Scenario: created an iPhone app for Grip 411 using Adobe Air for Mobile now managed by Samsung Harman’s AIR SDK. The build process created the app’s grip411.ipa properly but was rejected by Apple because:
‘ERROR ITMS-90034: “Missing or invalid signature. The bundle ‘com.grip411.release’ at bundle path ‘Payload/Grip 411.app’ is not signed using an Apple submission certificate.”‘ Reason: Apple updated their code signing tools which get updated automatically using the latest version of XCode but since I am still on the previous version the certificate for signing had not been updated yet.
The process below uses a manual signing process via the command line.
# https://stackoverflow.com/questions/5160863/how-to-re-sign-the-ipa-file
# same process worked on Feb. 4, 2021
# had to first update the certificate APPLEWWDCRCA3.cer and install it into KeyChain Access
# https://developer.apple.com/support/certificates/
# https://stackoverflow.com/questions/64596362/iphone-distribution-certificate-is-not-trusted
# this version was tested OK vith macOs Sierra 10.12.5 (16F73) on oct 0th, 2017
# original ipa file must be store in current working directory
IPA="ipa-filename.ipa"
PROVISION="path-to.mobileprovision"
CERTIFICATE="hexadecimal-certificate-identifier" # must be in keychain
# identifier maybe retrieved by running: security find-identity -v -p codesigning
# unzip the ipa
unzip -q "$IPA"
# remove the signature
rm -rf Payload/*.app/_CodeSignature
# replace the provision
cp "$PROVISION" Payload/*.app/embedded.mobileprovision
# generate entitlements for current app
cd Payload/
codesign -d --entitlements - *.app > entitlements.plist
cd ..
mv Payload/entitlements.plist entitlements.plist
# sign with the new certificate and entitlements
/usr/bin/codesign -f -s "$CERTIFICATE" '--entitlements' 'entitlements.plist' Payload/*.app
# zip it back up
zip -qr resigned.ipa Payload