Learn about new advances in Xcode's support for code signing, including more powerful distribution signing, better integration with Xcode Server, and more control for working with manual signing assets.
We have some very great stuff for you, today. Last year we unveiled automatic signing.
And it's great.
Automatic signing was a major leap forward in the ease of use for how you sign your app.
Today, we're taking the next step. We're making it possible to use automatic signing for distribution, XCode Build, and XCode Server.
So, what exactly are we going to talk about, today? First thing, is I'm going to very briefly review the fundamentals of signing and how it works on our platforms.
Next, I'm going to show you how to set up XCode Server to perform development signing so that you can regularly run tests on the device.
Then, I'm going to show you some of the great changes that we've been making to manual signing.
Itai is going to come up and show you all of the great changes we've been making to distribution and distribution signing.
And Brent will come up to show you how to set up XCode Server, and for the first time, perform distribution signing.
So, before we get in too deep, I would like to take a moment to remind us why we do this. Why do we code sign? Well, the simple answer is that code signing protects us. It protects us as users, it protects us as developers. And all of us are users. All of us download apps from the store, and we're sure that, that app came from the developer that wrote it, because of code signing. And every app that we download from the store, we're sure that Apple has approved that, that app is allowed to use special system services.
We can trust the security and the privacy of our devices because of code signing. So, how does this actually work? Well, every app had a code signature.
And when the app is run, the system checks for a couple things. It first checks that, that signature is valid.
That it hasn't been tampered with since it came from the original developer.
And that, that app is allowed to use special system services, like App Groups.
And the signature also tells us if it's been provisioned for this device. If it's for development, it's been provisioned for a couple devices. And if it's for the App Store, that code signature says it can run on any device.
Now, composing this signature, XCode uses three essential ingredients. Our good friends, the signing certificate, a provisioning profile, and entitlements.
Now, I'm going to spare you a very detailed explanation of how all of this works. But I would like to refer you to last year's talk, What's New in XCode App Signing, where we go into great detail about how this works with our platforms. And how it works with XCode 8. What I will say is that collecting all of these assets, it's not that much fun. It's complex. Which is why in XCode 8, we introduced a solution to manage all of this complexity, automatic signing.
When you enable automatically managed signing, XCode will automatically create app IDs. It will create certificates. It will update provisioning profiles. It will update entitlements. It will do all of that stuff you don't want to deal with, so that you can get on with your development.
Enabling automatic signing is really the way to go.
And I'm pleased to announce that in XCode 9, all of this great functionality is available in XCode Server. And we know that there are certain situations in which you'd like to directly manipulate your signing configuration. So, we also have manual signing support in XCode Server.
So, for those of you who don't know, I hope you know that XCode Server is the continuous integration service powered by XCode. And now, it is built right into XCode. You no longer need to have Server app installed. If you've used this before, this is a huge convenience. It has never been easier to get going with continuous integration. And XCode Server allows you to very easily set up testing on the Simulator and on the device. Now, testing on the device requires code signing.
So, I'd like to explain how code signing fits into the greater picture of XCode Server.
When you're working on your app in XCode, you work on a project and you upload updates to that project to a remote repository.
You then, set up XCode Server with a bot to pull from that repository, build your app, and run tests on the device.
And running on a device requires a code signature. And XCode composes that code signature using those essential ingredients, the provisioning profile and a signing certificate. So, how are we going to get those onto XCode Server? Well, the good news is if you have targets enabled with automatic signing, this can just happen for you. XCode Server will automatically create certificates, it will update provisioning profiles, it will register devices.
All so, that signing can be performed. This is really fantastic.
And if you have manual setup for your targets.
XCode Server now has UI for you to send any certificates from your administrative Mac over to the server that will be performing integrations and code signing.
So, XCode Server now has support for automatic and manual signing.
Now, XCode Server is able to make use of automatic signing, because you join XCode Server to your team as another member. You do this during XCode Server setup, if you're a team agent or admin.
And XCode Server now supports logins from Apple IDs with two-factor authentication.
Now, all of this great signing functionality is available to XCode Server because XCode Server, under the hood, calls out to the command line tool, XCode Build.
Which means that XCode Build now offers command line support for automatic signing repairs. And this is huge.
