Using Xcode bots to sign your app.

Apple has great documentation about how to set up a bot to build your application.

If you want to resign your application so that it can be uploaded to TestFlight and used by beta testers, I found a great explanation of how to do that on this site. (

Basically, you create a new shared scheme, make sure your signing identity and provision are available to the bot and add a script to the post archive phase of that scheme.  That site does a good job of walking through the steps.

This will work unless you have some entitlements in your application. For instance push notifications, game center, in-app purchase, etc. In that case, you have to remove the entitlements from the app, update them for the new signature and resign the app with the entitlements. Then you can use PackageApplication to build the ipa. Basically after you verify the app but before you run PackageApplication, you want to do something like the following:

echo "get entitlements"
cd /tmp/Archive.xcarchive
/usr/bin/codesign -d --entitlements ":${ENTITLEMENTS}" "${APP}"

echo "update entitlements - get-task-allow" /usr/libexec/PlistBuddy -c "Set :get-task-allow NO" "${ENTITLEMENTS}"

echo "update entitlements - application-identifier ${BUNDLE_ID}"
/usr/libexec/PlistBuddy -c "Set :application-identifier ${BUNDLE_ID}" "${ENTITLEMENTS}"

echo "update entitlements - aps-environment ${APS_ENVIRONMENT}"
/usr/libexec/PlistBuddy -c "Set :aps-environment ${APS_ENVIRONMENT}" "${ENTITLEMENTS}"

echo "resign with entitlements"
/usr/bin/codesign --force --preserve-metadata=identifier,resource-rules --sign "${SIGNING_IDENTITY}" --entitlements "${ENTITLEMENTS}" "${APP}"

Your BUNDLE_ID should match the application’s bundle ID, it needs to be added back into the plist. The APS_ENVIRONMENT variable will either be production or development. It should match the environment in your provisioning profile.

If you get it wrong, TestFlight will give you an error about APS environment doesn’t match signature.


One thought on “Using Xcode bots to sign your app.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s