{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 贪生不怕死 的问题《How do I produce an iOS Release Build that my clie》','https://www.manongdao.com/q-177823.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
My scenario
I wrote an iOS app for a client. The project is almost over and now it's time for them to put it in the App Store. I've been sending them development builds throughout the development process. Those builds had a bundle id based on my company and my client's project like so: com.mycompany.clientname.projectname. I signed those Ad Hoc builds with an Ad Hoc Distribution Provisioning Profile that I created in my own Provisioning Portal account.
Now that it's time to go to the App Store, I need to do a Release Build and send that for them to sign with their own App Store Distribution Provisioning Profile. This also implies setting a new Bundle ID for the project.
My problem
I need to get a compiled app to the client for them to sign with their provisioning profile. However, I need to set the Bundle ID to what they're going to use first. Let's say it's com.bestclientever.appname. Xcode 4 won't let me archive the project now because doing so requires code signing. I can not code sign it because I can not create a provisioning profile with the same Bundle ID as what they have set up in their Provisioning Portal (the Provisioning Portal enforces uniqueness—as it should).
Have I made any incorrect assumptions or misunderstandings here? ie. Do I really have to set the Bundle ID to what they're going to sign with?
The Question
Is there any way to archive, or otherwise build, an iOS app without code signing it? Like a "sign later" setting or something?
Or, is there a way to build the app with one bundle id but then someone else be able to sign it with a provisioning profile for another bundle id (either by changing the bundle id of the compiled app or some other signing method)?
How can I build the final release build but have someone else sign the app for distribution to the App Store?
What I've tried or explored
- Acting for the client.
- With other, less savvy clients, I've ended up just getting their Provisioning Portal and iTunesConnect credentials and just doing the final build as them. That won't fly with this client. It's a big company with strict security guidelines and a lot of red tape.
- Spoofing as the client.
- This is similar to the one above and won't work for the same reasons. It sounds really fishy to ask my client "can you export your private keys and send them to me"? This technique is described in this answer: How can I send iOS app to client, for them to code-sign
- Sending the client my project source code and letting them do the release build.
- A license to the source code was not in our agreement. Additionally, this client does not want to get involved with source code (hence outsourcing it). I would entertain this as a last-resort option, but there's gotta be a better way!
- Getting set up as an Admin-level developer in their Developer Member Center.
- Unfortunately, only the Agent-level user can create a Provisioning Profile (as far as I can tell). It seems like there ought to be a way to either let me create a profile that I can use to sign the build or generate a profile for me. I can't find either option.
I've been there. Options 2 or 3 are out of question. Option 4 would be ideal, but as you wrote, Apple will not let the agent delegate her privileges to create distribution profiles.
So basically, your only option is for you to get the distribution profile defined with their account. In order for you to handle it, you would need to login as their agent, which is not an option.
So they will have to do it. There is no way around that.
They will also have to invite you as a member of their product development team on their account. You will need to be an admin. That's mean you will have to send a signing certificate request as outlined by Apple.
Finally, they will have to download and send you the distribution provisioning profiles they created.
With all that, you will be able to sign your application with their resources.
I had the same problem. This was how I finally solved it:
The client was not so concerned with sharing a development certificate as they would be sharing their distribution certificate.
I also had to create
entitlements.plistwith "Can be debugged" (get-task-allow) set to NO, and reference it in the build configuration (under Code Signing, Code Signing Entitlements).iResign works quite well.
It allows you to change the bundle id and add entitlements when signing. Probably would work for your use case.
That being said, the xcarchive solution is more canonical. Be aware that sharing the xcarchive file gives them the dsym.
If you have any #ifdef DEBUG statements in your code, make sure they are disabled in the build you give them.
Most of these answers seem complicated and out dated. I think the simple answer is to make an archive with a Developer profile.
This is a solution which I am currently investigating for my own purposes (not fully tested):
You just need developer access (not team agent) to their account and create a Development provisioning profile that authorizes you to build the specified App ID (you need to specify the App ID, because it gets compiled in). Then Archive the app with the Development profile, and share the archive with your client. They can then re-sign the archive with their own Distribution profile.
One complication is that when you build an archive with a developer profile, the entitlement attribute get-task-allow gets set to true, but needs to be set to false for distribution, so you have to work around that by setting it manually your Entitlements.plist - see my question here: Can I archive with a Developer certificate, then re-sign it during submission with a Distribution certificate?