Now, if you have a third-party continuous integration service, you should listen up. Because what this means is that XCode Build can now update provisioning profiles, it can download them, it can create certificates. All that magic that happens in the UI, can now happen on the command line.
And you enable this in XCode Build by passing the flag allowProvisioningUpdates.
And we've added some extra automation. If you have a device connected to your Mac, you can have it automatically registered with your team without interaction, if you also pass the flag allowProvisioningDevice Registration.
So, very cool.
So, as I've said, setting up XCode Server is super easy, now that it's built right into XCode 9. I'd like to show you how you set up XCode Server, briefly, so that I can show you how to set up signing for that server.
So, the first step is opening up the Preferences of XCode. And all the way to the right, we have a new tab, Server and Bots. That's where you turn on XCode Server.
The next step is opening up the Accounts pane, where you can add a client account. That way you can view your server working.
The next step is opening up your project and using the Product menu to create a Bot. And then, in the Reports navigator, you can view all the integrations that your Bot have been running. You can see all the servers and Bots. And each integration, you can see whether your project is built, whether tests you have, have run, whether they've succeeded or failed. That's what you can see, here. And now, when you set up XCode Server, there's a new tab, the Signing tab. This is what it looks like.
This gives a number of options so that you can set up XCode Server to be powered to use automatic signing. This first checkbox, Allow XCode Server to manage my certificates and profile, will give XCode Server the power to use automatic signing for any of those targets in which it's enabled.
And you authorize that, again, by adding XCode Server to your team. And you do that, here. And then, there is this other checkbox, Automatically add missing devices to my developer team. This will automatically register any devices connected to your Mac, without interaction. And those two checkboxes in the UI mirror those flags, allow provisioning updates, and allow provisioning device registration for XCode Build.
So, I've said enough. Why don't I actually show you this working? Okay. So, I have opened up XCode to my project, ChocolateChip.
And I've already set up Server with a Bot to perform integrations on the Simulator.
So, I've just purchased this shiny new device, and I'd like to run tests on the device. In order to do that, I need to enable XCode Server to make use of automatic signing.
So, first step is clicking on the Reports navigator. And you can see here, the server that I've created. The Bot. And the one integration that's run.
And I'm going to Control Click and bring up the Bot editor. So, my first step will be clicking on the Devices tab, where you can see that I've set up XCode Server to run tests on the iPhone SE Simulator. I'm going to change that, instead, to run on any device that's connected to the Mac.
Next, in the Signing tab, you can see what we've been talking about.
I'm going to allow XCode Server to create certificates and profiles. I'm going to add XCode Server to my team.
And I'm going to allow XCode Server to automatically register any device that's connected, including this one.
All right. So, we're all ready to get started testing on the device. I'm going to manually initiate an integration.
So, what's happening, now, is XCode Server is downloading the project from the repository. It's building the app.
It's creating a certificate, registering my device, adding that device to the profile, downloading the profile and signing it.
All so that we can run tests on the device.
And normally, I would say, don't watch your Bot, it's not that much fun. You can let this automate itself in another room. But after a certain amount of bake time, our cookies will be done.
And there we go. All two of my tests have passed. I'm in very good shape.
So, you've just seen how you can set up XCode Server to automatically perform development signing so that you can run tests on the device. Now, we really like automatic signing. We don't want you to be consumed with managing all of these assets. We want to be coding. We want you to be coding, as well.
Setting automatic signing. I do t it. We suggest everyone do it.
However, we know that there are certain situations in which you may want to directly manipulate your signing configuration. And for that, we have manual signing. And now, we've improved it.
We've added some improvements to the certificates sheet in the Accounts Preferences.
Now, this sheet will tell you what certificates you've created on your Mac and other Macs that you own. That's the developer's certificates, above. And in the section below, you can see all of the distribution certificates that have been created by anyone on your team.
Whether they're on your machine or not. And we've improved the visibility, here. Now, you can see when a certificate is missing a private key or it's been revoked. And we even include the creator of the certificate, and you can email the creator of that certificate, right from the sheet and ask them to share it with you. In the Project Editor when you're using manual, you select a profile, yourself. And we've added a new menu item, Download Profile. It'll bring up a sheet that looks like this. And you can see, on the left, a list of eligible profiles from profiles that I've created on the portal. And these are profiles that are eligible for my target.
