Re-sign IPA (iPhone)

Erik picture Erik · Aug 1, 2011 · Viewed 106.3k times · Source

I currently build all my applications with hudson using xcodebuild followed by a xcrun without any problems

I've received a couple of IPA files from different people that I would like to re-sign with a enterprise account instead of the corporate account (for the app store, or sometimes ad-hoc distributed).

My problem is that when I try to resign the app, it won't install on my device (and it should since it's a Enterprise build). The error message is on the device (not in iTunes) and it tells me simply that it couldn't install the app. No more information is given.

I've found some information, ( http://www.ketzler.de/2011/01/resign-an-iphone-app-insert-new-bundle-id-and-send-to-xcode-organizer-for-upload/ )

And this might be possible. The problem I'm facing is that it doesn't seem to embed the mobile provisioning profile as I do with my normal builds (using xcrun) is this possible to control with the codesign tool, or is it possible to re-sign with xcrun?

With my resign script i currently do

  • unzip app.ipa
  • appname=$(ls Payload)
  • xcrun -sdk iphoneos PackageApplication -s "$provisioning_profile" "$project_dir/Payload/$appname" -o "$project_dir/app-resigned.ipa" --sign "$provisioning_profile" --embed "$mobileprovision"

I've looked in the resulting ipa file and it seems to be very similar to the original app. What files should really change here? I initially thought the the _CodeSignature/CodeResources would change, but the content looks pretty much exactly the same.

Pointers are much appreciated.

Answer

Erik picture Erik · Aug 3, 2011

Finally got this working!

Tested with a IPA signed with cert1 for app store submission with no devices added in the provisioning profile. Results in a new IPA signed with a enterprise account and a mobile provisioning profile for in house deployment (the mobile provisioning profile gets embedded to the IPA).

Solution:

Unzip the IPA

unzip Application.ipa

Remove old CodeSignature

rm -r "Payload/Application.app/_CodeSignature" "Payload/Application.app/CodeResources" 2> /dev/null | true

Replace embedded mobile provisioning profile

cp "MyEnterprise.mobileprovision" "Payload/Application.app/embedded.mobileprovision"

Re-sign

/usr/bin/codesign -f -s "iPhone Distribution: Certificate Name" --resource-rules "Payload/Application.app/ResourceRules.plist" "Payload/Application.app"

Re-package

zip -qr "Application.resigned.ipa" Payload

Edit: Removed the Entitlement part (see alleys comment, thanks)