Re-signing

Re-signing is the process of modifying an existing binary with a new signing certificate or keystore, required when an application needs to be published under a different developer account or when updating an existing application. This process involves removing the original signature and replacing it with a new one.

Runner Usage

This step requires a runner to work. This means that when the step runs, one of the runners in your organization will be used exclusively for this step.

If you don't have enough concurrency, your other Build and Publish operations will wait in the queue.

Re-signing iOS Binaries

To sign an iOS binary, you need a valid certificate and provisioning profile. Appcircle supports both IPA and xcarchive files. The process of signing an iOS binary involves selecting the correct certificate and provisioning profile and specifying the bundle identifier and version number. Once these details are entered, Appcircle will generate a new signed binary with the updated information.

iOS Re-sign Process

1. Select the binary.

You can either select the files from the list or upload IPA, xcarchive files by clicking the Upload button at the top of the list.

2. Click the ... button and select Re-sign Binary

This form will show the following details of the original binary.

Display Name

CFBundleDisplayName: The user-visible name for the bundle, used by Siri and visible on the iOS Home screen.

Changing Display Name

Please note that if the project info.plist file does not have a CFBundleDisplayName parameter, changing the display name during resigning will not work.

Version

CFBundleShortVersionString: The release or version number of the bundle.

Build Number

CFBundleVersion: The version of the build that identifies an iteration of the bundle.

Entitlements

• Entitlements from provisioning profiles

Use entitlements from the new provisioning profile

• Combine app entitlements

Extract app bundle codesigning entitlements and combine them with entitlements from new provisioning

• New Entitlements.

This XML file can be edited to modify capabilities. The Re-signing process uses a single entitlement XML file.

If your provisioning profiles have the correct entitlements set, using the first option is the safest option.

Targets

You need to select new provisioning profiles for each target. Bundle ids will be automatically populated when you select a new provisioning profile. However, if you use a wildcard provisioning profile, you may need to write the correct bundle id for the selected target.

caution

A provisioning profile must be selected for each target; otherwise, re-signing will fail.

3. Fill in the details for re-sign process and hit the Sign button

When you sign an app version through Testing Distribution Profile or upload a signed app version manually or automatically through the Build module, Testing Distribution Profile will display a signed badge when the corresponding app version is selected.

If you hover over the signed badge, the certification name used to sign the app version will be displayed.

Re-signing Android Binaries

To sign an Android binary, a valid keystore file is required. Both APK and AAB files are supported by Appcircle. The process of signing an Android binary involves selecting the correct keystore file. Once these details are entered, a new signed binary with the updated information will be generated by Appcircle.

Android Re-sign Process

1. Select the binary.

Files can either be selected from the list or uploaded by clicking the Upload button at the top of the list for APK and AAB files.

2. Click the "..." button and select Re-sign Binary

The following details of the original binary will be shown in this form.

3. Select the correct keystore and click the Sign button to sign your binary. You may also change the Package ID, Version Name and Version Code.

When an app version is signed using the Testing Distribution Profile or uploaded manually or automatically through the Build module, a signed badge will be displayed on the Testing Distribution Profile for the corresponding app version.

Hovering over the signed badge will display the certification name used to sign the app version.

Auto Re-sign

In addition to manual resigning, the Testing Distribution module supports Auto Re-sign Configurations for both iOS and Android binaries.

The Auto Re-sign feature allows users to automatically re-sign their iOS (.ipa) and Android (.apk/.aab) applications with a different keystore, provisioning profile, or certificate before distribution.

You can enable the Auto Re-sign feature by navigating to Settings option and enabling Auto-resign toggle for iOS and/or Android.

Once it's enabled, you will need to configure the Auto Re-sign feature for iOS and Android. Auto Re-sign Configurations options can be found by clicking ....

iOS Auto Re-sign Configurations

For iOS, you can configure:

• Information: Configure your binary's Bundle ID and update display name.

Bundle ID

Appcircle Testing Distribution profiles can accept binaries with different bundle identifiers. The binary defined for the profile serves as the reference for Auto Re-sign. When a binary with a different bundle identifier is uploaded, it is re-signed according to the bundle identifier of the profile. The bundle identifier of the resulting re-signed binary is updated to match the one associated with the profile.

