6

I need to create an iOS .xarchive file using a developer profile, that a client can resign using their distribution profile(s).

(I have read this but it didn't have any real solutions: How can I send iOS app to client, for them to code-sign)

The client doesn't want to share their private keys, nor give me access above 'Developer' in the member center. And we don't want to share our source code.

We need to support push notifications, so this means we need a fully qualified app id.

I cannot figure out a way that allows me to build and export an .xarchive signed with 'aps production', 'get-task-allow' as false, BUT ALSO using the certificate that matches the clients distribution certificate.

This feels like a bug in Xcode, shouldn't the changes to 'aps production' and 'get-task-allow' be tied to the configuration, not the type of provisioning profile? I am using 'Release', but with my developer profile.

Am I missing something, or is this just not possible?

Community
  • 1
  • 1
pj4533
  • 1,701
  • 4
  • 17
  • 38

1 Answers1

5

I figured out the answer to this question through trial and error. Even though tech notes and most web resources say you don't need an entitlements.plist if you are using XCode4+, there are certain cases where you do. Two cases are represented by my question above:

  • building Release configuration (i.e.: Archive), but signing with a Developer provisioning profile
  • using push notifications

My final custom entitlements.plist has 3 values:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>get-task-allow</key>
    <false/>
    <key>aps-environment</key>
    <string>production</string>
    <key>keychain-access-groups</key>
    <array>
        <string>L23874DF.com.your.appid</string>
    </array>
</dict>
</plist>

Once I had that in my entitlements.plist, I built with the developer provisioning profile for this app id. Then I archived it, and exported the archive from the organizer. Once exported, I sent it to my client. The client was able to resign the archive with an ad hoc profile, and send me back an IPA file, which I loaded onto my device. I also successfully received a push notification from Urban Airship to this IPA!

pj4533
  • 1,701
  • 4
  • 17
  • 38
  • "Once I had that in my entitlements.plist, I built with the developer provisioning profile for this app id" => You mean you assigned your developer profile to the Release code signing identity ? This throws a warning, did you get this ? – Daniel Apr 03 '12 at 11:46
  • yeah i get that warning when building, but it was the only way to get the proper results after the re-signing. – pj4533 Apr 26 '12 at 01:51
  • 6
    Can you share the process they used to re-sign the archive? – Trey Oct 01 '12 at 23:57