How can I send iOS app to client, for them to code-sign

Question

We have created an iOS app for a client, which we would like them to code-sign and distribute.

What is the best method for this? If I Build and Archive, then Share and Save to Disk (no re-sign), I get the .ipa, as required. My question is how would a client then include their provisioning within this? Sending the code to the client unfortunately isn't an option, as we need to keep the source.

Any help would be appreciated

Answer 1

Tell your client to create the provisioning profile.

The client would have to export his certificates and keys from keychain access and send you his certificates, keys and the provisioning profile. You can install everything on your machine, build the app with client's profile and send the build.

This should be safe enough from client's perspective as long as he does not share his apple password with you.

Answer 2

Check out Erica Sudan's App Signer. This utility allows an unsigned IPA to be resigned with a different provisioning profile.

Easy to use, so perfect for your needs.

http://ericasadun.com/ftp/Macintosh/

Obviously this all depends on them having an iOS Developer contract and having created their own provisioning profile

Answer 3

If your client has "agent" level at "iOS Provisioning Portal", he can add you with "admin" level. Thus you will have less access level, however able to give him "development" version (in many aspects the same as distribution).

This solution much better than to ask the client to export his private keys, especially if he has no experience on that

Answer 4

• Just create an xarchive using your certificate and provisioning profile and pass it to the client

• Client can open the xarchive using xcode and they can resign using their distribution certificate and provisioning profile and publish it to appstore

PS:

• Make sure client has same Bundle Identifier added in app id of member center

• Make sure Client's provisioning profile reflects your project capabilities ie push notification etc

• In case of entitlements the client has to go inside the app and change the entitlements manually.

The file that they have to open in a text editor is archived-expanded-entitlements.xcent and change the PREFIX with their team id which can be found here

 <key>application-identifier</key>
    <string>PREFIX.yourappBundleID</string>

<key>keychain-access-groups</key>
<array>
    <string>PREFIX.yourappBundleID</string>
</array>

And its better to ask the client to make sure get-task-allow is false just in case if you had signed your xarchive with development signers

 <key>get-task-allow</key>
    <false/>

The same is true for APNS

<key>aps-environment</key>
<string>production</string>

FYI: Lots of companies I know follow this process due to their security guidelines

Answer 5

I'm not quite sure if you can resign an App in the way you want it, but I guess its not possible. So, to workaround the source code problem, you could compile a static library out of your code and create a wrapping Xcode project that generates a new App that you can send to your client. So the code would be invisible for him, but he can compile it without any hassle.