1

We've received an IPA from our vendor signed with a dev provisioning profile, to test Prod Push messaging we manually resigned the IPA with an AdHoc profile.

The app installs and runs fine on the device, but fails to register for Push Messaging.

Here's what we did (followed this https://coderwall.com/p/cea3fw):

unzip app.ipa

rm -rf Payload/MyApp.app/_CodeSignature/

cp ~/Downloads/AdHoc.mobileprovision Payload/MyApp.app/embedded.mobileprovision

codesign -f -s "iPhone Distribution: Company Certificate" --resource-rules Payload/MyApp.app/ResourceRules.plist Payload/MyApp.app

zip -qr app-resigned.ipa Payload/

Sideload to device, app launches, but fails to register for push.

Since then the vendor sent us a xacrchive file, which we can successfully export signing it via xcode, but we're still curious as to why code sign didn't work on the IPA.

rmaddy
  • 314,917
  • 42
  • 532
  • 579
Denis
  • 115
  • 1
  • 8
  • You didn't say if you have confirmed that the profile you are using to resign can be used directly to sign an app to register for push (i.e. a test app that does nothing but register for push and is directly signed with your profile). – Gruntcakes Apr 22 '14 at 22:59
  • Thanks Martin, when signing the xarchive via Xcode, we use the exact same profile, and push messages work on that build. But you're right we haven't actually created a separate app to test that. – Denis Apr 22 '14 at 23:04
  • Found this answer (http://stackoverflow.com/questions/9167613/can-i-archive-with-a-developer-certificate-then-re-sign-it-during-submission-wi?rq=1) which suggests that if the original IPA was signed with a dev profile, we can't resign it with a distribution profile without adding the entitlements file. – Denis Apr 22 '14 at 23:07
  • 1
    It *might* be possible to force the aps-environment entitlement into the .app built file by using an Entitlements.plist file. This is something I've had to do in the past when I found apps built using a bot weren't applying the push entitlement when they should have. – Gruntcakes Apr 22 '14 at 23:12
  • Tried signing it with --entitlements entitlements.plist with get-task-allow No luck. Would I have to add it to the bundle? Add it to Info.plist? – Denis Apr 22 '14 at 23:43
  • Forgot to add aps-environment. Works now. – Denis Apr 22 '14 at 23:52
  • Full entitlements.plist looks like this: aps-environment production get-task-allow – Denis Apr 23 '14 at 00:02
  • codesign -f -s "iPhone Distribution: Company Certificate" --entitlements ./Entitlements.plist --resource-rules Payload/MyApp.app/ResourceRules.plist Payload/MyApp.app – Denis Apr 23 '14 at 00:02
  • Are you saying it works now? – Gruntcakes Apr 23 '14 at 14:18
  • Correct. It work when you pass entitlements into the codesign command. – Denis Apr 23 '14 at 19:06

2 Answers2

1

This is to encapsulate my comment as an answer - the solution is to force the aps-environment entitlement into the .app built file by using an Entitlements.plist file.

This is something that can be necessary to do in a few situations, here's an example when using the Xcode bot build system fails for builds involving push:

IPA created via Xcode bot fails to run for APNS but runs if built manually via Xcode itself or built as an archive by Xcode

Community
  • 1
  • 1
Gruntcakes
  • 37,738
  • 44
  • 184
  • 378
0

Answered with help of Martin H, in the comments of the original answer.

To recap: When app is signed with a Developer Profile, you'd need to add entitlements when resigning with distribution profile.

Denis
  • 115
  • 1
  • 8