When I've selected one, you can see a detailed view of that profile and see how it compares with your target.
Whether the capabilities match. Even if the device is connected, you can see if that device is in the profile. This is a major improvement for finding the right profile before you select it and try to sign with it. And if you have a profile selected, already, but it's not installed locally on your machine, XCode will offer to download that profile for you.
Which, we know it will work. Now, we know that you're still in manual. We're not interested in touching your project state or your portal state. We're very clear about this distinction. This is really just a convenience.
And of course, in XCode Server, we also have manual support.
Under the Signing tab you'll see tab that's like this, the Certificates and Profiles tab, where you can see a list of the certificates and profiles installed on your local machine. That you can send over to your server to perform manual signing. So, when you are using manual signing, we recommend using the General tab to make any changes to your signing setup.
However, if you have automation or you just don't want to use the UI, we have build settings for extra flexibility. In XCode 8, we introduced Development Team, that's to set the team identifier.
Provisioning Profile Specifier, to set the profile by name, and Code Sign Identity, to set the certificate.
And in XCode 9, we're introducing a new build setting, Code Sign Style.
You can use Code Sign Style to set the style to automatic or manual at the target or build configuration level.
We think that this is exciting, but it's for advanced use cases. For most cases, you should be able to set your entire target, keep it set, to automatic.
Well, you've seen just about all there is for development signing.
We've made a lot of great improvements to distribution and distribution signing. For more on that, please give a warm welcome to my friend Itai Rom. Thank you, Chris. Good afternoon, everyone.
So, Chris just showed you all the improvements we've made when you're development signing your app. I'd like to change gears a bit, and talk about distribution.
Now, when you're ready to share your app with others, the first thing you need to do is build an archive.
An archive is a special release build of your application. And we recommend development signing it. In fact, that's the default setting.
Now, the reason that we recommend that is so that any developer on your team can easily build an archive and share it with other. Without needing access to any special distribution signing certificates.
The archive contains both the machine code and bitcode of your app, as well as your debugging symbols, all bundled up together. And once you've built one of these you can use XCode's Organizer window to generate an IPA and upload it to the App Store.
When you generate that IPA, XCode will distribution sign your app according to App Store requirements. So, this is the other part of why you can development sign your archives. Because XCode will resign your app when you distribute it.
In fact, you can distribute your archive in a variety of ways.
You can ad hoc distribution sign it if you want to share the app with other people on your team or your QA engineers. Or if you're a member of the Enterprise Developer program, you can enterprise sign it and share the app with other employees in your company.
Now, in addition to the distribution method there are a lot of other choices you need to make when you distribute your app.
You need to choose how you want to sign it, which profiles to use, which entitlements it needs.
If you're using bitcode app thinning or on-demand resources, then you also need to decide how you want to handle those features. And if you're uploading to the App Store, then you need to decide whether you want to include symbols or not.
So, this can get quite complex.
I'm pleased to announce that in XCode 9 we've made some major improvements to the distribution workflow that'll make is easier than ever before to share your apps with others.
While also giving you more power and control over the process.
Now, the first thing we've added is automatic signing. This works just like during development. So, XCode will take care of all the distribution signing details for you. And you can focus on other tasks. In addition to automatic signing, for those of you who want full control we've added manual signing to the distribution workflow.
So, now you can create your own distribution profiles and tell XCode which ones to use. But XCode will never create or modify any of those profiles.
In addition to automatic and manual signing, we've made a lot of other improvements. We've streamlined the distribution workflow. So, for example, XCode won't ask you which development team you want to use, anymore. Because it already knows the answer.
We've also improved the visibility of errors. So, now it's easier to tell what went wrong when you run into a problem, and what you need to do to resolve it.
We've enhanced export functionality. So, now in XCode 9, once you've uploaded your app to the App Store, you can save a copy of your IPA in case you need to refer back to it, later on.
And finally, we've enhanced the command line support in XCode Build, so that you can take advantage of all of these new features in your automation.
Let's dive into automatic signing, a little bit more.
This works just like development signing. XCode will create XCode managed distribution profiles. These are profiles that are completely under XCode's control. And they're the only profiles that XCode will use for automatic distribution signing. It will never touch or use any of your manually made profiles.