Update Display Name

With the Display Name parameter, you can change the visible name of the binary that will be re-signed. The re-signing process starts with the specified display name, and once completed, the CFBundleDisplayName value inside the binary is updated accordingly.

info

If CFBundleDisplayName is not present in the info.plist, changing the display name will not take effect.

• Versioning: By utilizing the versioning capability of the Auto Re-sign feature, you can modify the version and build number of the incoming binary according to the defined strategy during the re-signing process.

• Signing: Choose provisioning profiles and entitlements required for re-signing.

App Store Connect Credential

Appcircle’s Auto Re-sign feature requires an App Store Connect credential. Therefore, selecting a credential is mandatory for both versioning and signing processes. This credential is used to download the necessary signing assets and retrieve version-related information when versioning is configured to use App Store data.

For more information, please visit the App Store Connect API Key documentation.

Signing Method

The Signing Method defines how Appcircle selects the provisioning profile during the re-signing process. This strategy determines whether Appcircle should use an existing provisioning profile. Selecting the appropriate signing strategy ensures compatibility with your target distribution method and proper signing of your binary.

For more information about these signing strategies, please visit the Apple Profiles documentation.

Certificates

In addition to the selected signing strategy, Appcircle requires a corresponding certificate to perform the auto re-sign process. Therefore, make sure that your certificates are uploaded under the Apple Certificate section in the Appcircle Signing Identity module. The re-signing process will begin using the certificate you have selected.

For more information, please visit the Signing Identity Module and Apple Certificates documentations.

Create a New Provision Profile

If the Create a New Provision Profile option is enabled, Appcircle generates a valid provisioning profile for signing using the Apple API Key selected in the profile settings and your Apple Developer account. If this option is disabled, Appcircle matches an existing valid provisioning profile from your Apple Developer portal for the signing process.

Create a New Provision Profile

If you do not want to create the provisioning profile for signing, Appcircle will attempt to match a valid provisioning profile and use it for the signing process. When this option is disabled and a matching provisioning profile cannot be found, a new provisioning profile will be automatically created.

Android Auto Re-sign Configurations

For Android, you can configure:

• Information: Configure your binary's package ID.

Package ID

Appcircle Testing Distribution profiles can accept binaries with different package ID. The binary defined for the profile serves as the reference for Auto Re-sign. When a binary with a different package ID is uploaded, it is re-signed according to the package ID of the profile. The package ID of the resulting re-signed binary is updated to match the one associated with the profile.

• Versioning: By utilizing the versioning capability of the Auto Re-sign feature, you can modify the version and build number of the incoming binary according to the defined strategy during the re-signing process.

• Signing: Select the keystore for signing your .APK or .AAB files.

Keystores

The Keystores section is where you manage the signing credentials required for Android re-signing. To successfully perform the auto re-sign process, Appcircle needs access to a valid keystore. You must upload the keystore file, provide the necessary alias, and enter the key and store passwords within the Android Keystores section of the Signing Identity module. The re-signing will be executed using the selected keystore credentials.

Keystore

In order for Appcircle to initiate the auto re-sign process, a selected keystore must be available. Therefore, ensure that the keystore you want to use for signing is uploaded under the Android Keystores section in the Appcircle Signing Identity module.

For more information, please visit the Signing Identity Module and Android Keystores documentations.

Convert AAB to APK

The Convert AAB to APK option allows you to automatically convert an Android App Bundle (AAB) file into an APK during the re-signing process. This is especially useful when your distribution channel requires an .APK instead of an .AAB. When enabled, Appcircle will handle the conversion and signing of the resulting APK seamlessly.

Sharing AAB

Testing Distribution profiles will not allow .AAB binaries to be shared with testers. It is recommended to keep this convert option enabled.

Auto Re-sign Behaviour

• Once Auto Re-sign is configured, every new binary uploaded to the Testing Distribution profile will automatically be re-signed.
• Signed binaries will be displayed with a signed badge, and hovering over it will show the certificate details used.

Re-sign History

1. Select the binary.

You can either select the files from the list or upload binaries by clicking the Upload button at the top of the list.

2. Click the... button and select Resign History

3. Each signing process will be listed for that binary. If you click the View Log button, you can get more details about the process.

info

You need the check the history of the original application that has been signed.