I'm migrating our build scripts to produce xcarchive files, so we can upload builds right from the Xcode Organizer, however, I'm having trouble getting builds to work over the air now.
I'm building the archive with:
xcodebuild -scheme myScheme \
"CODE_SIGN_IDENTITY[sdk=iphoneos*]=$appstore_identity" \
PROVISIONING_PROFILE=$appstore_profile_id \
-archivePath $outputArchive
archive`
Then I'm trying to export and re-sign using my enterprise distribution profile with:
enterprise_profile_name=`basename $enterprise_profile_file .mobileprovision` \
xcodebuild -exportArchive \
-archivePath "$outputArchive" \
-exportFormat IPA \
-exportProvisioningProfile "$enterprise_profile_name" \
-exportPath "$outputIPA"
The resulting IPA looks correct (contains correct profile, codesign says it's valid, etc), however, when we generate a manifest file so this can be installed over the air things stop working. On iOS 7 devices get into the 'Installing..., Waiting...' loop and the app never get's installed.
Any suggestions?
Update 1
I've also tried exporting an app from the archive and then resigning that with PackageApplication:
xcodebuild -exportArchive \
-archivePath "$outputArchive" \
-exportFormat APP \
-exportWithOriginalSigningIdentity \
-exportPath "$outputApp"
xcrun PackageApplication \
"$outputApp" \
-o "$outputIPA" \
--sign "$enterprise_identity" \
--embed "$enterprise_profile_file"
But the resulting IPA still fails to install OTA and syncing via iTunes.
#MishieMoo and I chatted offline and it seems that what I'm trying to do isn't possible because I am trying to work across teams. I have 2 teams A and B, each with their own identity and provisioning profile. A has a enterprise profile for com.foo.*. B has a regular profile for com.foo.bar.
I was building with B and trying to resign with A. However that isn't working because they are 2 different accounts with 2 different team identifiers.
Result: I need to build twice (once for each account).
Related
Currently using the xcode 6 build process, we first create the xcarchive with the following command
xcodebuild -workspace OurApp.xcworkspace -scheme MainScheme \
clean archive -archivePath OurApp.xcarchive -sdk "iphoneos" \
-configuration "Release" CODE_SIGNING_REQUIRED="NO" \
CODE_SIGN_IDENTITY="" PROVISIONING_PROFILE=""
By not doing any code signing and provisioning, we then use the exportArchive command to generate the respective enterprise and adhoc ipas using the same archive like this.
xcodebuild -exportArchive -archivePath OurApp.xcarchive \
-exportPath OurApp-adhoc.ipa -exportFormat "ipa" \
-exportProvisioningProfile "Our Adhoc Provisioning Profile"
and
xcodebuild -exportArchive -archivePath OurApp.xcarchive \
-exportPath OurApp-enterprise.ipa -exportFormat "ipa" \
-exportProvisioningProfile "Our Enterprise Provisioning Profile"
Note that we would have our servers set the appropriate code sign identity before running these exportArchive commands. This worked really well for us since we could use the same xcarchive(takes 8 minutes to compile) and create multiple variants with it(exportArchive step doesn't take more than 30 seconds).
In Xcode7, Apple Introduced exportOptionsPlist. Xcode 7 also saw the introduction of features such as Swift Support and Universal Links, both of which we deploy. These two features require you to use exportOptionsPList it seems. The only way I was able to get exportOptionsPlist is that I could no longer set CODE_SIGN_IDENTITY and PROVISIONING_PROFILE to "" when generating IPA. As a result, our build times will double since we now have to build the xcarchive twice
I was wondering if anyone knows a way to create an enterprise IPA and an adhoc ipa using the same xcarchive.
Hi its not possible because whenever you create an iPA from Archive it create each iPA separately for Adhoc or Enterprise or else.
I'm trying to build an app via the command line, using these commands:
xcodebuild PRODUCT_BUNDLE_IDENTIFIER=com.myapp \
PROVISIONING_PROFILE="XXXX-XXXX-XXXX-XXXX-XXXX" \
CUSTOM_URL="http://mycustomurl.com" \
-project AppName.xcodeproj \
-scheme AppName \
-sdk iphoneos \
-configuration AppStoreDistribution archive -archivePath $PWD/build/AppName.xcarchive
then:
xcodebuild -exportArchive \
-archivePath $PWD/build/AppName.xcarchive \
-exportPath AppName.app \
-exportFormat app
Now, I would like to run this app to test using the emulator, so I run these commands to install and launch the app:
xcrun -v simctl install booted AppName.app #Install
xcrun simctl launch booted com.myapp #Launch
The app instantly closes and xcrun comes back:
An error was encountered processing the command (domain=FBSOpenApplicationErrorDomain, code=1):
The operation couldn’t be completed. (FBSOpenApplicationErrorDomain error 1.)
