OK, so I think I’ve finally got the digitally resigning of an IPA figured out.
In the first place, it’s useful to have your emacs configuration file updated so that you can modify (i.e., read and save) the binary Info.plist files in an easy way. My emacs configuration is in the file ~/.emacs.d/init.el. Your’s might be somewhere else, but in either case, add the following code to the emacs initialization file:
;; Allow editing of binary .plist files. (add-to-list 'jka-compr-compression-info-list ["\\.plist$" "converting text XML to binary plist" "plutil" ("-convert" "binary1" "-o" "-" "-") "converting binary plist to text XML" "plutil" ("-convert" "xml1" "-o" "-" "-") nil nil "bplist"]) ;;It is necessary to perform an update! (jka-compr-update)
You can now modify *.plist files by hand (using emacs), which is useful if you want to assign a different BundleID to your already-built (and already-signed) IPA.
The recipe for resigning (and possibly assigning a new BundleID) to an already-built-and-signed IPA is as follows:
1. Unzip the IPA:
> unzip app.ipa
2. Remove the old code signatures:
> rm -r Payload/SampleApp.app/_CodeSignature > rm -r Payload/Sampleapp.app/CodeResources
Obviously in this example, the name of the bundled app is “SampleApp.app”. You’ll have to change that name to match whatever your bundle is named.
3. Change the BundleID (optional):
The BundleID is located in the *.plist file in the directory:
If you made the above changes to your emacs initialization file, you can now go in and edit this file by hand, assign a new BundleID (or change the Info.plist in any other way), save it and continue.
This step is optional, and not required.
4. Copy over a new mobile provisioning file:
> cp MyProfile.mobileprovision Payload/SampleApp.app/embedded.mobileprovision
5. Resign the app:
> codesign -f -v -s "MyIdentity" Payload/SampleApp.app
Note that you’re code-signing the SampleApp.app bundle itself.
The flags on “codesign” are as follows:
-f ==> force a code resign
-v ==> verify the signature
-s ==> signing identity
You can verify that your code was signed correctly as follows:
> codesign -dvvv Payload/SampleApp.app
The results spit back should give a clear indication as to whether the code-resigning was successful. Both the BundleID and the code signing identity are included in the returned information.
One question that may still arise at this point is what to enter for “MyIdentity” when code signing? Entering the following command at the command prompt will give you a list of all valid identities on your keychain:
> security find-identity
Choose one of these strings as your “MyIdentity” above.
6. Finally, re-package the IPA:
> zip -yr app.resigned.ipa Payload
Note that the flags “y” and “r” are required to form the IPA correctly.
And that’s it! You should be good to go..