In addition, XCode will make it easy to create and share your distribution certificates. These are different from development certificates, because they're team owned signing assets. So, it's really important that you know when you've created one and you save it, so that you can reinstall it later or share it with others.
And finally, last but not least, for those of you with carefully crafted signing setups, in XCode 9, XCode will never offer to revoke a distribution certificate.
Yeah. So, we're all very happy about that one. So, you don't have to worry about any enterprising member of your team ruining your carefully crafted setup through XCode, anymore.
So, here's an example of the improved Air presentation. This is a common and potentially confusing situation. Someone on your team has already created a distribution certificate, but you don't have that certificate. Or, more likely, you don't have its private key.
Well, now XCode 9 tells you exactly who created those certificates, makes it really easy to contact them. So, you can get the information you need to finish the workflow.
Now, that's just one example. There are many others throughout the distribution workflow of improved errors.
The enhanced export functionality.
So, as I mentioned earlier, now it's easy to save aside a copy of your IPA after you've uploaded it to the App Store. But you get more than that.
We also give you a distribution summary PLIST. So, just like a receipt it shows you all the content in your IPA, how XCode resigned it, which entitlements it has, and so on.
You also get a packaging log, which is like a build log. It shows you, step by step, all of the commands that XCode issued when it transformed your archive into an IPA.
And you get an export options PLIST.
So, this last one is kind of interesting. An export options PLIST is like a recipe. It describes how you want to transform your archive into an IPA. And when you want to automate the process of generating IPAs, which you do, is you invoke XCode Build and give it one of these export options PLISTs. Now, in XCode 9, it's really easy to create these, because the distribution workflow will generate one for you. So, you don't need to manually edit these PLISTs, anymore.
Here's an example of what one looks like.
This is a really simple export options PLIST. As you can see, I've set up automatic signing and I'm exporting for the App Store.
And this last key in their upload symbols, I actually don't even need to include that. Because it defaults to Yes. Now, there are a lot of options that you can specify in these files. You can invoke XCode Build dash Help in terminal, to see everything that you can include in an export options PLIST. But most of the options have sensible defaults.
When you're ready to use this, all you do is invoke XCode Build dash export archive, pass the path of your archive and the path to your export options PLIST. And XCode Build will generate an IPA for you.
Now, there's one other thing. As you'll recall from Chris's section, we've added a new flag to XCode Build called allowProvisioningUpdates. And you can use that here, as well. So, that XCode Build will automatically generate distribution provisioning profiles for you. Anything that's necessary in order to generate your IPA.
So, let's take a look at the new distribution workflow in action.
Okay. So, here's our ChocolateChip app, which we've been working on for a while.
And as you can see, our extensive two test suite is passing. So, now we're ready to upload it to the App Store.
I'm going to start that off by clicking product and creating an archive.
And XCode's going to do that release build of my app, bundle it all up, and then show me the archive once it's completed, in the Organizer window.
From here, I can easily upload it to the App Store by clicking this very shiny enticing blue button.
And when I click that, the distribution workflow will drop down.
Now, XCode's going to start by analyzing some of the content in my archive. And that includes how my app was signed. So, that's how XCode knows which development team I'm using. It just reads the signature of my archived app.
It also determines which options to show me on the next screen.
This content is going to vary, depending on what's in your archive, as well as the distribution method you choose. So, if I had chosen ad hoc distribution, then I'd see some different options in here.
so, in this case, I have a bitcode option, because my app contains bitcode.
I also have a new Scrip Swift symbols option.
What this is going to do, is it allows the App Store to scrip Swift symbols from the Swift standard libraries in my app.
And that's going to greatly reduce the download size of my app for my customers. So, I'm going to leave that on. I also have the option to upload symbols, which will allow me to receive symbolicated crash reports from Apple. So, I'll leave that on, as well. And click Next.
The next step is where I can choose how I want to resign my app. I'll talk a little bit more about manual signing, later. For now, we'll stick to automatic.
And XCode's going to start talking to the developer website and figure out how to resign my app. The first thing it looks for is a distribution signing certificate.
Now, in this case, my team hasn't actually created one, yet.
So, XCode tells me about that and asks me if I want to create one.
