IOS In House release

IOS In House release

When signing In House these two days, the system prompts that the SSL certificate has expired. Another iOS In House was released. Here I will write an article to record the previous history of tossing In House. The future changes will also be updated here.

In the first 12 years, we wrote a re-signed shell script.

 

IPA="xxx.ipa"APPNAME="xxx.app"PROVISION="embedded.mobileprovision"CERTIFICATE="xxx" #must be in keychain, such as"iPhone Distribution: Tencent Co.,Ltd"rm -rf Payloadrm -rf resigned.ipaunzip -q "$IPA"# remove the signaturerm -rf Payload/*.app/_CodeSignature Payload/*.app/CodeResources# replace the provisionrm -rf Payload/*.app/embedded.mobileprovisioncp "$PROVISION" Payload/$APPNAME/embedded.mobileprovision# sign with the new certificate/usr/bin/codesign -f -s "$CERTIFICATE" --resource-rules Payload/*.app/ResourceRules.plist --entitlements game.plist Payload/*.app# zip it back upzip -qr resigned.ipa Payloadrm -rf Payload

In the middle, with the upgrade of iOS and XCode, or minor modifications to details. You must download and install the correspondingCommand line tools.

 

After iOS 7.1 is updated, Apple makes a big adjustment. When installing it through Safari, it will prompt"The application cannot be installed because the certificate is invalid.". Stackoverflow shows that plist must be placed on the https server. The simplest thing is to drop it onto cloud storage such as dropbox, but access in China may be restricted. I generated an ssl certificate on our Intranet server (apache) to allow the server to support https access. The following are the detailed steps.

1. Load the ssl dynamic library. Open conf/httpd. conf and remove the comments before LoadModule ssl_module modules/mod_ssl.so;

2. Configure ssl; open the httpd-ssl.conf, my configuration example is as follows:

 

SSLSessionCache "shmcb: logs/ssl. scache (512000)" Listen 442 # port. To prevent port conflict, I changed it to 442
 
  
# General setup for the virtual host DocumentRoot "D:/programs/xampp-win32-1.8.1-VC9/htdocs" # server root directory ServerName 192.168.1.221 # server name, it must be an IP address or domain name ServerAdmin webmaster @ localhost # This is an email address. You can enter ErrorLog "logs/error at will. log"
  
   
CustomLog "logs/access. log" combined
  SSLEngine on SSLCertificateFile "conf/ssl. crt/server. crt" # path of the certificate generated later: SSLCertificateKeyFile "conf/ssl. key/server. key" # path of the key generated later
 

 

3. Open cmd and go to the ../apache/bin directory. Run the following command to generate the private key of the server:

 

openssl genrsa -out server.key 1024

4. Generate a signing application,Common Name must be the Server ip address or domain NameAnd the rest can be empty.

 

openssl req -new -out server.csr -key server.key -config ..\conf\httpd-ssl.cnf

5. Generate the CA private key

 

openssl genrsa -out ca.key 1024

 

6. Generate a CA certificate,Common Name must be the Server ip address or domain NameAnd the rest can be empty; for free expiration, the validity period is set to 10 years

 

openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -config ..\conf\httpd-ssl.cnf

7. Create the directory demoCA in the current directory and create 1. Empty directory newcerts, 2. Empty file index.txt, 3. file serial. Open it in a text editor and enter 01;

 

8. Use CA to sign the certificate for the server

 

openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ..\conf\openssl.cnf

9. Copy server. crt to the conf/ssl. crt/directory, and copy server. key to the conf/ssl. key/directory /.

 

10. Restart apache and enter https: // localhost: 442 in the browser for testing.

11. Modify the plist link in the html file

 

itms-services://?action=download-manifest&url=https://192.168.1.221:442/down/dev/xxx.plist

Then, you can install it online on the mobile browser.

 

 

Update 2014.12.24

In the middle of the page, I did not publish In House for a while. In this case, I upgraded my Mac to 10.10, and Xcode to 6.1.1. The message "-- resource-rules has been deprecated in max OS x> = 10.10" is displayed when the signature is signed the day before yesterday. After the signature is signed, the system prompts"Unable to download application at this time xxx cannot be installed".

You cannot comment out -- resource-rules in the signature script. Later, we saw the following solution on stackoverflow. After testing, we can:

Click project> Targets> Select your target> Build Settings> Code Signing Resource Rules Path

Add $ (SDKROOT)/ResourceRules. plist