Blue Cedar supports signing iOS apps on macOS, and signing Android apps on macOS or Linux.
To sign Android apps on Windows, see Signing Android apps on Windows (unsupported).
Exporting for external code signing
This process assumes that you have successfully integrated services with the app via the platform and included a valid signing profile. See Using and configuring signing profiles for information about signing profiles.
When you have secured an app for external signing and included a signing profile, you export a zip file and sign the app outside the platform. This zip file includes:
- A copy of the secured app
- All information required to sign the app
- A simple script (sign.sh) to run on a macOS or Linux signing server
The external signing option requires a signing profile to include with the secured app. Using Sign after integrating the app on the platform validates the signing parameters for use with your app, even though it does not actually sign the app.
If you have successfully integrated the app by applying policies, and included the signing profile with the "Sign externally" option:
- Click the Download button on the app card to download the app with its signing information.
- Choose the "Integrated and ready to sign externally" version of the app.
If you integrated the app without including the signing profile, see Running the signing script for instructions on specifying the signing parameters.
Using the exported zip file
Downloading an "Integrated and ready to sign externally" version of an app downloads a zip file that includes a "packed" version of the app (myapp.packed.apk).
Sign iOS apps on a Mac (macOS 10.12+) with Xcode 8.3.2+ and your code signing identity.
Sign Android apps on a macOS or Linux server with Android Studio SDK, including build-tools 29.0.2+. The signing process uses apksigner and zipalign, which are included in the build-tools.
The signing script requires you to have Python 3 installed on your signing server. If needed, download the latest Python 3 here:
Note that macOS Catalina already has Python 3 installed.
You may need to confirm that the build-tools location is in your command path. On the Mac signing server, find the installation folder in Android Studio > Configure > SDK Manager. Open a Terminal window and check the path:
$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
Find the path to the build-tools under the installation folder, and add it to the search path, for example:
To sign the app using the contents of the zip file:
On your macOS or Linux server, extract the contents of the zip file.
In the directory with the extracted files, make sign.sh executable:
$ cd exported-com.qwe.myapp $ chmod +x sign.shBASH
Run the script:
$ sh sign.shBASH
Optionally, you can specify the output filename, for iOS:
$ sh sign.sh -o output_filename.ipa
$ sh sign.sh -o output_filename.apk
If you don't specify an output filename, the signing script displays the filename when complete.
Note: Do not specify the input filename.
Running the signing script
When you integrate your app and choose "Sign externally", the platform produces a zip file with these contents:
- The integrated app (.apk or .ipa)
- A script (sign.sh) which calls the codesign script (written in Python)
- The codesign.py script
- A common_utils folder with a set of Python utilities
Use ./sign.sh to run the signing script, as described under Using the exported zip file.
- If the signing profile details (including keystore for Android and provisioning profile for iOS) were included during integration on the platform, the signing script signs the integrated app.
- If the signing profile details were not provided on the platform, the signing script prompts for those details. The signing process requires these details to validate, align, and sign the integrated app.
To override the signing profile details bundled with the app during integration, you can use the signing script to pass in these parameters.
|Signing script flag||Description|
|-k, --keystore||The location of the keystore to sign the Android app with|
|-a, --alias||The alias for the provided keystore|
|-p, --password||The password for the provided keystore|
|-o, --output||The output location for the signed Android app|
|Signing script flag||Description|
|-a, --app||The iOS app you would like to sign|
|-i, --identity||The signing identity to use for signing|
|-p, --profile||The provisioning profile to sign the app|
|-e, --entitlements||The signing entitlements to sign the app|
|-o, --output||The output location for the signed iOS app|