So, now XCode won't just create one behind my back. I'm fully aware that I'll have a distribution certificate, and all I need to do is give XCode permission and click Next. And XCode will generate it. After that, XCode will ask me if I want to export my certificate. Like I said earlier, this is really important, because these are team owned assets. And there might be other people on my team who need to also distribution sign. Or I might need to reinstall the certificate, later. So, we really recommend exporting a copy of your certificate.
For now, since this is a demo, I'll click Next.
And now, XCode's going to continue talking to the portal, generating my distribution provisioning profiles. I'll allow Codesign to use my newly created signing certificate. That's how you can tell this is live. And once XCode is done it'll show me details about the IPA that it's created.
I can see all the content in my IPA, including my framework, my app extension, and my watch app. Right in here I can see how they're signed, and I can double check that the entitlements are correct. So, this gives me a chance to make sure my app is all correct before I upload it to the App Store.
Once I'm sure it fine, I'll click Upload and XCode will upload my app to the store.
Now, in the past, once this completes this is where the workflow would end in XCode.
But now, there's one additional thing I can do, here. I can export. So, when I select Export and save to the desktop, XCode will generate a new directory containing my IPA as well as all of those other files, including an export options PLIST that I mentioned, earlier. So, that's the new distribution workflow using automatic signing in XCode 9.
Now, let's talk a little bit about manual signing. Manual signing also works just like during development.
You or someone on your team will create provisioning profiles, and then you can select them in the XCode distribution workflow.
XCode won't ever create or modify any of these manual profiles. So, you're in full control.
This is fully compatible with XCode Build. So, you can still automate the creation of your IPAs if you want to use manual signing. But there's one note. If your archive was manually signed when you built it, then you also need to manually sign when you distribute.
So, how do you use manual signing? You'll recall this screen from my demo, a moment ago. If you choose manual signing, click Next.
Then, you'll be greeted with this interface. This is really similar to the signing UI that you see in the General tab in XCode's project editor.
You can select the distribution certificate you want to use. And then, profiles for each of the items in your app. When you pop open those popup menus, you see the profiles that are eligible, ineligible. You can import profiles or download profiles form the portal directly within the distribution workflow.
And if you select an ineligible profile you'll see issues associated with that selection right underneath your selection.
Once you've selected valid profiles for everything in your app, you can click Next and continue with the workflow. And as I said, this is all fully compatible with XCode Build. All you need to do is specify a couple of additional keys in your export options PLIST. So, you can see here, I've set Signing Style to manual.
And I've also provided a provisioning profiles entry that lists all the items in my app by bundle identifier, and all the profiles I want to use. And that's it. Now, I'm set up for automation. So, that's the new distribution workflow in XCode 9. We think you're all really going to love it. And now, I'd like to invite Brent onstage to talk about distribution signing in XCode Server.
Thank you, everyone. I'm really excited to be here, today, because for the first time in public we're going to show you how you can use an XCode Server to automatically create distribution signed IPAs for you. This is really exciting. It's a missing piece of the puzzle and we finally delivered it, and it's really great. But first, how did we do this? Well, in XCode 8 and XCode 9, we introduced great automatic signing workflows in XCode. And XCode Server gets all of that for free.
Likewise, all of the distribution workflows and that underlying technology, XCode Server also gets that from XCode. So, we have automatic signing, we have distribution, we have XCode Server, we have great workflows for development. And distribution signing. How does this all work? So, Chris showed you a slide that looked a little bit like this. And it's important to understand how XCode Server does this job. In order to sign an archive to create an IPA from it for distribution, XCode Server needs some special assets. Just like for development, it needs signing certificates and it needs provisioning profiles. Now fortunately, we've made this very easy. If you allow XCode Server to communicate with the developer portal on your behalf, it can get most of these things for you. It can get the provisioning profiles automatically.
But there's one thing it can't get, and that's the distribution signing certificate.
That's really no big deal, because we provide a great experience for you to share this with your server.
So, once your XCode Server has all of these assets it can build an archive. And then, it can transform that archive into an IPA for distribution to the App Store. So, what do you need to do? You need to copy distribution certificates to the server. You need to make sure that automatic signing is turned on. But this will also work for manual. I'll show you that. And then, thirdly, there's this export options PLIST that I talked to you about. So, what's that all about? Well, the export options PLIST is just a simple recipe for how you want XCode Server to transform your archive into an IPA. They can be very simple, and the can also scale up to some more complex manual signing scenarios, too.
