About iOS app signing and MacInCloud
30 March 2016

About iOS app signing and MacInCloud

A little tip about Mac OS X awesome security...

MacInCloud and others cloud based mac providers are a great option to develop iOS apps using Xamarin and to create CI builds for your development. But Mac OS X has some strange security features you need to be aware of...

One of this "features" is the impossibility to click "Allow always" or "Allow" buttons in Keychain related security dialogs while you are in a remote session:

4KnhS

Apple wrote about this in the changelog for Mac OS X 10.11.1

"the following "fix" was introduced which prevents apps from digitally "clicking" the Allow or Always Allow buttons:

  • Impact: A malicious application can programmatically control keychain access prompts
  • Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows."

That's awesome! Kudos to Apple for doing Mac OS X so secure.  But... how could you sign an iOS app in a remote mac miles away and without any kind of physical access then?

The Terminal comes to save the day!

The unique way to solve this "problem/feature" is to make your Mac Build server a bit less... secure. What we are going to do is to remove the signing certificate from the keychain on the remote mac and manually import the p12 file using command line security tool to allow all application on the system to use that certificate:

security import /path_to_your_file/p12file.p12 -k /Users/your_build_user/Library/Keychains/login.keychain -A

Here we go, first you need to specify the p12 file you want to import into the keychain, then with -k parameter you need to specify the keychanin you actually want to import the certificate to. Finally but most important -A indicates all apps are allowed to use this certificate without prompting to the user.

Now you can setup your build and generate IPA or APP packages ready for publishing using distribution certificates without any problem!

Happy Coding!

Related

0 ( 0 reviews)

Post a Comment