Deploy iOS
Generating key store and certificate
You need to have openssl installed in your computer.
If you use Mac OS, this should be installed as default
If you use Linux, we recomend to install your distro binaries
If you use Windows, you should install OpenSSL for Windows
If you use Windows, you may install a git-bash (like the one embedded within SourceTree)
First, you need to create your RSA 2048 key-pair with the following command:
openssl req -nodes -newkey rsa:2048 -keyout request.key -out request.csr
You will be prompted with some questions, which you need to supply the answers. You may want to configure the openssl req
with predefined data. To do so, create a config
file like the template below:
Then pass it to the openssl req
command like the follow:
Optionally, you can call openssl without passing a config file using the interactive mode.
request.key
is the private keyrequest.csr
is the public key
Never share your private key request.key
in a non-secure media. If you must transfer it from your trusted computer to another, do it safely. Some suggestions are:
use
scp
to copy this file overssh
encryption to your other trusted computer;zip it with a password, forward the file with a pen-drive or in a email, and tell the destinatary the password through another media;
upload it with
https
to a trusted server of your own.
If somehow you have shared your private key request.key
in a unsecure way, please, BURN IT WITH FIRE BEFORE IT LAYS EGGS OF SECURITY BREACHNESS. You are warned. You should take your security seriously. Pretty pretty seriously.
Your public key is meant to be shared with the wind. There is no worry about this as long asP≠NPP \neq NPP̸=NP.
Now go to the Apple Developer Page and request a new certificate. Choose accordingly to your needs.
Creating your certificate
You should now see this screen:
As I need a production certificate for an Enterprise account, I choosed the In-House and Ad-Hoc
.
And then finally to the screen where I now shall upload the generated .csr
file (it is the public key, so therefore no worry):
Now you can download the certificate at any time. This file is commonly named as ios_distribution.cer
.
iOS App ID
To generate the provisioning profile, one must have before-hand to register new Apple ID in Register a new Identifier
:
In the sample above, I have choosen to go with the Explicit App ID
, com.totalcross.tcguide
.
You cannot enable Push Notification service using Wildcard Apple ID.
You shall not use Wildcard Apple ID if you want to distribute your application with Enterprise Distribution. This may leads to trouble when your client tries to upgrade the app you have provided.
Provisioning profile
Now we must generate the provisioning profile:
As I want an enterprise distribution, I must choose the In-House
provisioning profile:
If you want to test your app in specific iOS devices, you must create a Development
provisioning file. To do so follow the tutorial: Using Development certificate to test your application.
Now the system will ask you about the App ID, then the certificate, and finally you are prompted with a Profile Name. It can be arbitrary:
You end this step downloading a .mobileprovision
file.
Recalling
You have created in your own machine this files:
config (optional)
, so that it will be easy to create your public/private keysrequest.key
, your private keyrequest.csr
, your public keyios_distribution.cer
, your Apple certificate.mobileprovision
, one of the most important files so that you can indeed embed this in your app to distribute
Finishing the basis to compile to iOS with TotalCross
So far, so good. Now we need to create a Publc-Key Cryptography Standard 12 .p12
file. To create it, we need the intermediary container for public key .pem
file.
This question in ServerFault gives you more details about the files format. Also it was where I got that information above.
To create the .pem
file, just give this command:
Where:
x509
is the cryptography standard-in ios_distribution.cer
indicates that the input certificate file is namedios_distribution.cer
-inform DER
indicates that the format of the input file isDER
, so that OpenSSL can do its conversion AKA translate fromDER
-out ios_distribution.pem
indicates that the output file name is namedios_distribution.pem
-outform PEM
indicates that the output format isPEM
AKA translate toPEM
With the .pem
file created, we just need to create the .p12
file:
Where:
pkcs12
is the cryptography standard-export
-inkey request.key
which file is the private key? It isrequest.key
-in ios_distribution.pem
which file is the container for your certificate?ios_distribution.pem
-out ios_distribution.p12
which file I want to save as my PKCS 12 file?ios_distribution.p12
For TotalCross SDK 4.4.1 or earlier and 5.1.3 or earlier:
You must create two .p12 files. The first one with password to be added in your keychain (you can name it ios_distribution_with_password.p12). The second one without password to be used in your tc.Deploy through the /m
parameter.
For later versions:
You can create just one .p12 file with password to be added in your keychain. For later versions, we no longer require parameter /m (Deprecated) to build your TotalCross ipa.
Adding your certificate to your Keychain in your macOS
Requires a p12 file with password.
Click twice in p12 file. A box with password field will be shown, type your p12 file password in the field password and your certificate will be added to your macOS Keychain.
iOS deployments
GENERATING YOUR IPA FILE BY USING TOTALCROSS DEPLOYER
For TotalCross SDK 4.4.1 or earlier and 5.1.3 or earlier:
Before executing the following steps, copy your certificate file, ios_certificate.p12
, and your mobileprovision file, profile.mobileprovision,
to a separate folder inside workspace directory.
Maven
Execute command mvn package
using the following pom.xml as example:
Old style command line
If you rather the old style way of deploying:
java -cp "%TOTALCROSS3_HOME%"/dist/totalcross-sdk.jar tc.Deploy HelloTC.jar -iphone /m ./ios_certs /p /r YOUR_KEY_HERE
"%TOTALCROSS3_HOME%" = is the folder where the TC SDK
HelloTC.jar = is the jar of project
ios_certs = path to certificate
RESIGNING YOUR APPLICATION
Requirements:
having XCode updated to version
>=10.0
having Imagemagick installed
having Totalcross SDK
>=4.2.1
installedhaving your certificate shown in the list of valid identities returned by executing
security find-identity
:
Preparing environment
Install Imagemagick by entering command (if you don't have brew installed visit this page and install it. Its pretty easy!):
Switch Command Line Developer Tools to CLT XCode directory by executing
Give execution permission to the sh scripts inside
path/to/your/totalcross_sdk_home/etc/tools/iOSCodesign
Resigning your app.ipa
Artifacts needed for this step:
the TotalCross generated
.ipa
your provisioning profile
your Certificate name (
iPhone Distribution: Your Company
)Method, which can be: app-store, ad-hoc, enterprise or development. (It must match your .mobileprovision type)
Your Application Icon
a Mac OS X computer
Having all of those parameters, you will be able to run the following command:
Parameters
Description
--ipa, -i
Represents the path to your ipa file generated by the tc.Deployer that you want to be resigned.
--icon
Represents the path to your application icon. If you ommit it, the totalcross icon will be placed.
--provision-file, -prov
Represents the path your mobileprovision file.
--certificate, -c
Represents the name of your certificate as shown in your mac keychain (you may copy this name from the keychain or from the command security find-identity
in the list of valid certificates.
--method, -m
Represents the method which you want to distribute your app. They are:
ad-hoc;
app-store;
enterprise;
development.
--output, -o (optional)
Represents the path in which your resigned ipa file will be placed. If you ommit this parameters, your resgined ipa file will be generated inside[tccodesign.sh directory]/build
Now you're ready to properly install or upload to the apple store your application.
Last updated