Doesn’t work in Xcode 10
Xcode now allows anyone with an Apple ID to build and run app, from anywhere. But, what if, I’m jailbroken and not satisfied with 7-days expiration? Or I’m trying to build an open-source app, but can’t build because the bundle id is already taken and submitted to iTunes?
Since we are jailbroken, everything should just work if we use selfsigned certificate. But somehow, Xcode just keeps asking for a “provisioning profile”, and which is kind of messy to play around. But finally I got it working.
Provisioning profile, is a Cryptographic Message Syntax (CMS) signed property list (plist), which includes team, app, and permission info.
For those who don’t want to bother with cert generating and plist signing, you can just take CodeSigning.zip, import the p12 into keychain, open provisioning profile in Xcode, and skip to the last step, and you are all set.
If you’d like to create the cert from scratch, here’s the detailed steps.
Create selfsigned certificate for code signing
Things is different here because we are going to sign the plist, so for key usage you need not only “Code Signing”, but also “Any” and “Email Protection”, everything else should be famillar if you tried to create a code signing cert in the past. Note that you need to fill in “Organizational Unit”, and this will be your team id, so don’t leave white space in here.
Create provision plist
Now you have a working certficate, it’s time to create the provision plist. Here is the template plist file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AppIDName</key>
<string>selfsigned: any app</string>
<key>ApplicationIdentifierPrefix</key>
<array>
<string>SELFSIGNED</string>
</array>
<key>CreationDate</key>
<date>2018-08-27T16:55:24Z</date>
<key>Platform</key>
<array>
<string>iOS</string>
</array>
<key>IsXcodeManaged</key>
<true/>
<key>DeveloperCertificates</key>
<array>
<data>MIIDSTCCAjGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBKMSYwJAYDVQQDDB1pUGhv
bmUgRGV2ZWxvcGVyOiBTZWxmIFNpZ25lcjETMBEGA1UECwwKU0VMRlNJR05FRDEL
MAkGA1UEBhMCQ04wHhcNMTgwODI3MTU1NTI0WhcNMjgwODI2MTU1NTI0WjBKMSYw
JAYDVQQDDB1pUGhvbmUgRGV2ZWxvcGVyOiBTZWxmIFNpZ25lcjETMBEGA1UECwwK
U0VMRlNJR05FRDELMAkGA1UEBhMCQ04wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCx2pbOzmLI1ACKEHuUCPqz7VnM3txiHCmGLzLCAnTY7X8HyeHqFJ0S
JhG1CcYkdeQAGYQyUkC9mTvqU2QzUlvILTwREAg9lJG3jHLQlG45uF+AJD3dh7IO
x0wDSwZZXldmaR58Z/TUdq/z0lC5LCIAi2QHaSjWOtZWwmwEl5vQkUFLmgKqhaGx
znfWRjnYHx4jQ9w6LCi+hkyuyxjEsu5ZfoFLjEDNDF1NStgo7GW6G7X+20kWZ7++
JjeUaf9a56jMfSDe/Qs7UWe91UttHzn+WWgqV4ePCIXE2VVNjKAn/ZY5uQJtgWaa
i3cmQS7FNEaNRghwVuH7FPrBTIm5kb7HAgMBAAGjOjA4MA4GA1UdDwEB/wQEAwIH
gDAmBgNVHSUBAf8EHDAaBggrBgEFBQcDBAYIKwYBBQUHAwMGBFUdJQAwDQYJKoZI
hvcNAQELBQADggEBAD4DFoFp2ihSzVeYmimfA8R2pDWsHBNa3VfDefWo6Q5ITu4X
EPxMaiL7K0/nWPCkGUnIbGPraRVfXSSEQIHuq7azSj/PUWnya32YdXrb+See287d
KyKuX/7d2r+JbMAkPwMu1DECNsZxlzQQsd7eYclkrvtZdsPxYAFXzHn4nTV321QO
iOpXpzgOIaOnWn9+Oh1QI9z34GWBe0/69eXf2nFvSNHmXjsJdiOjMZc82//CZQXy
HLq0n2aVOJVlfx26PasYAreDudYgk3kBQSVfTkf5FRMEhNINqg604DE5aj48IKGl
RfM2IR//Ds0qkcpGIxcl+wS3o9SQLn7jyYdzP/o=</data>
</array>
<key>Entitlements</key>
<dict>
<key>keychain-access-groups</key>
<array>
<string>SELFSIGNED.*</string>
</array>
<key>get-task-allow</key>
<true/>
<key>application-identifier</key>
<string>SELFSIGNED.*</string>
<key>com.apple.developer.team-identifier</key>
<string>SELFSIGNED</string>
</dict>
<key>ExpirationDate</key>
<date>2028-08-26T16:55:24Z</date>
<key>Name</key>
<string>Self Signed Provisioning Profile</string>
<key>ProvisionedDevices</key>
<array>
</array>
<key>LocalProvision</key>
<true/>
<key>TeamIdentifier</key>
<array>
<string>SELFSIGNED</string>
</array>
<key>TeamName</key>
<string>SELFSIGNED</string>
<key>TimeToLive</key>
<integer>3652</integer>
<key>UUID</key>
<string>05F16888-117A-4640-A26B-6548942C2E1A</string>
<key>Version</key>
<integer>1</integer>
</dict>
</plist>
Here’s a few thing you need to change in this plist.
- Paste your certificate content after DeveloperCertificates entry. Open Terminal.app and run “security find-certificate -c “iPhone Developer” -p” and copy things between the dashes.
- Change all the team identifier SELFSIGNED if you chose your own “Organizational Unit” name when creating cert.
- Change the CreationDate, ExpirationDate, and TimeToLive to match your cert’s validation info.
- (Optional) Run “uuidgen” in Terminal and change the UUID entry.
Signing the provision profile
After you modified the plist, the easiest way should be running
security cms -S -N "iPhone Developer" -i provision.plist -o provision.mobileprovision
Though, for some reason, my machine keep running into error. If you have the same problem, export the cert and private key from keychain and sign it with openssl. (Note that the openssl cli utility comes with mac does not have cms function, you might need to compile one yourself or find another platform)
openssl cms -sign -nodetach -in provision.plist -out provision.mobileprovision -inkey CodeSigning.key -signer CodeSigning.crt -outform DER
Configure Xcode to use the certificate and provisioning profile
So we finally got everything set up, but wait! There’s the last step.
First open the .mobileprovision file in Xcode, it will not react or pop anything, but you can check “~/Library/MobileDevice/Provisioning Profiles” directory if your generated uuid is there.
Then go to project’s “Build Setting” – Signing, select your certificate in “Code Signing Identity”, change “Code Signing Style” to “Manual”, leave “Development Team” empty, and select your provisioning profile in both “Provisioning Profile” and “Provisioning Profile (Deprecated)”
Now check the Gerenal tab, and it should not complaint about signing anymore.