Re-Signing B2B App using Push Notifications

I have been working on signing an app from a developer for our own purpose of publishing it to our intune company portal. The older version of the app I can sign and publish without issue. We do have an enterprise dev account, and all they provide us is the source code.

The original version does not use Push notifications, nor does it show to have any framework subfolders. That one I sign by this script I've modified over time, ( security cms -D -i [mobilprovisionfilenamefromentdevsite].mobileprovision > provision.plist

/usr/libexec/PlistBuddy -x -c 'Print :Entitlements' provision.plist > entitlements.plist

unzip -qq [appname]22_5_1.ipa

rm -rf Payload/[appname].app/_CodeSignature/

cp [mobilprovisionfilenamefromentdevsite].mobileprovision Payload/[appname].app/embedded.mobileprovision

/usr/bin/codesign --force --deep --verify --sign "[Our Certificate name redacted]" -i [the app identity name from the identity creation] --entitlements entitlements.plist Payload/[appname].app/Frameworks/*

codesign -dvv Payload/[appname].app/ zip -qr [appname]22_5_1-resigned.ipa Payload/

#Copy the support files for backup mkdir [appname]22_5_1-resigned-support mv entitlements.plist [appname]22_5_1-resigned-support mv Payload [appname]22_5_1-resigned-support mv provision.plist [appname]22_5_1-resigned-support ) This works fine for the old version without Frameworks or Push Notifications

The New One I have just added two lines to the script to sign the FrameWorks.

rm -rf Payload/[appname].app/Frameworks/*/_CodeSignature/

/usr/bin/codesign --force --deep --verify --sign "[Our Certificate name redacted]" -i [the app identity name from the identity creation] --entitlements entitlements.plist Payload/[appname].app/Frameworks/*

When I try it with or without signing the FrameWorks I am unable to get the app to function.

It will load on the IPhones then just give error of "Install Pending" or "Install Failed" (0x87D13B64)

We do not have access to the source code, so I cannot put it into XCode to sign it. I did recreate the mobile provisioning profile with APN and created a Cert to attach to it. I'm not sure if I need to add that certificate somewhere else or if I'm signing something wrong, but this new version is kicking my ****..

Up vote post of camerondunn Down vote post of camerondunn
1.2k views
Posted by
camerondunn
Reply
Add a Comment

Accepted Reply

We do not have access to the source code, so I cannot put it into Xcode to sign it.

You don’t need access to the source code to re-sign an app with Xcode. The workflow we recommend is that you have the developer send you an Xcode archive (.xcarchive). This is a built copy of the app (so no source code) that you can import into the Xcode organiser and then re-sign from there.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

We do not have access to the source code, so I cannot put it into Xcode to sign it.

You don’t need access to the source code to re-sign an app with Xcode. The workflow we recommend is that you have the developer send you an Xcode archive (.xcarchive). This is a built copy of the app (so no source code) that you can import into the Xcode organiser and then re-sign from there.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

So, In the time I have been working on doing this without XCode and have some made some pretty throrough documentation on how to sign it.

                                 

security cms -D -i appname.mobileprovision   > provision.plist

/usr/libexec/PlistBuddy -x -c 'Print :Entitlements' provision.plist > entitlements.plist

unzip -qq Appname.ipa

rm -rf Payload/AppName.app/_CodeSignature/

rm -rf Payload/AppName.app/Frameworks/*/_CodeSignature/

cp app.mobileprovision  Payload/appname.app/embedded.mobileprovision

/usr/libexec/PlistBuddy -c 'Set :CFBundleIdentifier com.xxxxxxxxx.appname' Payload/Appname.app/Info.plist

/usr/bin/codesign -f -s "iPhone Distribution: xxxxxxxxx" Payload/appname.app/Frameworks/*

/usr/bin/codesign -f -s "iPhone Distribution: xxxxxxxxx" --entitlements entitlements.plist Payload/Appname.app

codesign -dvv Payload/AppName.app/

zip -qr newapppackage.ipa Payload/

mkdir App-resigned-support

mv entitlements.plist App-resigned-support

mv Payload App-resigned-support

mv provision.plist App-resigned-support

#Or Use Fastlane

If Needed Gem Install Fastlane

This method is faster, I unzip and recreate so I can have a copy with th

MobileProvision="appname.mobileprovision"

Originalipa="appOriginal.ipa"

Certid="iPhone Distribution: XXXXXXXXXXXXXX"

NewIPAName="newappname.ipa"

Debuglogfile="debuglog.txt"

cp $Originalipa $NewIPAName fastlane sigh resign $NewIPAName --signing_identity "$Certid" -p $MobileProvision | tee -a $Debuglogfile

Posted by
camerondunn
Post not yet marked as solved Up vote reply of camerondunn Down vote reply of camerondunn
Add a Comment