Re-signing the wrapped app

When you receive your wrapped app from the AppConnect Wrapping Portal, re-sign the app using the script that MobileIron returns with the app. The script is called sign_wrapped_app.sh.

The signing script is supported only with the versions MacOS and Xcode listed in Product versions required.

IMPORTANT:

You must download the signing script sign_wrapped_app.sh for each new release of AppConnect for iOS. Previous versions of the script will not work.

Before you run the script

•

Make sure the signing certificate that you created for the app is in the MacOS computer’s login keychain.

•

Put the IPA file of the wrapped app and the sign_wrapped_app.sh script in the same directory for convenient access.

Running the sign_wrapped_app.sh script

1.

Open the Terminal application on the MacOS computer.

2.

Change to the directory containing the IPA file of the wrapped app and the sign_wrapped_app.sh script. For example:

$cd ~/wrapping

3.

Make sure that the sign_wrapped_app.sh script is executable. For example:

$chmod 755 sign_wrapped_app.sh

4.

Run the script, specifying two parameters: the original app’s signing certificate and the IPA file of the wrapped app. For example:

$./sign_wrapped_app.sh -i "iPhone Distribution: myCompanyName" myApp-wrapped.ipa

NOTE:

Specify the name of the signing certificate of the original, unwrapped app in double quotes. This name is also the original app’s signing identity. The name has the format "iPhone Distribution: <certificate name>" where <certificate name> is typically the name of your company.

5.

When prompted, enter the password to unlock your keychain.

The script continues to run, displaying the following output when successful:

/var/folders/6g/z1_193_x0lj6jkzmysxl5wz80000gq/T//resign-QJ4wZrPR/Payload/myApp.app/MISandbox.framework/Versions/A: replacing existing signature

/var/folders/6g/z1_193_x0lj6jkzmysxl5wz80000gq/T//resign-QJ4wZrPR/Payload/myApp.app: replacing invalid existing signature

$

The script replaces the IPA file with a signed IPA file. The signed IPA file is the file you distribute to device users.

Optionally, you can specify a different output file for the signed IPA file. Use the -o option as follows:

$./sign_wrapped_app.sh -i "iPhone Distribution: myCompanyName" -o mySignedWrappedApp.ipa myApp-wrapped.ipa

Specifying custom entitlements

By default, the sign_wrapped_app.sh script takes the app entitlements (for example, enabling iCloud, push notifications, and App Sandbox) from the app binary. You can override this behavior by specifying an optional parameter when running the sign_wrapped_app.sh script. The parameter names an entitlements plist file.

-e <entitlements plist file name>

For example:

$./sign_wrapped_app.sh -i "iPhone Distribution: myCompanyName" -e entitlements.plist myApp-wrapped.ipa

Specifying a new provisioning profile

By default, the sign_wrapped_app.sh script uses the distribution provisioning profile that is embedded in the app’s IPA file. You can override this behavior by specifying an optional parameter when running the sign_wrapped_app.sh script. The parameter names another distribution provisioning profile.

-p <path to distribution provisioning profile>

For example, when the provisioning profile is in the current directory:

$./sign_wrapped_app.sh -i "iPhone Distribution: myCompanyName"  
       -p MyProvisioningProfile.mobileprovision myApp-wrapped.ipa

Specifying new version numbers

By default, the sign_wrapped_app.sh script does not change the version numbers in the IPA file. These version numbers are:

•

the release version number (CFBundleShortVersionString key’s value in the Info.plist of the app)

•

the build version number (CFBundleVersion key’s value in the Info.plist of the app)

Typically, you do not need to specify new version numbers for the signing script. The new version numbers in an updated app are fine. However, if you are using the signing script to re-provision and re-sign an existing version of a wrapped app that is already in the app distribution library on MobileIron Core, you must increase the version numbers. MobileIron Core does not allow you to upload an app with the same version numbers as the version you already uploaded.

The signing script provides parameters for specifying new version numbers.

-s <CFBundleShortVersionString>

-d <CFBundleVersion>

For example:

$./sign_wrapped_app.sh -i "iPhone Distribution: myCompanyName" -s "3.1.2" -d "3.1.2" myApp-wrapped.ipa

Specifying a different bundle ID

You can use the -b option on a wrapped app to change its bundle ID. Because the -i option is required, you must also specify the signing certificate.

For example:

    sign_wrapped_app.sh -i "iPhone Distribution:myCompanyName" 
               -b "com.new.bundleID" myWrappedApp.ipa

Troubleshooting the signed wrapped app

If your signed wrapped app exits unexpectedly when you launch it, the issue sometimes involves the original app’s bundle ID. In some cases, the sign_wrapped_app.sh script cannot infer the original app’s bundle ID, which results in problems running the app.

To correct this issue, run the script using the -b option to specify the original app’s bundle ID. For example:

$./sign_wrapped_app.sh -i "iPhone Distribution: myCompanyName" -b com.myCompanyName.myApp myApp-wrapped.ipa