Now, if I try to launch my app with xcode (by gui) this starts without any problems.
I've also tried to:
Reset the Emulator
Check the App Transport Security Settings
Close all instance of the app
You're building for iphoneos (I can see a "-sdk iphoneos" parameter in your xcodebuild command line). Then you're trying to install the resulting .app object onto the simulator (!!).
That will produce an architecture mismatch, and thus that cryptic runtime error.
Change your compilation commands from "-sdk iphoneos" to something like "-sdk iphonesimulator9.3" (in case this is the version you need).
If in doubt, type "xcodebuild -showsdks" and a list of installed SDK's will appear on screen. Choose the one you need.
You'll probably need to mess with -arch parameter also and change it from ARM to i386 (Remember the Simulator runs onto your intel MAC ).
Try and tell us if it works.
In order to distribute apps via Apple's new Test Flight service the beta-reports-active key needs to be present. Currently I'm using Apple's bot server to distribute to the old Test Flight system with and Ad Hoc distribution profile. Using a post build trigger I want to take the archive that is created and build an App Store Distribution ipa that I can upload to iTunes Connect. I've written a script that does this. I use the xcrun command to build:
/usr/bin/xcrun -sdk iphoneos PackageApplication -v "${APP}" -o "${APP_STORE_IPA}" --sign "${SIGNING_IDENTITY}" --embed "${PROVISIONING_PROFILE}"
The SIGNING_IDENTITY and PROVISIONING_PROFILE are both app store distribution certificates/profiles. So the provisioning profile is getting embedded in the ipa and it contains the beta-reports-active flag. However, when I look at the ipa to verify its entitlements it is not present.
What am I doing wrong? All information I've seen on this has just suggested regenerating the provisioning profile. I've done this and know the key is present. It is not getting added to the entitlements. I have a widget that gets bundled in the ipa as well. I am not resigning that.
You could always try using the xcodebuild export command:
xcodebuild -exportArchive -archivePath '{APP}' -exportPath '{IPA}' \
-exportFormat 'ipa' -exportWithOriginalSigningIdentity
or if you want a different profile and identity:
xcodebuild -exportArchive -archivePath '{APP}' -exportPath '{IPA}' \
-exportFormat 'ipa' -exportWithOriginalSigningIdentity \
-exportProvisioningProfile {profilename} -exportSigningIdentity {identityname}
See man xcodebuild for more info.
Alright so I think I've finally got this figured out. It seems as though the Bot Server may have a few kinks that Apple needs to iron out. I noticed that the Distribution IPA that is generated by the Bot Server lacks any of the required entitlements of my Application. I did a little searching and found other people are having the same problem. Here's a question that explains the issue really well: IPA created via Xcode bot fails to run for APNS but runs if built manually via Xcode itself or built as an archive by Xcode
So with this in mind I created and added an entitlement file to my project with the minimum entitlements I needed. I also did the same for the widget that is in my project. Then during my post integration trigger I read both entitlement files and add the necessary entitlements to it.
