Building with Enterprise profile

Any advice on getting Xojo to build an iOS app with an Enterprise license?

For many years I have done my iOS apps with another framework which predates Xojo support for iOS. But I had a relatively simply new project so thought I should check out Xojo support. Designing and running the app in the simulator was one thing, but getting it to actually build with an Enterprise certificate is another. :frowning:

I found (https://xojo.com/issue/47975)] Feedback case #47975 from just over 2 years ago, with a status change in June 2018 from ‘Needs Review’ to ‘Reviewed’ but nothing since then. In it @Bob Keeney said:

He didn’t mention which forum thread it was. My guess may be this one – which ironically enough, I was one of the participants at the time. But I am unable to use the steps @Steve Koger listed because I can’t it to build with the app store turned off either. (Because for this client I have their Enterprise Distribution profile, but not a development profile)

It is frustrating when you spend more time trying to build a project, then develop it and get it running in the simulator. :frowning:

Afraid you are correct that until you can build it with App store turned off. You’re stuck in the water unfortunately. Once you have that then you should be able to follow my instructions.

I did a more formal write up at https://www.bkeeneybriefs.com/2019/05/enterprise-code-signing-for-ios-in-xojo/

FWIW, I have my team set to None in iOS Build settings when I’m building for that project.

BINGO! Thanks for that last hint @Bob Keeney. I had not tried setting it to None, assuming (ahem!) that it was going to require either a development or distribution profile to attempt a Build.

But I just tried None, and it did in fact build the *.app just now. So now to try the rest of the steps in your brief (or the similar forum post previously noted).

For the sake of others finding this thread, the real breakthrough was @Bob Keeney saying to set the code signing team to None, so that I could get a *.app bundle to code sign separately. But instead of the iReSign app mentioned by @steve Koger and Bob, I had better luck using a newer fork derived from that called XReSign instead. It comes only as source you must compile in XCode, but after doing that XReSign worked perfectly for me.

It also has a shell script which can be called instead, which may mean it is easier to create a script to add to a Xojo project build step.

But since I’ve now spent more time getting an Enterprise build then I did writing the app, I am going to leave that for the future…

Glad you’re up and running. My app had some significant barriers in it like getting an app delegate to work with a scanner. That nearly ended the project before it began but with help from a few members of the forum I finally figured it out. It’s been working great ever since. Pay it forward if you can.

This forum is a Xojo community treasure chest.

[quote=439424:@Bob Keeney]Pay it forward if you can.

This forum is a Xojo community treasure chest.[/quote]

In the spirit of paying it forward, I’ve worked out a way to mostly automate this using a build script. This is also added as another entry in Feedback case #47975 for those who search there.

The script relies in part on a shell script available as part of XReSign available on GitHub here, at least as of the time of this writing:

https://github.com/xndrs/XReSign

Specifically it uses the file https://github.com/xndrs/XReSign/blob/master/XReSign/Scripts/xresign.sh

But it is probably always best to clone or download the then-current project, which also contains a GUI app as well as the shell script.

Preliminary steps, needed just once, before adding to any iOS project:

  1. Clone or download the XReSign project linked above
  2. Copy xresign.sh to some location; I simply put in /Applications
  3. Make that file executable; for my installation I used:
chmod +x /Applications/xresign.sh

For any Xojo iOS project needing an Enterprise certificate signed app:

  1. Set project’s iOS build settings to code signing team None and do NOT build for App Store
  2. Use menu Insert > Build Step > Script
  3. Rename from Script1 to Resign (optional)
  4. Insert the block of code given below
  5. Modify string literals in a few spots as appropriate
  6. Provisioning profile can either be a downloaded file or imported UUID
  7. You can optionally change the bundle ID too
  8. Sample script below assumes names like MyCompany and MyApp

Note that the certificate name should be exactly how it is spelled in Keychain Access, and the keychain must include the private key as well.

Dim command as String
Dim result as String

' Convert *.app to unsigned.ipa
command = "cd " + CurrentBuildLocation + "; mkdir Payload; "
command = command + " mv *.app Payload; zip -rm unsigned.ipa Payload/*.*"
result = DoShellCommand(command)

' Prepare command to resign it
command = "/Applications/xresign.sh "
command = command + " -s " + CurrentBuildLocation + "/unsigned.ipa "

' Add name of certificate to be used for signing
command = command + " -c ""iPhone Distribution: MyCompany, LLC"" "

' Add name of provisioning profile to be used either as some download location
command = command + " -p ""~/Downloads/MyApp.mobileprovision"" "

' or else as an already imported provisioning profile
' command = command + " -p ""~/Library/MobileDevice/Provisioning Profiles/"
' command = command + "abcdef12-1234-abcd-1234-abcedf123456.mobileprovision"" "

' Optional change bundle identifier
'command = command + " -b com.mycompany.newID"

' Resign it
result = DoShellCommand(command)

' Clean up temporary folders
command = "cd " + CurrentBuildLocation + "; rmdir Payload; rmdir tmp"
result = DoShellCommand(command)

After building, the IOS folder should contain both unsigned.ipa and *-resigned.ipa which can be renamed to just *.ipa for distribution

Edit: Added feedback case number instead of just link.