Expo build with associatedDomains

resign_ipa.md

Resign Expo IPA for associatedDomains

You can also generalize these instructions to modify your ipa for any other reason.

Error message

ERROR ITMS-90046: "Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, value '*' for key 'com.apple.developer.associated-domains' in 'Payload/Exponent.app/Exponent' is not supported."

Assumptions

• My app id is io.getsparks.sparks
• My distribution certificate name is iPhone Distribution: Boost Labs, Inc
• You are trying to set expo.ios.associatedDomains to ["applinks:yourdomain.com"] in app.json

Solution

• Make sure you updated your "App ID" is updated with Associated Domains support: use this guide
• Regenerate mobileprovision file - easiest way is to run exp build:ios -c to clear your existing certs, and let it generate new ones
• Wait for build to finish
• Download latest mobileprovision file with associated domains support from https://developer.apple.com (guide assumes you name this file ~/Downloads/myapp.mobileprovision). This step is optional for future builds, since you aren't going to be regenerating the .mobileprovision file after the first time.
• Login to your apple account inside xcode
• Download public distribution certificate from https://developer.apple.com and install to keychain (double-click)
• Download private distribution certificate from exp fetch:ios:certs and install to keychain (double-click)
• Verify certs are shown under your xcode account (under Manage Certificates)
• Download .ipa to your local machine
• Unzip and clean old signature.

  unzip app.ipa
  rm -rf Payload/Exponent.app/_CodeSignature/
  

• Make sure the mobileprovision file is updated (I think this may not be necessary)

  cp ~/Downloads/myapp.mobileprovision Payload/Exponent.app/embedded.mobileprovision
  

• Edit Payload/Exponent.app/archived-expanded-entitlements.xcent with the contents of the com.apple.developer.associated-domains key from Payload/Exponent.app/Exponent.entitlements. Should look like this:

      <key>com.apple.developer.associated-domains</key>
      <array>
              <string>applinks:yourdomain.com</string>
      </array>
  

• Resign and zip everything together

  codesign -f -s "iPhone Distribution: Boost Labs, Inc" --entitlements Payload/Exponent.app/archived-expanded-entitlements.xcent --identifier "io.getsparks.sparks" Payload/Exponent.app
  zip -qr app.resigned.ipa Payload SwiftSupport/
  

• Upload via Application Loader and 🎉

References

• https://stackoverflow.com/questions/5160863/how-to-re-sign-the-ipa-file
• https://stackoverflow.com/questions/19102069/error-no-entitlements-found-in-bundle
• https://developer.xamarin.com/guides/ios/getting_started/installation/device_provisioning/
• https://blog.branch.io/how-to-setup-universal-links-to-deep-link-on-apple-ios-9/
• https://developer.apple.com/documentation/security/shared_web_credentials/preparing_your_app_and_website_to_share
• https://coderwall.com/p/cea3fw/resign-ipa-with-new-distribution-certificate

Getting the following when I use transporter to verify the app:

ERROR ITMS-90165: "Invalid Provisioning Profile Signature. The provisioning profile included in the bundle 'com.something.package' (Payload/SomeApp.iOS.app) cannot be used to submit apps to the iOS App Store until it has a valid signature from Apple. For more information, visit the iOS Developer Portal."

Sorry, this is unsupported as the code is nearly 3 years old and much has likely changed.

Make sure you updated your "App ID" is updated with Associated Domains support: [use this guide](https://blog.branch.io/how-to-setup-universal-links-to-deep-link-on-apple-ios-9/)
Regenerate mobileprovision file - easiest way is to run exp build:ios -c to clear your existing certs, and let it generate new ones
Wait for build to finish
Download latest mobileprovision file with associated domains support from https://developer.apple.com/ (guide assumes you name this file ~/Downloads/myapp.mobileprovision). This step is optional for future builds, since you aren't going to be regenerating the .mobileprovision file after the first time.

This part is automated if you use the new build service EAS Build, we created a system for auto registering capabilities to your app identifier before building. Learn more.