Would be really nice, if you could implement it!

Hi!

iOS 15 breaks the current code signing service. None of my signed apps work any longer.
Always says " the devoloper must update the app"

Discovered the Altstore reddit:
https://www.reddit.com/r/AltStore/comments/numjvp/warning_ios15_breaks_altstore/

https://www.reddit.com/r/AltStore/comments/nuzkng/side_loading_on_ios_15/?utm_source=share&utm_medium=web2x&context=3

Maybe there is a fix for this fantastic workflow?!?

Thanks
URBANsUNITED

Hi and sorry for hijacking this.

But I need help to setup the SSL way, please.
I got it working so far on my RPI3b+ and Debian Buster.
But I would like to use the direct install option.

Who can help me with is?

Reverse proxy - secure and reliable, but harder to set up

Requires publicly accessible port 443 (HTTPS)
Requires domain with valid certificate
Requires manual configuration of reverse proxy with your own authentication.
Don't protect the following endpoints:
/apps/:id/
/jobs
/jobs/:id
where :id is a wildcard parameter.

How to setup this in Debain or docker please?

Thanks a lot

URBANsUNITED

Hi,

I followed the instructions and currently running the web service on a Windows 10 machine with Github Actions as the builder with a developer account (provision + certificate).
The build completed successfully and the file is made available for install/download.

But when I click the Install button nothing happens. No prompt, no install, nothing new on the iPhone's homepage.
The browsers I tried were Safari and Chrome, both the same result.

This is what I see in the web service console every time I press the Install button:
{"time":"2021-04-07T08:51:21.8639162-04:00","id":"","remote_ip":"xx.xx.xx.xx","host":"my-private-url.trycloudflare.com","method":"GET","uri":"/apps/1df97ec4-9f61-4a58-acb9-bd4cb8293fab/manifest","user_agent":"com.apple.appstored/1.0 iOS/14.4.2 model/iPhone13,1 hwp/t8101 build/18D70 (6; dt:228) AMS/1","status":200,"error":"","latency":1394200,"latency_human":"1.3942ms","bytes_in":0,"bytes_out":1238}

Any idea why it wouldn't install?

Thank you!

BTW I didn't mean to add the "bug" label. This could very well be a setup/user issue :) and not a "bug".

!! Please fill in this template, DO NOT ignore or delete it. !!

I tried basic troubleshooting first

• Updated both ios-signer-service and the builder (ios-signer-ci or ios-signer-builder) to the latest version
• Read through the FAQ page

Describe the bug

Hello! Odd issue I'm having when trying to use ios-signer-builder hosted on my own Mac. On observing the builder running through the script, when it opens Xcode->Accounts and proceeds to enter my Apple ID and password, it does so in all capital letters, causing the login to fail. As you can see in this screenshot, on the right side of the password field, it appears that the caps lock key is enabled, however it is not (and retrying the process with caps lock actually enabled makes no difference).

IMO the logs don't contain anything that stands out to me, but I'll include them as requested

ios-signer-builder-logs.txt
ios-signer-service-logs.txt

Also, I'll add that I double checked my account_name.txt and account_pass.txt files and they both contain the correct information in lower case.

To reproduce

Steps to reproduce the behavior:

Setup ios-signer-builder on Mac, ios-signer-service on same Mac, attempt to sign application from the web interface.

Expected behavior

Account name and password are entered correctly in Xcode, allowing the signing to proceed

Screenshots

(see above)

System configuration

• ios-signer-service version: 2.4.14
• Installation type: computer
• Builder type: ios-signer-builder
• Builder version: 1.0.11

Additional context

Nothing off the top of my head. Just also wanted to say thanks for your hard work on this project! I've been using the Heroku+Github Actions version successfully for a few months now, and it works fantastically.

Seems interesting but I am stuck at "Signing profile". Sadly, I don't have a Mac, and hence I am not able to proceed without the .p12 file.

Any help in obtaining that on windows would be really appreciated.

How do I add a dockfile to the docker container?

Currently, there is a memory leak because of this.

I get this message after trying to install an app that was successfully signed.

Unable To Install "App Name.ipa"
This app cannot be installed because its integrity could not be verified.

Useful for free developer account apps that expire every 7 days.

Sorry for the off-topic, but I'd need to talk with you privately. I didn't find a way yet.

I completed the ssl reverse direction, but I can't receive the cert_pass file by 404 error. Please help me.

Is there ability to run the signer via a-shell instead iSH? It's integrated with shortcuts and more comfortable because of that.

Hi,

I'm trying to upload an IPA into the web interface, after a couple of seconds, the web interface redirects to /apps and displays {"message":"Internal Server Error"}.

My docker log is:
{"time":"2021-03-04T07:18:15.894553187Z","id":"","remote_ip":"123.123.123.123","host":"https://mywebsite.ld","method":"POST","uri":"/apps","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36","status":500,"error":"no profile with id 123","latency":371580849,"latency_human":"371.580849ms","bytes_in":58524658,"bytes_out":36}.

Any better way to debug this ?

Best regards.

i.e. -log-level

When I hit "Install" button, the app appears on the Home screen, but is not downloading. Here's a screenshot.

