I know there's a bunch of questions out there about this but most of the solutions either haven't worked for me or are obsolete.
I work for an app vendor - usually our customers provide us with their certificates and profiles so we can do the app submission for them. I have one customer who does not want to do so for security reasons, and is asking for an unsigned IPA that they can resign themselves and submit.
... is there a non-hacked way to do that? I managed to create an unsigned IPA and resign it but I can't install it on device as I get a message that its integrity could not be verified. If I run codesign -f -s with the appropriate cert it passes. But then if I try to verify it with code sign -v I get no identity found.
security find-identity gives me almost 9 valid identities.
Anyone do this successfully in the past year? Does the provisioning profile need to be a specific type(adhoc vs App Store). I used an adhoc profile with a device that I verified is in the profile.
Is it a matter of exporting an xcarchive from Xcode and giving it to them? Should that archive be signed with my own stuff and then they can resign?
I work for an app vendor - usually our customers provide us with their certificates and profiles so we can do the app submission for them. I have one customer who does not want to do so for security reasons, and is asking for an unsigned IPA that they can resign themselves and submit.
... is there a non-hacked way to do that? I managed to create an unsigned IPA and resign it but I can't install it on device as I get a message that its integrity could not be verified. If I run codesign -f -s with the appropriate cert it passes. But then if I try to verify it with code sign -v I get no identity found.
security find-identity gives me almost 9 valid identities.
Anyone do this successfully in the past year? Does the provisioning profile need to be a specific type(adhoc vs App Store). I used an adhoc profile with a device that I verified is in the profile.
Is it a matter of exporting an xcarchive from Xcode and giving it to them? Should that archive be signed with my own stuff and then they can resign?