# Copy the Entitlements file out of the payload so we can update it
APP_ENTITLEMENTS="/tmp/distributionEntitlements.plist"
rm -rf ${APP_ENTITLEMENTS}
codesign -d --entitlements :${APP_ENTITLEMENTS} "/tmp/Payload/MyAppName.app"
WIDGET_ENTITLEMENTS="/tmp/widgetDistributionEntitlements.plist"
rm -rf ${WIDGET_ENTITLEMENTS}
codesign -d --entitlements :${WIDGET_ENTITLEMENTS} "/tmp/Payload/MyAppName.app/Plugins/${WIDGET_NAME}"
# Copy over the latest build the bot just created
echo "Copying latest Archive to /tmp/...";
cp -Rp "${XCS_ARCHIVE}" "/tmp/"
APP="/tmp/Archive.xcarchive/Products/Applications/MyAppName.app"
echo "Updating entitlements file"
/usr/libexec/PlistBuddy -c "Add :beta-reports-active bool true" ${APP_ENTITLEMENTS}
/usr/libexec/PlistBuddy -c "Add :aps-environment string production" ${APP_ENTITLEMENTS}
cat ${APP_ENTITLEMENTS}
echo "Updating widget entitlements file"
/usr/libexec/PlistBuddy -c "Add :beta-reports-active bool true" ${WIDGET_ENTITLEMENTS}
cat ${WIDGET_ENTITLEMENTS}
Then of course you have to codesign these apps again:
echo "Codesign the widget"
cp "${WIDGET_PROVISIONING_PROFILE}" "${APP}/Plugins/${WIDGET_NAME}/embedded.mobileprovision"
codesign -fv -s "${FULL_SIGNING_IDENTITY}" "${APP}/Plugins/${WIDGET_NAME}" --entitlements "${WIDGET_ENTITLEMENTS}" --preserve-metadata=resource-rules,requirements
echo "Codesign the app"
codesign -fv -s "${FULL_SIGNING_IDENTITY}" "${APP}" --entitlements "${APP_ENTITLEMENTS}" --preserve-metadata=resource-rules,requirements
echo "Creating .ipa"
# Remove any whitespace
FILENAME=${XCS_BOT_NAME// /}
echo "Filename: ${FILENAME}"
APP_STORE_IPA="/tmp/${FILENAME}_AppStore_${VERSION_NUMBER}.ipa"
rm "${APP_STORE_IPA}"
/usr/bin/xcrun -sdk iphoneos PackageApplication -v "${APP}" -o "${APP_STORE_IPA}" --sign "${SIGNING_IDENTITY}" --embed "${PROVISIONING_PROFILE}"
After all this, I can upload this IPA to Apple and distribute it using their new TestFlight beta distribution tool.
I use the following commands to resign an ipa which may work for you. The basic technique is to unzip the ipa, add in the desired mobile provisioning profile, resign the code with the desired certificate and then zip into the new ipa.
unzip -q "${IPAFILE}"
cp "${PROV_PROFILE}" Payload/*.app/embedded.mobileprovision
/usr/bin/codesign -f -s "${SIGN_CERT}" --keychain "${KEYCHAIN}" \
--entitlements Payload/*.app/$APP-Entitlements.plist \
--resource-rules Payload/*.app/ResourceRules.plist Payload/*.app
zip -qr "${NEW_IPAFILE}" Payload
You may be able to leave out the --keychain option if you're using the standard keychain. The name of your Entitlements.plist file may be different. SIGN_CERT is the text name of your certificate. e.g. "iPhone Distribution: Blah Blah"
Be sure that the Entitlements plist has the same TEAM ID as your signing cert and provisioning profile.
Xcode adds this beta entitlement to your entitlement list automatically. You just have to make a new revision, click on the Team account under the identity, reselect your account and the new profile will be remade by iTunes connect.
After that, upload your new binary.
Once it is uploaded you can assign beta testers to your app, selecting the pre-release version and adding the internal or external beta testers to the list.
I hope it helped.
A better way of doing this would be set the Release provisioning profile to the App store profile. Then you won't need to provide the --embed flag and the beta reports flag will be true.
Then if you also need a adhoc build you can provide the same xcrun command --embed with the adhoc provisioning profile.
ARCHIVE = "${ARCHIVE_FOLDER}/Products/Applications/${PRODUCT_NAME}.app"
#Adhoc
/usr/bin/xcrun -sdk iphoneos PackageApplication -v ARCHIVE -o IPA_DESTINATION --sign "SIGNING_IDENTITY" --embed PATH_TO_PROVISIONING_PROFILE
#App Store
/usr/bin/xcrun -sdk iphoneos PackageApplication -v ARCHIVE -o IPA_DESTINATION --sign "SIGNING_IDENTITY"
I am using below command to create an signed ipa file from command line i.e. terminal.
xcrun -sdk iphoneos PackageApplication \
"path/to/build/MyApp.app" \
-o "output/path/to/MyApp.ipa" \
--sign "iPhone Distribution: My Company" \
--embed "path/to/something.mobileprovision"
As understood from above, this will create an ipa file. But, I want to create a xcarchive file which will be used to upload to app store using Application Loader. How can I modify this command to achieve that. Any help will be greatly appreciated. Thanks...
