Resign IPA from development to enterprise

问题

Is it possible to resign an .ipa file signed with a development certificate to an enterprise certificate?

Background: My client needs the .ipa file. He owns the enterprise certificates which he won't share with us. The idea is that I deliver the .ipa file with my own development certificate and deliver it to him. He resigns it using his enterprise certificate so he can deploy his app on his internal app store.

Currently I have my .ipa file signed and I'm ready to submit the file, but I have to be certain it's possible.

I read this article but the assumption there is that the provisioning profile is either for Adhoc, or Enterprise distribution .. which is not my case and I don't know if it matters.

回答1:

It is possible to resign the ipa after it is built.

1. Terminal way - You can try this. https://coderwall.com/p/cea3fw/resign-ipa-with-new-distribution-certificate

2. Tool - https://github.com/xndrs/XReSign - A wonderful tool to resign the IPA.

回答2:

To resign ipa for enterprise or ad-hoc distribution you can follow below simple steps:

To resign app using terminal you can follow below steps:

1. Unzip ipa

   unzip MyApp.ipa

2. Remove existing signature

   rm -rf Payload/MyApp.app/_CodeSignature/

3. Copy your Ad-Hoc or enterprise provisioning profile to payload's embedded provisioning profile.

   cp ~/Desktop/MyAdHoc.mobileprovision Payload/MyApp.app/embedded.mobileprovision

4. Re-sign .app file with related code signing identity for Ad-hoc or Enterprise certificate available in Keychain.

   codesign -f -s "iPhone Distribution: Code signing Certificate for Enterprise or Ad-hoc app" Payload/MyApp.app

5. Zip payload and give name of ipa you want.

   zip -qr MyApp_Resigned.ipa Payload/

回答3:

Don't use development binaries for production.

You should not resign a development binary to enterprise/production binary. Development binaries normally contain lots of extra stuff which lets debug and run all the those tools which help us make our app better. These make the binary larger, slower, use more power and create security risks.

To answer the question, the simplest thing you can do it provide an unsigned app which your customer signs themselves.

1. Archive the app. In Menus do Product -> Archive
2. Open the Organizer. Window -> Organizer
3. Select the app, then archive you just created.
4. Right click the archive and pick Show in Finder.

From there you can either

• Deliver the whole .xcarchive (which is a ZIP file) if you want them to have the debugging info and bits.

or

• Go into the .xcarchive then into Products -> Applications and deliver them the unsigned .ipa file there.

This is less work for you and prevents you from running into any pitfalls like accidentally sending them a binary you built for development.

回答4:

You can use fastlane and resign command

Installation in Doc.

usage:

1) fastlane init

2) fastlane/Fastlane(file)

default_platform(:ios)

platform :ios do
  desc "Resigning Current Provision"
  lane :resigner do
    resign(
      ipa: "location/appName.ipa",    
      signing_identity: "iPhone Distribution: Bbalbalbalbal.xxxxx",
      provisioning_profile: "location/xxxxx.mobileprovision",
    )
    # add actions here: https://docs.fastlane.tools/actions
  end
end

3) run fastlane ios resigner

来源：https://stackoverflow.com/questions/49051356/resign-ipa-from-development-to-enterprise