" --entitlements Entitlements.plist Payload/{AppName}.app/
Repack the App: zip -qr resigned.ipa Payload
I've looked up the {CertificateName} from the my Keychain under My Certificates. To get the entitlements.plist i used the following command:
codesign -d --entitlements :entitlements.plist Payload/{AppName}.app/
Now the open questions are:
Can i use this to resign an app and upload it to the app store? Is there anyone who actually did it this way successfully?
I have another folder besides Payload which is called Symbols. I suspect that this was added when the ipa was created for the app store. Do i need to repack it this way then: zip -qr resigned.ipa Payload Symbols to ensure that the Symbols are also within the app?
Within the Entitlements there is a part keychain-access-groups. Is this only relevant if i would use the keychain? Can i use the following value for it: {Prefix}.* or should it be more explicit?
Thank you in advance for any help!
Take a look at this, does the most of work for you when you upload your app FastLane
We have IPA file which is developed by another developer with his certificates.
We are trying to re-sign the IPA which is built and distributed using another developer certificate. Please let me know if you have done this before or have any idea about this.
Tried some solutions mentioned in below links however we were able to generate IPA but can't install it in a device.
We are trying it in iOS 8. Mac 10.10.
Re-signing is a multi-step process which can produce errors at each step. So please have patience and try to understand each step by itself.
# Start with files:
# .ipa-file 'MyApp.ipa'
# New provisioning profile 'profile.mobileprovision'
# Unpack the .ipa-file
unzip MyApp.ipa
# Extract the old entitlements from the binary
codesign -d --entitlements :- Payload/MyApp.app > entitlements_old.plist
# Extract the new entitlements from the provisioning profile
security cms -D -i profile.mobileprovision > profile.plist
/usr/libexec/PlistBuddy -x -c 'Print :Entitlements' profile.plist > entitlements.plist
Now there is a manual step to edit the entitlements.plist so the application-identifier is correct. Refer to the entitlements_old.plist as a reference, but note that the team identifiers at the beginning of the value should be different.
# Then replace the embedded provisioning profile
cp profile.mobileprovision Payload/MyApp.app/embedded.mobileprovision
# Re-sign the binary and update entitlements
#
# Note: replace "Firstname Lastname (TEAMID123)"
# with your certificate name
#
codesign -f -s "Firstname Lastname (TEAMID123)" \
--entitlements entitlements.plist \
Payload/MyApp.app
# Create ipa
zip -r MyApp2.ipa Payload/
Sadly, the error messages when something is wrong do not give any special information about what exactly is wrong. But it may be:
Wrong signing identity used
Entitlements mismatch between the binary and the provisioning profile
Try this software. It was working fine for me for re-signing IPA with enterprise certificates.
https://github.com/maciekish/iReSign
A third-party-company has sent us an xcarchive file so that we can export their application as an IPA for our client. They've done this because we control our client's provisioning profiles and certificates. They don't have our certificates and keys and so cannot build a distribution version of the app.
I opened the xcarchive in Organizer and attempted to export an ad-hoc IPA using the client's Enterprise distribution provisioning profile. However, when I attempt to install the app on my iPad, the installation fails.
I've verified that I'm using the correct provisioning profile, and I checked to make sure that I have the correct certificate for the profile as well as the private key. I've never signed an app with this provisioning profile before, but I've used the certificate and key for other profiles.
From what I understand, re-signing an archive should be possible. I'm not sure why this isn't working, though. Does the third-party company need to do anything specific when they export the xcarchive file - do they need to build with a specific certificate or provisioning profile?
Any insight on this would be helpful. Thanks!
I was able to re-sign an ipa following the instructions found at this link: http://sholtz9421.wordpress.com/2012/06/08/digitally-resigning-ipa/. However, I used Xcode to edit the plist, not emacs.