How can I send iOS app to client, for them to code-sign

Question

We have created an iOS app for a client, which we would like them to code-sign and distribute.

What is the best method for this? If I Build and Archive, then Share and Save to Disk (no re-sign), I get the .ipa, as required. My question is how would a client then include their provisioning within this? Sending the code to the client unfortunately isn't an option, as we need to keep the source.

Any help would be appreciated

score 6 · Accepted Answer · answered Feb 07 '11 at 10:07

6

Tell your client to create the provisioning profile.

The client would have to export his certificates and keys from keychain access and send you his certificates, keys and the provisioning profile. You can install everything on your machine, build the app with client's profile and send the build.

This should be safe enough from client's perspective as long as he does not share his apple password with you.

answered Feb 07 '11 at 10:07

Swapnil Luktuke

10,385
2
35
58

Can you tell me what keys and certificates they need to send exactly fromt heir keychain? – user431791 Sep 19 '12 at 12:51

score 3 · Answer 2 · edited Feb 07 '11 at 16:06

3

Check out Erica Sudan's App Signer. This utility allows an unsigned IPA to be resigned with a different provisioning profile.

Easy to use, so perfect for your needs.

http://ericasadun.com/ftp/Macintosh/

Obviously this all depends on them having an iOS Developer contract and having created their own provisioning profile

edited Feb 07 '11 at 16:06

Felixyz

19,053
14
65
60

answered Feb 07 '11 at 10:09

wuf810

633
12
19

score 3 · Answer 3 · answered Feb 07 '11 at 10:10

If your client has "agent" level at "iOS Provisioning Portal", he can add you with "admin" level. Thus you will have less access level, however able to give him "development" version (in many aspects the same as distribution).

This solution much better than to ask the client to export his private keys, especially if he has no experience on that

score 1 · Answer 4 · answered Jun 01 '17 at 15:35

Just create an xarchive using your certificate and provisioning profile and pass it to the client
Client can open the xarchive using xcode and they can resign using their distribution certificate and provisioning profile and publish it to appstore

P.S:

Make sure client has same Bundle Identifier added in app id of member center
Make sure Client’s provisioning profile reflects your project capabilities i.e push notification etc
In case of entitlements the client has to go inside the app and change the entitlements manually.

The file that they have to open in a text editor is archived-expanded-entitlements.xcent and change the PREFIX with their team id which can be found here

 <key>application-identifier</key>
    <string>PREFIX.yourappBundleID</string>

<key>keychain-access-groups</key>
<array>
    <string>PREFIX.yourappBundleID</string>
</array>

And its better to ask the client to make sure get-task-allow is false just in case if you had signed your xarchive with development signers

 <key>get-task-allow</key>
    <false/>

The same is true for APNS

<key>aps-environment</key>
<string>production</string>

FYI: Lots of companies I know follow this process due to their security guidelines

This is definitely the best answer. Do you know how it works with XCode 12 ? Producing an unsigned xcarchive, sending it to the client for signing, gives him error (Missing entitlement for Push Notifications) — Shinichi Kudo, Jan 13 '21 at 14:56

score 0 · Answer 5 · answered Feb 07 '11 at 10:05

I'm not quite sure if you can resign an App in the way you want it, but I guess its not possible. So, to workaround the source code problem, you could compile a static library out of your code and create a wrapping Xcode project that generates a new App that you can send to your client. So the code would be invisible for him, but he can compile it without any hassle.

How can I send iOS app to client, for them to code-sign

5 Answers5

Linked