We have developed an iOS app that has been delivered to the customer as an IPA with an ad-hoc distribution profile that allowed a set of their employees to install it on their devices. The customer now wishes to distribute that app internally to all their employees using their iOS Enterprise Developer program credentials.
I had hoped that the customer could simply re-codesign the ad-hoc IPA with their own enterprise identity. However, they say they can't do that. They say they "need an IPA file with the removal of the limitation to only certain devices".
So, what do I do?
Do I need to somehow create an "unsigned" IPA for them? (And if so, how do I do that?)
Do I need them to generate an Enterprise distribution provisioning profile for me so I can build the app with that profile?
Do I need to just send them the source or build output and let them build the package?
I have looked at the following documents, but they have not enlightened me:
TN2250: iOS code Signing Setup, Process, and Troubleshooting
Distributing Enterprise Apps for iOS Devices
It's completely possible to take any IPA and resign it with your own details, modifying the Info.plist, bundle ID, etc. in the process. I do this all the time with IPAs that have been signed by other developers using their own provisioning profiles and signing identities.
If they aren't familiar with the codesign command line tool and all the details of replacing embedded.mobileprovision files and entitlements, the easiest way for them to do this is for you to "Archive" the app via Xcode, and send them the generated archive file (*.xcarchive).
They can import that into Xcode so it is visible in the Organizer, and from there they can choose "Distribute" and sign it with their enterprise identity.
To import the .xcarchive file into Xcode, they just need to copy the file into the ~/Library/Developer/Xcode/Archives directory and it should appear in the Xcode organizer. Then they click "Distribute" and follow the instructions:
Related
I have a bit of confusion about the whole certificate and Provisioning Profile file system.
I finally started to look into beta testing my app, and I'm trying Firebase App distribution but I'm not succeeding, my friends can't download my app..
The first time I exported the .ipa as Developer, and after adding this device UUIDs to my devices in my dev account I re exported the .ipa that now should run on their devices.. It still doesn't.
So I realised that I should have use "adHoc" instead of "Developer" so I did go through the archiving again and this time it asked me to create a distribution certificate which I then downloaded (a .p12 file and a .cer file)..
Now my doubt is:
In Xcode preferences/account I can see both the developer and the distribution certificates, but the project's Provisioning Profile says 1 certificate, meaning only the developer one right?
Can it be the reason why my testers (friends for now) can't download the app?
What should I do to use an update profile? In my dev account there is no profiles generated..
Where I'm mistaking in the whole process?
As always thank you very much for you time and help.
So I'm not using enterprise distribution profile to archive and export my project into IPA file.
I am using a valid distribution certificate though.
On XCode organizer I've made sure that everything is valid by clicking on the validate button for my particular archive before exporting it using the exact same distribution certificate and distribution provisioning profile. Also, I've made sure that I checked App Store as the method of distribution.
So I assumed everything checked out, then I distributed the IPA through diawi.
This is what I used to distribute my development IPA at the early stage of this project. However, upon opening the diawi link, installation just failed on my device saying "Unable to download" every single time.
Now I'm just wondering is it not at all possible to distribute through diawi if I'm not using enterprise distribution profile to build the ipa itself?
Or am I building it the wrong way for the intended purpose?
I'm very new to this whole Apple environment so not sure if I'm understanding the process correctly. I'm developing this from a react native project in case you need to know.
Thanks in advance for any pointers! :D
EDIT:
There seems to be confusion in the answers so far. Just to clarify, I'm NOT using enterprise distribution profile nor I am using development provisioning profile. So adding UDID to the provisioning profile is not an option. The case I'm asking about is for ipa signed with app store distribution provisioning profile which I'm trying to share using diawi. It doesn't seem to be possible to distribute ipa signed this way with diawi based on my research, but I just wanna be extra sure. Sorry for the confusion. :)
You need to have the UDID of downloading device added to the provisional profile. Login to your apple developer account and check if the device is added or no. If not add that device and then update the provisional profile by selecting that new UDID. Download the updated profile and the build.
Turns out it's true that diawi can only distribute in-house apps (signed using enterprise program account) and development provisioning profile signed apps.
The reason what I'm trying to do is not working (not installing through diawi) is because I'm trying to distribute an app signed with classic apple account's distribution provisioning profile instead of development provisioning profile
As far as I my googling went yesterday, apps signed with distribution provisioning profile under classic account is only distributable through app store or test flight.
