Menu
I want to create a tool for codesigning iOS apps on a linux server remotely.
I know codesign is oss but relies heavily on the keychain and is not as portable.
I know Adobe has a codesign utility for win and mac within flash that takes the provisioning profile, .p12, and .cer and signs the app.
UDK also does something similar but doesnt seem to need the .p12 ( http://udn.epicgames.com/Three/AppleiOSProvisioning.html )
So my question is really, what is the process they are doing so i can recreate a tool that is cross platform that can do it.
731
Mandatory code signingTo help ensure that all apps come from a known and approved source and haven't been tampered with, iOS and iPadOS require that all executable code be signed using an Apple-issued certificate. Apps provided with the device, like Mail and Safari, are signed by Apple.
Tap Settings > General > Profiles or Profiles & Device Management. Under the "Enterprise App" heading, you see a profile for the developer. Tap the name of the developer profile under the Enterprise App heading to establish trust for this developer. Then you see a prompt to confirm your choice.
Generate a Code Signing Certificate manuallyOpen your Keychain Access app on macOS. Select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority... Fill in the User's Email Address and the Common Name and select Saved to Disk .
I've tried to work on this issue, and after a lot of sleepless nights, headaches, issues with keys and other stuff, I decided to stop bothering, bought a mac mini (fairly cheap), and installed it headless as a build machine. Works like a charm :)
I put a lot of work into the research and wasn't able to get it to work, so if someone does know the answer: greatly appreciated!
71
Try and have a look at this presentation: Breaking iOS code signing, which contains a lot of interesting information about the signing scheme.
I don't know anyway if the above presentation will give you the information you need.
43
Saurik created ldid, which is meant for code-signing on linux. It may be useful to checkout this article about Developing without a Provisioning Profile and also this project which I believe is an ldid implementation.
If you have used the Adobe code signing utility before then you might have noticed that it is a bit flaky. I have had issues with it numerous times.
The truth is that it will be very hard to create a code-signing tool and even if you spent a ton of time on it and eventually got an implementation working, Apple could change any little piece of the code signing process that could end up breaking your entire system. It is better to rely on the tools that Apple has provided developers to do code signing. If I could make a suggestion it would be to NOT try to do this.
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
