When distributing your iOS app through your own iTunes account or inside your organization via a Mobile Device Management system (MDM) you will have to re-codesign the binary file (.ipa).
The .ipa file you receive from DoubleDutch is compiled and codesigned with DoubleDutch’s Distribution Certificate. Apple’s security model is set up in such a way that it is impossible to upload an app, which has been codesigned with another organization's Distribution certificate, into your own iTunes Connect account. You will need to re-codesign the .ipa file with your organization’s Production Distribution Certificate and associated Provisioning Profile.
If you wish to distribute the app internally as an in-house app, meant for your employees only, then you will carry out the same re-codesigning process as described below, only with an Enterprise Distribution Certificate and associated Provisioning Profile.
Prerequisites for successful re-codesigning:
- A Mac computer.
- Xcode 6 or higher installed on the Mac.
- Command Line Tools installed on the Mac, compatible with the version of Xcode you have installed.
- Your organization’s iOS Production Distribution Certificate, with the associated private key, in your Mac’s Keychain Access.
- The Provisioning Profile belonging to this app, with Associated Domains and Push Notifications enabled, downloaded onto your Mac computer. If you do not have one, see the guide on how to create a Provisioning Profile.
- The re-codesign package, provided by DoubleDutch (the instructions are in the Annex at the end of this article).
- Have the .ipa (the binary file format of iOS apps) on your Mac. You will have received this from DoubleDutch.
Re-codesigning your iOS App
- Open the “codesign” folder where you have the recodesign.sh script.
- Open the Terminal application on your Mac computer, and type in: sh
- Then, drag & drop the recodesign.sh file into the Terminal window.
- This will display the entire path of the script file.
- Then, drag & drop the .ipa file you received into the Terminal window.
- Finally, drag & drop the Provisioning Profile file you downloaded from your Apple Developer account.
- The final command will look like Figure 1. As you can see, the makeup of the entire command is the script, followed by two “arguments” – the binary file and the Provisioning Profile. If the two arguments are not there, or incorrect, the script will fail.
- Then hit the 'Enter/Return' key. An example of the Terminal output is shown below:
- When the script is done, you will have a new folder on your Desktop called “Codesign_Output”. The script will automatically open it. This folder will contain the re-codesigned .ipa file and an entitlements.plist file. The latter can be used for troubleshooting, so do not delete it. It might also be useful to take a screenshot of the Terminal output, for reference and/or troubleshooting.
Notice that the Bundle ID of the app has been injected into the file name of the .ipa. The script does this for the sake of documentation and clarity.
- You can close the open windows and proceed to upload your app to your iTunes Connect account or your organization's mobile app management system.
Final Technical Notes
This app claims two specific entitlements: Apple's Push Notification Services and Keychain Access. Push Notifications rely on a setting in the Provisioning Profile.
- Push Notifications Services must be enabled on your Provisioning Profile for re-codesigning to be successful.
- If Push Notifications are not available in the Provisioning Profile, the script will output the message: "This provisioning profile doesn't have push entitlement!"
- Keychain Access is necessary to store the user's login and password combination so that the user can access the app, after closing and reopening, without re-logging in.
Annex - Downloading the Re-codesign Package
In order to get started, you will need to download and unzip the DoubleDutch App Operations Re-codesign Package, mentioned in Item 6 of the Prerequisites list.
- Go to http://bit.ly/ddrecodesign
- Download the file – it should automatically start downloading.
- On a Mac, by default, it will download to your Downloads folder. Find the ZIP file and double-click on it.
- It will unpack and create a folder called “codesign” in the Downloads folder. This folder contains all the tools for re-codesigning: recodesign.sh (a shell script) and Codesign_Instructions.txt.