The question: Is the following workflow possible? Is it a good idea?
- Build an iOS/tvOS framework without code signing
- Use the framework in an app which is also built without code signing
- Sign the entire final product once after the entire build process is complete, ensuring that all components are signed with the same key and signing identity.
The scenario: I am working on a large iOS/tvOS app which uses a number of custom frameworks. Our CI system builds and signs the frameworks and packages them (zip). The build process for the main app downloads the packages, and includes them in an xcode project, which it them builds and signs.
The problem: There are often confusing code signing issues which seem to have to do with differences in signing between the frameworks and the app. Some times we have to try rebuilding a framework with slightly different signing options, and then rebuilding the app with the newly built framework which some times causes a rebuild of the entire project. We never know if it worked until after all these rebuilds and trying to deploy to an actual device, all of which takes actual ages to complete.
The solution (??): Build everything without code signing and then sign it all at once after linking. Then framework authors don't have to worry about it and debugging signing problems becomes way faster. Is this viable?
The disclaimer: I find the subject of code signing on apple devices confusing, and I'm sure I've misused some terminology here. I'm also probably am exposing fundamental flaws in my understanding, but that is the point of this question: to correct these flaws. Please correct me!