Let me know if I miss anything.
I'm new to iPhone development and i'm not sure how to test the actually binary that will be sent to Apple. Today I released a build that works great on my local device but the released App Store version did not work and hung on launch.
I'm trying to figure out how I can test my production builds so this doesn't happen again.
I tried creating an ad-hoc binary and saved the ipa to my desktop, then imported into iTunes. The app synced and downloaded but remained dark and said 'waiting..'.
I signed up for Test Flight and it said my IPA was created for production and the sdk could not be found.
Do I need to research ad-hoc builds and profiles? This seems to be getting confusing really quickly and i'm not sure where to start looking/learning.
When you create an archive to submit to the AppStore, it is saved under the organizer (Press Command + Shift + 2 to open Organizer).
You can save the same archive for Ad-hoc distribution as a .IPA file, and then install it using iTunes or TestFlight.
In the Organizer, just select the right archive, click 'Distribute', and select 'Ad-hoc distribution' and sign the IPA with your Ad-Hoc distribution profile (if you haven't created an ad-hoc distribution profile, create one at developer.apple.com, download it and double-click on it to import it to your Mac OS Keychain) to generate the .IPA file.
As long as you re-sign your AppStore archive with an ad-hoc distribution profile, it should install and execute on your test devices.
Follow these steps hopefully it will work
Delete the application from your iPhone.
Create a new Adhoc Distribution provisioning profile, make your the devices you want to run on are included in that profile.
Make sure the certificate associated with the newly created profile has a valid private/public key pair.
After creating an archive, see the build must be created with the newly created profile(From a drop down that comes after archive).
If the problem persists, to verify rename the .ipa to .zip go to payload folder right click .app and show package contents see the embedded profile shows the correct profile and have the devices added.
I developed an iPad application to a client. My client has Apple Enterprise license. But they dont allow me to sign the app with their certificate. They just ask me to provide .xarchive file so that they can sign the app and create the ipa file.
This is how I have done that
1. Create a appid with com.mycompany.myapp.abc
2. Create a adhoc profile using above appid with my developer portal
3. set the bundle ID of my app com.mycompany.myapp.abc
4. Set the code signing identity to above profile in my app's target
5. archive the file using xcode 4.6.1
6. export the xarchive file and send to the client
7. Ask client to create a inhouse Dis profile with com.mycompany.myapp.* appid
8. Ask client to open the xarchive file using xcode and sign the app with inhouse profile and create the ipa file
They have followed above instructions in 7,8 and have created the ipa file. But when we try to install the ipa file using xcode to a device it gives following error.
Does above procedure has any problem. Can some one explain the issue.
EDIT:
for testing purpose I created adhoc profile with com.mycompany.* and created an ipa file by signing above xarchive file, it gives the same error message. But If I sign the xarchive file with profile crated with com.mycompany.myapp.abc bundle id works fine.
TL;DR:
Find out what the client's (provisioning profile's) entitlements are and make sure you match them.
The error is trying to say that the entitlements in your provisioning profile and their provisioning profiles differ. The difference could be a keychain group, push notification environment or something else.
The reason why Xcode asks you to choose a provisioning profile twice (once when archiving, once when distributing) is that all the provisioning profile entitlements are picked up in archive stage and mostly ignored in the distribution stage.
This makes it all too easy to distribute with the wrong entitlements, especially if your archive stage accidentally picked up a wildcard profile. Not your case, but that's why you should burn wildcard profiles with fire.
There are clever re-signing scripts (a.k.a. "Distribute..." button replacements) that will try to make the entitlements right by mashing what they find in the end user provisioning profile into your binary but I think the best solution is to make sure your provisioning profile's entitlements and any extra entitlements you add to your app matches their provisioning profile's.
I find Xcode's provisioning profile/entitlement system to be error prone. On hand you have entitlements that are basically part of your app's identity and may as well be set in stone (TODO: make your CI server check them). And on the other hand you have Xcode's build phase gleefully changing your app's entitlements based on its automatic/random provisioning profile selection. Silly.
You should follow the below step to make adhoc distribution .ipa for client
set bundle identifier in target info.plist
select the ad hoc distribution profile in target as well as in project
select iOS device then product-> archieve
organizer will pop up then select the archive and select "distribute" -> Adhoc Enterprise distribution
select the correct ad hoc distribution profile then save this .ipa file.
then send it to the client and let him know that before archiving or building the app we need correct adhoc provisioning profile . so there is no need to repeat the process at your end to set the provisioning or other stuff just distribute it .
