Last Updated: July 25, 2019
·
27.59K
· tobycox

How to re-sign iOS builds

Part of being an iOS developer is going through the hell of signing builds. It's even more fun when you have to re-sign a build that isn't yours.

Here's a bit of a process for doing it, while avoiding XCode and the misery that it introduces.

Converting an xcarchive

If you're given an .xcarchive file, you should turn this in to a .ipa (skip ahead if you already have a .ipa).
To do this:

  1. Right click on your .xcarchive file and select "Show package contents".

  2. Go to Products/Applications and drag the app you find there in to iTunes.

  3. Once the app imports in to iTunes, right click it and select "Show in Finder".

You now have your .ipa

Re-signing an .ipa

An .ipa is just a zip file. To modify it, you need to extract it, have your way with it, sign it again, and recompress it.

  1. Unzip your app with:

    unzip MyApp.ipa
  2. Remove the old codesignature:

    rm -r Payload/MyApp.app/_CodeSignature
  3. If you want to (it's optional), change the bundle ID. It's in the file:

    Payload/MyApp.app/Info.plist
  4. Copy in the new Provisioning profile:

    cp NewProfile.mobileprovision Payload/MyApp.app/embedded.mobileprovision
  5. Sign the package again (running security find-identity will give you a list of identities, from which you can pick the one you want):

    codesign -f -s "iPhone Distribution: A Developer (YLDDA23U7G)" Payload/MyApp.app
  6. Zip the app up again:

    zip -qr MyApp-re-signed.ipa Payload/

This ipa should be signed with your new profile.

Sometimes when uploading to the app store, iTunes connect will complain about having incorrect entitlements. To add/change the entitlements file for an ipa, run step 5 with the ---entitlements flag:

codesign -f -s "iPhone Distribution: A Developer (YLDDA23U7G)" --entitlements entitlements.plist Payload/MyApp.app

An example entitlements file might look like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>               <string>YLDDA23U7G.com.mycompany.myapp</string>
    <key>aps-environment</key>
    <string>production</string>
    <key>get-task-allow</key>
    <false/>
</dict>
</plist>

More information on entitlements files and a more thorough overview of the whole process can be found here:
http://www.objc.io/issue-17/inside-code-signing.html