Just use xcodebuild archive command
Normally when submitting an iOS app to the App Store I do Product -> Archive from Xcode and then choose distribute to the App Store. I can successfully archive a build with:
xcodebuild -scheme "myScheme" archive -archivePath /my/path/myArchive
but how do I do the signing process with the correct provisioning profile and also distribute via command line?
For ad hoc builds, I generate my ipa after archiving with:
xcodebuild -exportArchive -exportFormat IPA -archivePath myArchive.xcarchive -exportPath /my/path/myFile.ipa -exportProvisioningProfile 'my adhoc profile name'
But do I even need to generate an ipa when distributing to the app store? Either way, how do I do the signing with correct profile and distributing via command line?
See update for Xcode 8 at bottom of answer.
To answer the last part of the question first - Yes an App Store Provisioning Profile is needed to submit your app through iTunes connect. It will not pass the preverification steps unless it has a correct provisioning profile. You will need to create an App Store distribution profile in the Member Centre
Select "App Store" and click on continue
The first part of the question is a little more difficult, as creating, signing and distributing archives and IPA files using command line tools is poorly documented. Implementing a scripted solution is full of pitfalls because tools don't behave as expected under some circumstances and a more detailed knowledge of the relationship between your developer account, your keychain, the signing certs and the provisioning profiles is required.
Here is a sample of a script that can be used to create an archive with an embedded Ad Hoc provisioning profile, create an IPA for Ad Hoc distribution. As a bonus the DSYMs zip file is created for upload to TestFlight. Then two more scripts are presented. The first will create an App Store version of the IPA from the existing xcarchive, the second will show how to modify an xcarchive so it can be resigned by a third party for Enterprise In House distribution.
This automated build script assumes that the Provisioning Profiles are available in a directory called ProvisioningProfiles checked in with the source code. It is also assumes the password to unlock the keychain holding the signing cert is stored in a protected file in the build users home directory.
#!/bin/sh
# SETME
# set to name of signing certification usually starts something like "iPhone Distribution: ...."
# (the associated private key must be available in the key store)
#
# use the command "security find-identity" to list all the possible values available
#
codeSignIdentity="iPhone Distribution"
# SETME
# set to location of Ad Hoc provisioning profile
# (this profile must have the codeSignIdentity specified above included in it)
#
provisioningProfile=ProvisioningProfiles/MyAppAdHocDistribution.mobileprovision
# The keychain needs to be unlocked for signing, which requires the keychain
# password. This is stored in a file in the build account only accessible to
# the build account user
if [ ! -f $HOME/.pass ] ; then
echo "no keychain password file available"
exit 1
fi
case `stat -L -f "%p" $HOME/.pass`
in
*400) ;;
*)
echo "keychain password file permissions are not restrictive enough"
echo "chmod 400 $HOME/.pass"
exit 1
;;
esac
#
# turn off tracing if it is on for security command
# to prevent logging of password
#
case `set -o | grep xtrace`
in
*on) xon=yes ;;
*) xon=no ;;
esac
#
# unlock the keychain, automatically lock keychain on script exit
#
[ $xon == yes ] && set +x
security unlock-keychain -p `cat $HOME/.pass` $HOME/Library/Keychains/login.keychain