How to distribute your iOS app over the air:
Just need to place the .ipa file and plist on a server and set the path in the above link example.
I'm using windows 8 to building applications with phonegap,
every thing is good except building apple application at:
https://build.phonegap.com
this appears:
phonegap build "no key selected"
how to get the key or .mobileprovision file?
You have to create them on https://developer.apple.com/, as AJD mentioned.
Go to your Apple developer portal
Click Devices to register your iOS device. You need to connect your device to iTunes to obtain your UUID
Click Certificate
Create a certificate for Production (to use PhoneGap Build, otherwise Development)
Download the certificate
Convert the certificate to a p12 file (See the screenshots below) - Double-click the .cer file to open it in Key Chain Access. Then click My Certificates under the category, Ctrl-click the certificate and export. When you save the .p12 file, you are asked to create a password that you will need later.
Create a provision file on Apple developer portal, then download. Again, to make this work on PhoneGap Build, you need one for Distribution, otherwise Development.
Actually, I blogged about it because using PhoneGap Build is not as easy as it should to develop iOS apps.
http://www.pubnub.com/blog/converting-your-javascript-app-to-an-ios-app-w-phonegap/
I know this question is made a year ago, but I hope this helps to everybody who has the same question.
You create and download the provisioning profile and an associated certificate on the Apple developer site.
Go
https://developer.apple.com/
Go member center > manage certificates and profiles...
A valid provisioning profile is connected to a valid distribution certificate. You will need both active.
Building for iOS
We're now able to offer support for building to iOS devices through Adobe® PhoneGap™ Build. The process for completing iOS builds is slightly different than that for other platforms: all iOS builds need to be signed by a developer certificate and a provisioning profile, that is tied to your Apple developer account and the device you wish to test on. This document covers how to set this up.
Note: Since PhoneGap Build uses Apple's standard development process to build applications, you will need to sign up for their developer program to build iOS applications on PhoneGap Build. You will also need a Mac to configure your certificate and provisioning profile.
When you upload a new application to PhoneGap Build, if you don't have a default certificate-profile pair attached to your account, you will be alerted that the iOS build can not be completed:
iOS Key Required
Your key will actually consist of two files: a certificate and a provisioning profile. Apple has extensive documentation for setting up your environment locally: the best approach is to ensure you can build an iOS application to your iOS device locally, to be sure that both your certificate and your provisioning profile are set up correctly for code signing.
Once you have these set up, you can export them for upload to PhoneGap Build. For the provisioning profile, you will need a file with the mobileprovision extension, which looks like this:
Provisioning Profile in Finder
Ensure that this provisioning profile is correctly paired with the device(s) you wish to test on.
Note that when you create your profile, you will specify the App IDs that are linked to the profile. This is important when using PhoneGap Build: the package name you specify for your app, in your config.xml (the id attribute of the widget element) or through the Edit App page, will have to match the ID for the provisioning profile. If they fail to match, your app will not be built correctly.
Apple appends a "Bundle Seed ID," or "App ID Prefix," to the provisioning profile when you generate it through the iOS Developer Center. Note that you do not to include this App ID Prefix in your config.xml for PhoneGap Build to build successfully. You just need the reverse-domain style Bundle Identifier - com.domainname.appname. This will also be best compatible with building for other platforms.
To prepare your certificate, you will need to open the Keychain Access utility on your Mac, and identify the certificate that you use for iOS development. Right click on that certificate and select Export ...
Export from Keychain Access
Save the certificate in a location you can remember, and enter a password. Remember the password: you will need to give it to PhoneGap Build, otherwise we cannot use your certificate.
Enter Certificate Password
Now back to the website. On the app detail page, simply select the "new key..." option from the signing key dropdown for the app in question, and then, from the list of platforms with signing available, hit add a key for iOS. Fill out the form: add your p12 certificate file and your mobileprovision file, and enter the password associated with your certificate.
Add Certificate to PhoneGap Build
Once your key is added, we'll attempt to rebuild the application for iOS. If all goes well, you should see a link for the built ipa file available.
You can then download the ipa file and use iTunes to install it directly on your provisioned iOS device.
Happy building!