resign .ipa with new CFBundleIdentifier and certificate
Assumptions:
- .ipa filename is app.ipa
- app is called MyApp
- new provisioning profile resides at: ~/Downloads/AdHoc.mobileprovision
- distribution certificate name is Company Certificate
- may not need resource-rules parameter
- provisioning profile is either for Adhoc, or Enterprise distribution
- The bundle identifier needs to change. (Otherwise, look at my other pro-tip here: https://coderwall.com/p/cea3fw).
- com.mycompany.newbundleidentifier is the new CFBundleIdentifier
Commands:
unzip app.ipa
rm -rf Payload/MyApp.app/_CodeSignature/
/usr/libexec/PlistBuddy Payload/MyApp.app/Info.plistWhile in PlistBuddy you will need to do the following commands:
Set :CFBundleIdentifier com.mycompany.newbundleidentifier
save
quitNow we are back in Terminal!
cp ~/Downloads/AdHoc.mobileprovision Payload/MyApp.app/embedded.mobileprovision
codesign -f -s "iPhone Distribution: Company Certificate" --resource-rules Payload/MyApp.app/ResourceRules.plist Payload/MyApp.app
zip -qr app-resigned.ipa Payload/Related protips:
Written by Jeffrey Jackson
Related protips
7 Responses
Still didn't work
If you are not familiar with command line, you could also try AirSign.app (http://www.airsignapp.com).
You cn change your bundle ID, resign your .ipa and then send it for over-the-air installation.
I got an ipa and I re-signed it with EXPIRED provisioning profile (Enterprise) and with a valid certificate(.p12). using steps mentioned below :-
and Re-Sign it with steps provided by you
when I am extracting ipa (getting .App file) -> doing show package Contents (on .App) -> checking content of embedded.mobileprovision. it show same expired provisioning profile that i used to Re-sign the ipa.
Problem : I am successfully able to install it to ipad and able to run the app. Ideally App should not work with Expired provisioning profile.
Question : If we Re-signing the app through Command-line with Expired profile Will it work.?
Bruces-Mac:WeChat bruce$ codesign -f -s "iPhone Distribution: your compnay Co., Ltd" --resource-rules Payload/WeChat.app/ResourceRules.plist Payload/WeChat.app
Warning: --resource-rules has been deprecated in Mac OS X >= 10.10!
Payload/WeChat.app/ResourceRules.plist: cannot read resources
What should I do to solve this problem?
First, thanks for this post, it really helped me. But as some others i still run into the problem while signing an app. My iPhone did not installing the app and threw an errors concerning wrong signing. My goal was to sign an app that was originally not developed by myself.
Perform all the steps above, until the step where you actually have to sign the app (codesign -f -s "iPhone ...").
We need to create an entitlements.xml where the Bundle Identifier matches what you want to sign.
Retrieve entitlements from the app (In case there is no entitlements in the App, create an xCode Projekt and retrieve the entitlements from there.)
codesign -d --entitlements entitlements.xml Example.app/ExampleThis entitlements.xml has some strange characters at the beginning, looks like some integrity check (CRC?) just remove it. That the file actually starts with <xml
Now change the bundle identifier to the one of your App: com.example.AppName The important step here, leave the AppName as it is, or if it does not match the App name, rename it that it does. (See exammple below to get an idea what to do)
This step will replace the codesign step from above:
codesign --entitlements entitlements.xml -f -s "iPhone Distribution: Company Certificate" Payload/Example.app/Now do the last step above and zip the app.
Example entitlements.xml
ABCDEFGHIJ = apple developer team identifier
com.example.AppName = bundle identifier com.example needs to match your developer identifier, AppName the identifier of the app
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>ABCDEFGHIJ.com.example.AppName</string>
<key>com.apple.developer.team-identifier</key>
<string>ABCDEFGHIJ</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>ABCDEFGHIJ.com.example.AppName</string>
</array>
</dict>
</plist>Ubeamus, great update. Your modification allowed me to proceed and sign successfully.
I am running into issues resigning an .ipa for a project where I use CocoaPods. The resigning proceeds successfully, but when I attempt to upload to the App Store I run into validation errors. Here is a validation error example.
ERROR ITMS-90179: "Invalid Code Signing. The executable 'Payload/MyApp.app/Frameworks/Deviceswift.framework/Deviceswift' must be signed with the certificate that is contained in the provisioning profile."
I will see a message of this type for every CocoaPods framework included in the project. For example, if I have seven different frameworks, I will see seven error messages, each pointing at the individual framework in question.
It appears that the frameworks have their own signing process or reference to the signing certificate that needs to be updated.
Has anyone run into this issue? Thoughts? Solution?
Have a fresh tip? Share with Coderwall community!
