How do I sign an unsigned IPA?

Question

I have generated an IPA file unsigned with xcodebuild utility and now my customer want to sign it. It is possible to sign it with an existing provisioning file generated with a developer account? Another question, it is possible to use a command line related to xcode to do this?

Answer 1

An IPA is simply a .zip archive. Here is a example script to get the idea

IPA=$1
PROVISION="/path/to/nameOfProfile.mobileprovision"
CERTIFICATE="iPhone Developer: nameOfCertificate (2472ZKDHVF2A)" # must exist in keychain
# unzip the ipa
unzip -q "$IPA"
# remove the signature
rm -rf Payload/*.app/_CodeSignature Payload/*.app/CodeResources
# replace the provision
cp "$PROVISION" Payload/*.app/embedded.mobileprovision
#copy existing entitlements to use it for resigning
cp Payload/*.app//archived-expanded-entitlements.xcent entitlements.plist
# sign with the new certificate
/usr/bin/codesign -f -s "$CERTIFICATE" --entitlements "entitlements.plist" Payload/*.app
# zip it 
zip -qr newIpaName.ipa Payload
#clean up
rm -f entitlements.plist
rm -rf Payload

To find the name of the Certificate:

• Open "Keychain Access"
• Right+click on the Certificate -> "Get Info"
• Copy and use "Common Name"