[ $xon == yes ] && set -x
trap "security lock-keychain $HOME/Library/Keychains/login.keychain" EXIT
#
# Extract the profile UUID from the checked in Provisioning Profile.
#
uuid=`/usr/libexec/plistbuddy -c Print:UUID /dev/stdin <<< \
\`security cms -D -i $provisioningProfile\``
#
# Copy the profile to the location XCode expects to find it and start the build,
# specifying which profile and signing identity to use for the archived app
#
cp -f $provisioningProfile \
"$HOME/Library/MobileDevice/Provisioning Profiles/$uuid.mobileprovision"
#
# Build the xcarchive - this will only be done once, will will then
# distribute it for Ad Hoc, App Store and Enterprise In House scenarios
# (profile must be specified by UUID for this step)
#
xcodebuild \
-workspace MyApp.xcworkspace \
-scheme MyApp \
-archivePath build/MyApp.xcarchive \
archive \
PROVISIONING_PROFILE="$uuid" \
CODE_SIGN_IDENTITY="$codeSignIdentity"
#
# Create a zip of the DSYMs for TestFlight
#
/usr/bin/zip -r MyApp.dSYM.zip build/MyApp.xcarchive/dSYMs/MyApp.app.dSYM
#
# now distribute the xcarchive using an Ad Hoc profile
# (for QA testing for example)
#
profileName=`/usr/libexec/plistbuddy -c Print:Name /dev/stdin <<< \
\`security cms -D -i $provisioningProfile\``
#
# The profile must be specified by name for this step
#
xcodebuild \
-exportArchive \
-exportFormat IPA \
-archivePath build/MyApp.xcarchive \
-exportPath MyAppForAdHoc.ipa \
-exportProvisioningProfile "$profileName"
To redistribute the xcarchive with the App Store Distribution profile, re-export the xcarchive with a new profile (the signing identity is the same for both the Ad Hoc and the App Store profiles).
# SETME
# set to location of App Store provisioning profile
#
appStoreProvisioningProfile=ProvisioningProfiles/MyAppAppStoreDistribution.mobileprovision
#
# Extract the App Store profile UUID from the checked in Provisioning Profile.
#
uuid=`/usr/libexec/plistbuddy -c Print:UUID /dev/stdin <<< \
\`security cms -D -i $appStoreProvisioningProfile\``
#
# Copy the profile to the location XCode expects to find it and start the export,
# specifying which profile to use for the archived app
# (Profile must match with signing identity used to create xcarchive)
#
cp -f $appStoreProvisioningProfile \
"$HOME/Library/MobileDevice/Provisioning Profiles/$uuid.mobileprovision"
#
# Extract the enterprise profile name from the checked in App Store Provisioning Profile.
# and redistribute the xcarchive as an App Store ready IPA
#
profileName=`/usr/libexec/plistbuddy -c Print:Name /dev/stdin <<< \
\`security cms -D -i $appStoreProvisioningProfile\``
#
# Profile must be specified by name for this step
#
xcodebuild \
-exportArchive \
-exportFormat IPA \
-archivePath build/MyApp.xcarchive \
-exportPath MyAppForStore.ipa \
-exportProvisioningProfile "$profileName"
Finally just to be complete, what if you want to resign the xcarchive with a new identity and provisioning profile? This might happen if you distribute xcarchives for in-house distribution to third party companies. The recipient needs to sign your xcarchive for distribution using their enterprise certificate. xcodebuild cannot be coerced into overwriting the existing code signature in the xcarchive, therefore codesign must be used directly.
# SETME
# set to name of enterprise signing certification usually starts something like
# "iPhone Distribution: ...."
#
# use the command "security find-identity" to list all the possible values available
#
enterpriseCodeSignIdentity="iPhone Distribution: Acme Ltd"
# SETME
# set to location of Enterprise In-House provisioning profile
# (this profile must be associated with the enterprise code signing identity)
#
enterpriseProvisioningProfile=ProvisioningProfiles/MyAppInHouseDistribution.mobileprovision
# SETME
# A resigning of the app with a different certificate requires a new bundle ID
# that is registered by the Enterprise and is included in the In-House distribution
# profile (This could be automatically extracted from the Enterprise In-House distribution
# profile, I leave that as an ETTR)
enterpriseBundleId="com.enterprise.myapp"
