We have created an iOS app for a client, which we would like them to code-sign and distribute.
What is the best method for this? If I Build and Archive, then Share and Save to Disk (no re-sign), I get the .ipa, as required. My question is how would a client then include their provisioning within this? Sending the code to the client unfortunately isn't an option, as we need to keep the source.
Any help would be appreciated
Upload Build to App Store Create an iOS distribution provisioning profile and distribution certificate. Use that certificate to sign the build. Then goto Product menu on Xcode and click Archive. That will allow you to upload build to App store.
Generate a Code Signing Certificate manuallyOpen your Keychain Access app on macOS. Select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority... Fill in the User's Email Address and the Common Name and select Saved to Disk .
Mandatory code signingTo help ensure that all apps come from a known and approved source and haven't been tampered with, iOS and iPadOS require that all executable code be signed using an Apple-issued certificate. Apps provided with the device, like Mail and Safari, are signed by Apple.
Just create an xarchive using your certificate and provisioning profile and pass it to the client
Client can open the xarchive using xcode and they can resign using their distribution certificate and provisioning profile and publish it to appstore
P.S:
Make sure client has same Bundle Identifier added in app id of member center
Make sure Client’s provisioning profile reflects your project capabilities i.e push notification etc
In case of entitlements the client has to go inside the app and change the entitlements manually.
The file that they have to open in a text editor is archived-expanded-entitlements.xcent and change the PREFIX with their team id which can be found here
<key>application-identifier</key>
<string>PREFIX.yourappBundleID</string>
<key>keychain-access-groups</key>
<array>
<string>PREFIX.yourappBundleID</string>
</array>
And its better to ask the client to make sure get-task-allow is false just in case if you had signed your xarchive with development signers
<key>get-task-allow</key>
<false/>
The same is true for APNS
<key>aps-environment</key>
<string>production</string>
FYI: Lots of companies I know follow this process due to their security guidelines
Tell your client to create the provisioning profile.
The client would have to export his certificates and keys from keychain access and send you his certificates, keys and the provisioning profile. You can install everything on your machine, build the app with client's profile and send the build.
This should be safe enough from client's perspective as long as he does not share his apple password with you.
If your client has "agent" level at "iOS Provisioning Portal", he can add you with "admin" level. Thus you will have less access level, however able to give him "development" version (in many aspects the same as distribution).
This solution much better than to ask the client to export his private keys, especially if he has no experience on that
Check out Erica Sudan's App Signer. This utility allows an unsigned IPA to be resigned with a different provisioning profile.
Easy to use, so perfect for your needs.
http://ericasadun.com/ftp/Macintosh/
Obviously this all depends on them having an iOS Developer contract and having created their own provisioning profile
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With