Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I send iOS app to client, for them to code-sign

We have created an iOS app for a client, which we would like them to code-sign and distribute.

What is the best method for this? If I Build and Archive, then Share and Save to Disk (no re-sign), I get the .ipa, as required. My question is how would a client then include their provisioning within this? Sending the code to the client unfortunately isn't an option, as we need to keep the source.

Any help would be appreciated

like image 409
user432865 Avatar asked Feb 07 '11 09:02

user432865


People also ask

How do I deliver iOS app to client?

Upload Build to App Store Create an iOS distribution provisioning profile and distribution certificate. Use that certificate to sign the build. Then goto Product menu on Xcode and click Archive. That will allow you to upload build to App store.

How do I get a code signing certificate from Apple?

Generate a Code Signing Certificate manuallyOpen your Keychain Access app on macOS. Select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority... Fill in the User's Email Address and the Common Name and select Saved to Disk .

What is iOS code signing?

Mandatory code signingTo help ensure that all apps come from a known and approved source and haven't been tampered with, iOS and iPadOS require that all executable code be signed using an Apple-issued certificate. Apps provided with the device, like Mail and Safari, are signed by Apple.


4 Answers

  • Just create an xarchive using your certificate and provisioning profile and pass it to the client

  • Client can open the xarchive using xcode and they can resign using their distribution certificate and provisioning profile and publish it to appstore

enter image description here enter image description here

P.S:

  • Make sure client has same Bundle Identifier added in app id of member center

  • Make sure Client’s provisioning profile reflects your project capabilities i.e push notification etc

  • In case of entitlements the client has to go inside the app and change the entitlements manually.

The file that they have to open in a text editor is archived-expanded-entitlements.xcent and change the PREFIX with their team id which can be found here

 <key>application-identifier</key>
    <string>PREFIX.yourappBundleID</string>

<key>keychain-access-groups</key>
<array>
    <string>PREFIX.yourappBundleID</string>
</array>

And its better to ask the client to make sure get-task-allow is false just in case if you had signed your xarchive with development signers

 <key>get-task-allow</key>
    <false/>

The same is true for APNS

<key>aps-environment</key>
<string>production</string>

FYI: Lots of companies I know follow this process due to their security guidelines

like image 141
Durai Amuthan.H Avatar answered Oct 06 '22 00:10

Durai Amuthan.H


Tell your client to create the provisioning profile.

The client would have to export his certificates and keys from keychain access and send you his certificates, keys and the provisioning profile. You can install everything on your machine, build the app with client's profile and send the build.

This should be safe enough from client's perspective as long as he does not share his apple password with you.

like image 37
Swapnil Luktuke Avatar answered Oct 06 '22 01:10

Swapnil Luktuke


If your client has "agent" level at "iOS Provisioning Portal", he can add you with "admin" level. Thus you will have less access level, however able to give him "development" version (in many aspects the same as distribution).

This solution much better than to ask the client to export his private keys, especially if he has no experience on that

like image 39
Martin Babacaev Avatar answered Oct 06 '22 01:10

Martin Babacaev


Check out Erica Sudan's App Signer. This utility allows an unsigned IPA to be resigned with a different provisioning profile.

Easy to use, so perfect for your needs.

http://ericasadun.com/ftp/Macintosh/

Obviously this all depends on them having an iOS Developer contract and having created their own provisioning profile

like image 35
wuf810 Avatar answered Oct 06 '22 01:10

wuf810