5

Greetings,

I'm in the progress of writing a web server script that lets you create custom iOS apps (basically exchanging logos and a few other things). The web server customizes a previously uploaded "shell" .ipa and re-zips the whole container to send it to the user's browser. That is: we customize a previously uploaded .ipa on the web server and let the user download it for submission to the App Store.

The next step would be to re-codesign the whole .ipa - because we changed the .IPA contents and the user must use his own signing identity - so that he can actually upload it to the App Store.

From what I understand, there is a "CodeResources" file which contains some kind of hash for each resource file in the bundle, and the executable contains some kind of embedded signature as well. To generate these, you'd have to use the "codesign" utility on the user's computer, then use Application Loader to submit it to the App Store. Correct so far?

What I'm trying to find out is:

  1. Is there a way to codesign the .ipa on the server (with having the user upload his certificate beforehand), so that he does not have any extra work to do?
  2. If 1) is not possible, is there some kind of tool that allows to re-codesign the .ipa without much hassle? Xcode seems to require some project setup work to do just a bit of code signing - if possible at all.
  3. Are there any alternative ways to codesign the .ipa files for the user - possibly without having to manually do it by hand?

Thanks in advance!

BastiBen
  • 19,679
  • 11
  • 56
  • 86

2 Answers2

4

Xcode uses the codesign command line utility to create the CodeResources folder and the digital signature, you can invoke it yourself to sign an app bundle outside of Xcode. You could probably automate this on a server if the server was running Mac OS X; if you're really clever you might be able to figure out how to create the signature yourself using openssl (the signing certificates, etc. are all standard stuff). Or, if you can count on the user having the dev tools installed, provide them with an app that automates the signing for them.

Here's a blog entry describing some of the process (though the use case is a little different).

benzado
  • 82,288
  • 22
  • 110
  • 138
  • Im too in search of creating custom Apps and creating IPA's automatically like replacing the icons , splash ,app name , archive app , get IPA. Can u plz give me some info/blogs/tutorials how & where to start with ? – Honey Dec 08 '15 at 06:29
3

I don't like to answer my own question, but I want to close this after so long.

We ended up using Xcode's targets and schemes to ease up the generation of many different apps. Since we have a reasonable number of app variants, this seems to be OK for now.

Code signing is a mess and Apple constantly changes the technical process behind it - so it's a moving target and requires a lot of hacking and trial-and-error work.

BastiBen
  • 19,679
  • 11
  • 56
  • 86
  • badcat, I am currently doing something similar to your project, and was wondering if you could share some insight. – KING May 22 '14 at 15:16
  • Turns out that eventually I managed to find a way to use the `codesign` command line tool. The main issue was not properly unzipping/zipping the IPA archive, which led to broken symlinks and eventually to errors during code signing and installation on the device. I might eventually write a blog post/guide for that. – BastiBen May 23 '14 at 12:07
  • Yes, The Codesign command line tool does work (been using it). The problem I have is with the provisioning profile. I build an .app file without CodeSigning and without using a Provisioning profile, and later I do some customization to that .app file, Apple lets your CodeSign a .app file but there is not command line tool for applying a Provisioning profile to the existing .app file, unless you Copy it into the directory. Sorry for the long comment but, Ive been researching this topic for a while now, and your the only one whose at least in my opinion has expressed similar dealings with this. – KING May 23 '14 at 14:10
  • In my case we simply drop the provisioning profile into the bundle and give it the name "embedded.mobileprovision". That's not all, though, as it seems that you need to generate another file called "Entitlements.plist", which contains the data from the Entitlements element of the provisioning profile and codesign needs to be called with `--entitlements` while signing. Hope that helps. – BastiBen May 28 '14 at 14:12
  • @badcat Im too in search of creating custom Apps and creating IPA's automatically like replacing the icons , splash ,app name , archive app , get IPA. Can u plz give me some info/blogs/tutorials how & where to start with ? – Honey Dec 08 '15 at 06:28