When distributing your iOS app through your own iTunes account or inside your organization via a Mobile Device Management system (MDM) you will have to re-codesign the binary file (.ipa).
Downloading the Re-Codesign Package
In order to get started, you will need to download and unzip the DoubleDutch App Operations Re-codesign Package, mentioned in Item 6 of the Prerequisites list.
- Go to https://bit.ly/ddrecodesign
- Download the re-codesign package file.
- Find the ZIP file on your Mac and double-click on it.
- It will unpack and create a folder called “recodesign-master”. This folder contains all the tools for re-codesigning.
Note: please make sure you download the latest re-codesign package file since DoubleDutch makes sure it gets updated as needed.
Prerequisites for Successful Re-Codesigning
- A Mac computer.
- Xcode 9 or higher installed on the Mac. If you don't have Xcode downloaded you can download it here.
- Command Line Tools installed on the Mac, compatible with the version of Xcode you have installed.
- Your organization’s iOS Production Distribution Certificate, with the associated private key, in your Mac’s Keychain Access.
- The Provisioning Profile belonging to this app, with Associated Domains and Push Notifications enabled, downloaded onto your Mac computer.
- The re-codesign package, provided by DoubleDutch.
- The .ipa (the binary file format of iOS apps) on your Mac. You will have received this from DoubleDutch.
Re-Codesigning your iOS App
- Open the “codesign” folder where you have the recodesign.sh script and the Terminal window.
- Then, drag & drop the recodesign.sh file into the Terminal window. This will display the entire path of the script file. For Enterprise apps, type in "-e" after the script file path.
- Then, drag & drop the Provisioning Profile file you downloaded from your Apple Developer account.
- Finally, drag & drop the .ipa file you received into the Terminal window.
- You will then see the full path of the files; the makeup of the entire command is the script, followed by two “arguments” – the binary file and the Provisioning Profile. If the two arguments are not there, or incorrect, the script will fail.
- Then hit the 'Enter/Return' key. An example of the Terminal output is shown below:
- When the script is done, you will have a new folder on your Desktop called “Codesign_Output”. The script will automatically open it. This folder will contain the re-codesigned .ipa file and an entitlements.plist file. The latter can be used for troubleshooting, so do not delete it. It might also be useful to take a screenshot of the Terminal output, for reference and/or troubleshooting.
Note: you will notice that the Bundle ID of the app will be been injected into the file name of the .ipa. The script does this for the sake of documentation and clarity.
- You can close the open windows and proceed to upload your app to your App Store Connect account or your organization's mobile app management system.
Continue to the next step in the distribution process: Getting Started with App Store Connect.
“You have 0 valid signing identities. A valid Distribution Certificate is needed to continue.”
Try all of the following:
- There was a step missed when configuring the distribution certificate. Please walk through the steps and then try again.
- Right-click the distribution file in Keychain and select 'Get Info'. There will be a triangle next to the words "Trust" and "Details". Select 'Trust' and make sure each value is set to "trust" and then try again.
“Time of codesigning not correct. Codesigning was not successful.”
- Confirm that you're using the most recent re-codesign.sh script. If you've downloaded it to your device previously, please re-download the latest one from here.
“Signature date is not recognized. Please take a screenshot and contact customer support. Invalid Signature date:”.
- You need to ensure you have Xcode downloaded on your device and configured properly. Open Xcode, click on the Xcode dropdown in the Mac toolbar, select 'Preferences', select 'Locations', select Xcode in the Command Line Tools drop down and then try again.
"This provisioning profile does not have Associated Domains entitlement!"
- You do not have your App ID setup properly for Associated Domains. You will need to fix before signing again. Please see the instructions here.
“Invalid provisioning profile. This app contains an embedded provisioning profile that is not associated with Team ID _____.”
- This means that you've deleted the Distribution Certificate and Provisioning Profile that was initially created and recreated them.
Final Technical Notes on Re-Codesigning
This app claims two specific entitlements: Apple's Push Notification Services and Keychain Access. Push Notifications rely on a setting in the Provisioning Profile.
- Push Notifications Services must be enabled on your Provisioning Profile for re-codesigning to be successful.
- If Push Notifications are not available in the Provisioning Profile, the script will output the message: "This provisioning profile doesn't have push entitlement!"
- Keychain Access is necessary to store the user's login and password combination so that the user can access the app, after closing and reopening, without re-logging in.