#
# Extract the enterprise profile UUID from the checked in Provisioning Profile.
#
euuid=`/usr/libexec/plistbuddy -c Print:UUID /dev/stdin <<< \
\`security cms -D -i $enterpriseProvisioningProfile\``
#
# Copy the profile to the location XCode expects to find it and start the build,
# specifying which profile and signing identity to use for the archived app
#
cp -f $enterpriseProvisioningProfile \
"$HOME/Library/MobileDevice/Provisioning Profiles/$euuid.mobileprovision"
#
# Copy, modify and resign the xcarchive ready for Enterprise deployment
# (has to be resigned as the production certificate is different for enterprise)
#
cp -Rp build/MyApp.xcarchive build/MyAppEnterprise.xcarchive
#
# Remove old code signature
#
rm -rf build/MyAppEnterprise.xcarchive/Products/Applications/MyApp.app/_CodeSignature
#
# copy in the enterprise provisioning profile
#
cp $enterpriseProvisioningProfile \
build/MyAppEnterprise.xcarchive/Products/Applications/MyApp.app/embedded.mobileprovision
#
# Modify the bundle id to that of the enterprise bundle id
#
/usr/libexec/plistbuddy -c "Set:CFBundleIdentifier $enterpriseBundleId" \
build/MyAppEnterprise.xcarchive/Products/Applications/MyApp.app/Info.plist
#
# resign the xcarchive with the enterprise code signing identity
#
/usr/bin/codesign -f -v -s $enterpriseCodeSignIdentity \
build/MyAppEnterprise.xcarchive/Products/Applications/MyApp.app
#
# Update the DSYM bundle id and create a zip of the DSYMs for TestFlight (if applicable)
#
/usr/libexec/plistbuddy -c "Set:CFBundleIdentifier com.apple.xcode.dsym.${enterpriseBundleId}" \
build/MyAppEnterprise.xcarchive/dSYMs/MyApp.app.dSYM/Contents/Info.plist
/usr/bin/zip -r MyAppEnterprise.dSYM.zip build/MyAppEnterprise.xcarchive/dSYMs/MyApp.app.dSYM
#
# Extract the enterprise profile Name from the checked in Provisioning Profile.
#
enterpriseProfileName=`/usr/libexec/plistbuddy -c Print:Name /dev/stdin <<< \
l\`security cms -D -i $enterpriseProvisioningProfile\``
#
# Profile must be specified by name for this step
#
xcodebuild \
-exportArchive \
-exportFormat IPA \
-archivePath build/MyAppEnterprise.xcarchive \
-exportPath MyAppEnterprise.ipa \
-exportProvisioningProfile "$enterpriseProfileName"
If the script is being run from as a launchd daemon, see this answer https://stackoverflow.com/a/9482707/2351246 to solve the problem with accessing the login keychain from a launchd daemon.
UPDATE for OSX Mavericks and Yosemite
On OSX Mavericks (v10.9.5) and OSX Yosemite you may see code signing errors:
Codesign check fails : ...../MyApp.app: resource envelope is obsolete
Check this posting here for the cause xcodebuild - codesign -vvvv says"resource envelope is obsolete"
To implement the change suggested by Apple Support in the referenced post, run the following command:
sudo perl -pi.bak -e 's/--verify"./--verify", "--no-strict",/ if /codesign.*origApp/;' `xcrun -sdk iphoneos -f PackageApplication`
UPDATE for Xcode8
In Xcode8, the procedure described in my previous answer no longer works with the new Automatically manage signing feature, so you will need to select manual signing to use this method.
If you wish to use automatic signing, here are some observations based on our attempts to get it working with both a IBM Jazz and a Jenkins a CI environment.
It is possible if you have one CI machine to get auto code signing working. I found you had to create and assign a developer account to the instance of Xcode on the CI machine. This was a manual step and I found no way to import a developer profile from the commandline.
If you use a distributed CI environment with multiple build machines, it just doesn't work well. First you have the issue above, you have to manually add a developer account to all instances of Xcode, and second, each of those accounts has to be a different Apple ID, otherwise you get certificate generation issues for the common build account (All machines are sharing an account which causes a collision in the developer certificate because it is tied to a specific machine).
We run a distributed Jenkins CI environment, so we stuck with manual signing, but the method of exporting IPA changed, the -exportOptionsPlist option must be used now.
Change the archiving command:
#
# Build the xcarchive - this will only be done once, will will then
# distribute it for Ad Hoc, App Store and Enterprise In House scenarios
#
xcodebuild \
-workspace MyApp.xcworkspace \
-scheme MyApp \
-archivePath build/MyApp.xcarchive \
archive
The archive is signed with the iOS Developer certificate associated with the build account (so make sure it has one installed in the keychain). Now the archive can be exported to IPA format for Ad-hoc, Enterprise and App Store using the -exportOptionsPlist option to xcodebuild.
Create a file called exportAppStore.plist with the following contents and save it in your top level project directory.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>method</key>
<string>app-store</string>
</dict>
</plist>
See the output xcodebuild -help for a complete list of keys available for the -exportOptionsPlist option.
Now modify the export archive command to use the new export options plist file
xcodebuild \
-exportArchive \
-archivePath build/MyApp.xcarchive \
-exportOptionsPlist exportAppStore.plist \
-exportPath MyAppForStore.ipa