5

Here's the thing..

Scenario:

I got a ipa file which I get as a result of an Archive + Share process using XCode. The ipa file is signed using ad hoc distribution certificates and it can be installed without any problems.

The application saves some information in the keychain which is accessed without any problems using the build I just made.

After that, I re-sign the application using the codesign command with Enterprise distribution certificate after making some changes in the applicaction.app package. This changes includes changing the name of the application and bundle id from the info.plist file, and of course, replace the embedded mobile provisioning profile with the one that matches the new certificate.

The Problem:

After resigning every seems to be all right, installation and functionality seems to work ok.... BUT! when I enter the information that is saved in the keychain, the data seems not to load or be wiped from the keychain every time I close the app.

Ideas of why is this happening?

Omer
  • 5,470
  • 8
  • 39
  • 64
  • Why can't you edit the app itself before archiving it? There is a box in the share thing for enterprise distribution. Just use that. – Greg Jul 08 '11 at 12:56
  • I'm seeing the same issue. Did you figure out a workaround? – tjg184 Aug 24 '11 at 14:09

2 Answers2

8

I have searched hours for this problem... This is the solution, how the app resigning worked with our app. We got an IPA file from a customer and resigned it with our certificate. Accessing the Keychain works. The bundle.id was not changed in our case.

Which files you need:

  • MyApp.ipa
  • MyApp_EnterpriseDistribution.mobileprovision (Enterprise Distribution Provisioning Profil)
  • Entitlements.plist

All files are in the same directory. If the files were located in different folders, you have to change the path in the code

First, we create an "Entitlements.plist". Create a txt file and put in the following code. Put in your application identifier.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>GBA9L2EABG.com.your.bundle.id.MyApp</string>
    <key>get-task-allow</key>
    <false/>
</dict>
</plist>

Save this file and rename it to: "Entitlements.plist"

Open the terminal, move to the folder and execute this codes, replace "MyApp" with your Appname and "NAME OF YOUR..." with the name of your certificate and "MyApp_EnterpriseDistribution" to your provisioning file:

unzip MyApp.ipa

//we didn't used the following, maybe necessary...
//rm -r "Payload/MyApp.app/_CodeSignature" "Payload/MyApp.app/CodeResources" 2> /dev/null | true

cp MyApp_EnterpriseDistribution.mobileprovision Payload/MyApp.app/embedded.mobileprovision

codesign -f -s "iPhone Distribution: NAME OF YOUR DISTRIBUTION CERTIFICATE" --resource-rules Payload/MyApp.app/ResourceRules.plist --entitlements Entitlements.plist  Payload/MyApp.app

zip -qr MyApp-resigned.ipa Payload/

And now you have an Ipa with your certificate.

hint: the certificate with this name should be unique in your keychain...

Marc Gries
  • 81
  • 1
  • 3
  • This comment roughly shows how to retrieve your entitlements from the originally signed payload, rather than rewriting it yourself: http://stackoverflow.com/questions/6896029/re-sign-ipa-iphone#comment23331800_9978224 – Josh Kovach Sep 19 '13 at 13:09
4

Ok, here's the solution that worked for us.

Since this was an Enterprise build, it required us to change the Entitlements.plist/dist.plist file so that the app id matched what was entered on Apple's site. The Entitlements file can be provided on the codesign utility.

Use these instructions but verify the Entitlements file matches the full app id. This includes the seed id + bundle id.

Re-sign IPA (iPhone)

The app would install fine without it, but this ensures the keystore is being accessed with the proper authority.

Community
  • 1
  • 1
tjg184
  • 4,508
  • 1
  • 27
  • 54