So, I've been saying App Store a lot, but I want to emphasize that what we've built here, lets you distribute for all of the distribution methods. So, if you're doing enterprise or ad hoc or App Store, or whatever, this would just work. So, we think that's really great.
So, let's see this in action.
So, here's our ChocolateChip Bot that's been dutifully building our app and running tests on devices for two months, now.
So, what I want to do is I want to repurpose this Bot to build IPAs for me. Now, we recommend as a best practice that you create a dedicated Bot for this purpose, for creating IPAs. But I'm just going to repurpose this one for demo purposed, today. So, we'll go and edit the Bot. There a lot of options in the Bot editor. But what we need to do today is pretty simple. First, we're going to visit the Configuration tab. And in here, we're going to turn on Archiving.
Now, ever since XCode 5, when we introduced XCode Server, it's been able to create archives for you. And there have been a lot of great workflows, there. For example, you can create archives and then do over-the-air installs with XCode Server. And that's been great. You can still do that. But there's one new option that we've added, here. And that's what enables XCode Server to create this distribution signed IPA for you. So, that's the final option, here. Use custom export options PLIST. Well, where do I get one of those? Itai, being the great guy that he is, you may remember he exported that for me after he uploaded his app to the App Store. So, I'll go and I'll select that, now. So, it's a good idea at this point, that you verify that this is the right export options PLIST. So, conveniently, you can just click like it.
This is a pretty simple example of an export options PLIST. But you may remember from one of Itai's slides, if you have some more complex manual workflows you would end up, perhaps, having specific provisioning profiles, here. And other things you can do. So, it's a good idea. Just verify that this is the right export options PLIST. So, we've done that. And that's it for the Configuration tab.
Let's visit the Signing tab.
So, this is brand new in XCode 9, and we're pretty excited. Because this is how you configure XCode Server to do both development signing and distribution signing. So, these two checkboxes at the top, Chris already checked for us. And remember, the top one lets XCode Server communicate with the developer website on my behalf. My team is already added to the server. And even if you have a manual distribution workflow, it's really a good idea that you still have this checkbox checked. So, now let's visit the Certificates and Profiles tab.
So, what's in here? There are two tables at the top. Shows me all the certificates that are installed on this machine. And the bottom are the provisioning profiles. And what I need to do, is I need to share the distribution certificate with my server. That's real easy. Just click add the server, and it's done. That's all I need to do. And now, XCode Server has access to that distribution certificate. And because I've allowed it to talk to the developer website on my behalf, it can get all the assets it needs to create that IPA. You may be wondering what I need to do with the provisioning profiles table. Well, for most of you if you're doing automatic code signing, and you're doing App Store distribution, you don't need to do anything. But if you're targeting one of those other distribution methods, or you've specified particular profiles in that export options PLIST that we looked at. You're on the hook for making sure your server has those provisioning profiles. Again, that's really easy. Any profile you want to share, you just click Add the Server, and that will share it with your XCode Server.
So, that's it. I've visited the Signing tab and the Configuration tab. And now, this is the moment you've been waiting for. Let's integrate this Bot and watch it create two things. It's going to create an archive. And then, it's going to transform that archive into a distribution signed IPA that I can then upload to the App Store.
And there it is. So, for the first time. This is a really exciting development in XCode Server, and it's going to save you a lot of time. So, code signing. Code signing is really important. And we should feel fortunate as developers and users that we're using platforms where code signing is an integral part of the experience.
It keeps us safe. It keeps us secure. We know it's hard to get right. But in XCode 8 and XCode 9 we've put a ton of work into providing really great solutions for you. And we think it's easier than ever.
So, we have development signing with XCode Server, for your day to day development. And testing on devices.
We've also done a lot of work for manual signing, because we know that's important to a lot of you. We've made bit improvements to the distribution workflow in XCode. And of course, we've brought that distribution workflow to XCode Server.
So, that's it. There are a lot more related session, this week, no this topic. Thanks for attending. Have a great week.
[ Applause ]
Looking for something specific? Enter a topic above and jump straight to the good stuff.
An error occurred when submitting your query. Please check your Internet connection and try again.