Codesigning iOS applications (APNS Enabled) without using XCode

Question

I want to build a single window Mac application, which can be used to codesign iOS applications without using XCode.

Many of our clients use "Enterprise License" to distribute their apps. Each year they need to be resigned and its a repetitive work. Their requirements are following

1. Apps make use of APNS
2. They don't want to share their Enterprise License
3. Bundle identifier should be replaceable while signing with their certificate
4. They have certificates with same name in Keychain

Userinterface has the following fields

1. Path to the *.ipa file
2. Path to the *.mobileprovision file
3. Keychain name (optional incase more than one certificate with same name exists)
4. Name of the certificate (iPhone Developer : .....)

I was able to codesign application, but APNS is not working after resigning. Or is it not possible to resign applications making use of bundleIdentifier?

And also I would like to add a feature of drop down list of certificates available in Keychain for improved useability. Any pointers would be great help

Answer 1

To enable push notifications, the app ID and provisioning profile will need to have that configured and allowed by Apple (through the portal). You can't enable it for arbitrary provisioning profiles/apps just by resigning.

During codesigning, the entitlements need to have the apns-environment key set to sandbox/production depending on what the app uses. This will then be verified at runtime by iOS. If you are using a third-party signing tool, it should take the apns-environment value from the provisioning profile.

For debugging, you can look at the entitlements for a .app with this command:

codesign -d --requirements - --entitlements - path/to/My.app

You should see an apns-environment value, but only if the provisioning profile had that enabled.

Answer 2

Just spent several hours researching this same issue and discovered the following process. Taking Mike's comments one step further, providing the following command line for others running into the same issue.

I am starting with an xcode release build using a bundle id that has been configured for production push notification.

From the terminal window run the following commands - replacing the "CAPITAL SECTIONS" with your info

codesign -d --entitlements -"NAME OF APP.app" > entitlements.plist

codesign -f -s "SIGNING CERTIFICATE NAME" --resource-rules "NAME OF APP.app/ResourceRules.plist" --entitlements entitlements.plist "NAME OF APP.app"

Hope this helps the next person struggling with this same issue