Ios – How to tell what profile/signing certificate was used to sign .ipa

certificatecode-signingiosipaxcode

I have a bunch of .ipa files and I've used a script to resign them.

So how can check the provisioning profile/signing certificate to conform they are using the correct information?

Ideally, I'd like to be able to take any .ipa file and tell which provisioning profile/signing certificate was used to sign it.

Backstory: Our enterprise distribution certificate is expiring and I want to re-sign our stuff. It's a simple take for all the stuff we've made and archived in Xcode, but for 3rd party vendor made distributables I can't do that. I want to avoid asking for a re-signed .ipa file because a new .ipa might include unknown changes and introduce issues and they'd probably charge us too… but I'm more worried about the first issue.

Since both our old and new distribution certificates are still valid (you get a 6month overlap) I need to be able to confirm the new one is used otherwise I'd look really silly when the old one expires and the "resigning" script didn't actually do the job.

Best Answer

Provisioning Profiles have a UUID that can be seen using the Terminal command:

security cms -D -i (path_to_your_provisioning_profile)

See the UUID section of the command output like:

<key>UUID</key> <string>A008C022-7B82-4E40-8B37-172763E1E3CC</string>

Xcode inserts the provisioning profile used to sign the application within the .app bundle. To find it, rename your .ipa to .zip, uncompress it with Finder, find the .app file in /Payload. "Show Package Contents" on the .app file and find the provisioning profile with the name embedded.mobileprovision.

Dump its entitlements using the above command and compare that with the UUID found within your profiles in your Xcode Organizer > Devices tab > Provisioning Profile section under "Library". You can use "Show in Finder" on those to reveal their location on disk.

Related Solutions

Ios – iPhone app signing: A valid signing identity matching this profile could not be found in your keychain

I had the same problem: I first downloaded my certificates to my small MacBook while on the run. When trying to install the certificates on my iMac... then I ran into the problems described on this page.

After spending hours pulling my hair out like many of you, I performed the following steps to fix it:

Close all your stuff except your webpage that should be logged into App Dev center.
Open Xcode. Click WINDOW > ORGANIZER. Then click the Devices tab and select "Provisioning Profiles" on the left. That should bring up your provisioning profiles. Highlight one by one (if more than 1), right click and delete profile. Yes, just do it! Delete them all! (I kept making a new one after a new one trying to make the thing work.)
From the first page you see after logging into the App Dev Center on the right side click "iOS PROVISIONING PORTAL" > (do not "launch assistant"). Instead click on the left side. Select CERTIFICATES. You will probably have just one line listed with your name/company - from there click on the right side REVOKE. Click OK to verify that's what you want to do.
On the same page click DEVICES. Click the box next to your device you are trying to provision and click REMOVE SELECTED. Again click OK to verify.
Wait about 2 minutes to let Apple do their thing.
Now click on "HOME" that is on the left side navigation.
Click "Launch Assistant"
create a new app ID - call it whatever you want. Just make sure it's unique enough to know that's the one you just created because the others you've been messing with all day will not be deleted from Apples Dev Center.
You should be able to follow the rest of the Assistant without troubles -- the main thing is you just had to delete your old provision profiles and start over.

Good Luck!

Xcode “Build and Archive” from command line

I found how to automate the build and archive process from the comand line, I just wrote a blog article explaining how you can achieve that.

The command you have to use is xcrun:

/usr/bin/xcrun -sdk iphoneos PackageApplication \
-v "${RELEASE_BUILDDIR}/${APPLICATION_NAME}.app" \
-o "${BUILD_HISTORY_DIR}/${APPLICATION_NAME}.ipa" \
--sign "${DEVELOPER_NAME}" \
--embed "${PROVISONING_PROFILE}"

You will find all the details in the article. If you have any questions dont hesitate to ask.

Best Answer

Related Solutions

Ios – iPhone app signing: A valid signing identity matching this profile could not be found in your keychain

Xcode “Build and Archive” from command line

Related Topic