I am using ngrok with https. The app is displayed as signed. Any help is appreciated. Thanks

EDIT: After about a minute, the app disappears

Hello, so I have a web host as well as a MacOS Server. I also built an automator services that listens to folder actions, so when an ipa appears in this folder (which is a mounted NAS drive), it will kick off xresign, sign the ipa and export it back into the same folder.

So from my understanding it seems like I have the CI and Signing sections completed but just need to get the IPA from the web host to the MacOS server and then have the website recognize the finished product and allow installation.

I'm trying to find out how to integrate your front end with this backend. From my understanding I mostly just need to point the uploads to upload to the same NAS folder, and get the results from there to install. Is this something that can happen or is that going to be incompatible with your service?

This only happens sometimes, likely with bigger files, and it could be attributed to either an out of memory error, or failure to emulate an instruction on ISH's side. More debugging is required.

Hi, I am trying to make an iOS native app for ios-signer-service. What are the API endpoints, or where can I find them? Thanks!

Hi, I just uploaded a large .ipa file and it seems that it could not be signed in under 10 minutes. Are there any workarounds to this? Can I manually sign it using my Mac? Thanks

I tried basic troubleshooting first

• Updated both ios-signer-service and the builder (ios-signer-ci or ios-signer-builder) to the latest version
• Read through the FAQ page

Describe the bug

I'm using the docker version of ios-signer-service with port 8080->42270.
Accessing the website via my Nginx reverse proxy gives ERR_TOO_MUCH_REDIRECT with Chrome with a lot of HTTP 302.
When testing with curl http://127.0.0.1:42270 -L -vvv, here is the encountered error:

curl http://127.0.0.1:42270 -L -vvv                                      
* Expire in 0 ms for 6 (transfer 0x5649d127aee0)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5649d127aee0)
* Connected to 127.0.0.1 (127.0.0.1) port 42270 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:42270
> User-Agent: curl/7.64.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Location: https://127.0.0.1:42270/
< Date: Mon, 02 Aug 2021 03:41:56 GMT
< Content-Length: 0
< 
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'https://127.0.0.1:42270/'
* Hostname 127.0.0.1 was found in DNS cache
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5649d127aee0)
* Connected to 127.0.0.1 (127.0.0.1) port 42270 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 1
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Adding redirect_https: false to signer-cfg.yml does not work as this line is removed from the file on docker run.

To reproduce
Proceed to a fresh installation with the image, use the default signer-cfg.yml.

Expected behavior
Connecting to http://127.0.0.1:8080 should not automatically redirect to https://127.0.0.1:8080. The HTTPS redirection seems forced despite having the possibility to disable it.

System configuration

• ios-signer-service version: 2.4.4
• Installation type: computer, nginx
• Builder type: ios-signer-ci
• Builder version: be43996

Hi I'm using Linux beta on chromebook(so arm64)
And whenever I try to run the file
./ios-signer-service_2.2.4_linux_arm64
I get the error:
_-bash: ./ios-signer-service_2.2.4_linux_arm64 : Permission denied _
Need some help

Hello,

When you install the docker image, where is the configuration file generated in the system?

Thanks.

Trying to run the builder on the device itself , followed all steps , when trying to install in ipa after it’s signed , ish shows : error="code=405, message=Method Not Allowed" and the ipa is stuck afterwards unable to be installed

i think it’s better if you create a discord server/telegram channel/matrix room(most private option) where we can build a community and help each other out , meanwhile i would appreciate if i can contact you directly and help me troubleshoot this , my telegram id : REDACTED

I cant sign ipa, got an error on ios-signer-ci on github
log is here

R```
un ./sign.sh
7
Obtaining files...
8
Creating keychain...
9
Traceback (most recent call last):
10
Cleaning up...
11
File "/Users/runner/work/ios-signer-ci/ios-signer-ci/sign.py", line 226, in
12
run()
13
File "/Users/runner/work/ios-signer-ci/ios-signer-ci/sign.py", line 155, in run
14
raise Exception("No valid code signing certificate found, aborting.")
15
Exception: No valid code signing certificate found, aborting.
16
Error: Process completed with exit code 1.

**Expected behavior**
downloadable ipa



**System configuration**

- ios-signer-service version: v2.4.14
- Installation type: heroku
- Builder type: ios-signer-ci
- Builder version: 9201af5

Hi again. I have another issue where GitHub Actions cannot sign my .iPA file. It says

/Users/runner/work/_temp/39df6836-3324-44f5-8d3f-c6d7d3fbe509.sh: line 1: ./sign.sh: No such file or directory
Error: Process completed with exit code 1."

Here's the screenshot:

Also, sorry for asking too much help. I love your project.

I tried basic troubleshooting first

• [ x ] Updated both ios-signer-service and the builder (ios-signer-ci or ios-signer-builder) to the latest version
• [ x ] Read through the FAQ page

Describe the bug
Signing failed 'the codesign_allocate helper tool cannot be found or used'

To reproduce
Steps to reproduce the behavior:

upload above 90MB ipa.

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

System configuration

• ios-signer-service version: latest
• Installation type: docker
• Builder type: both tested
• Builder version: latest

Additional context
Add any other context about the problem here.

Hi
Sorry for deleting the template I have a general question,
I'm on Linux system and just wondering is there any way to dump my altserver certificate directly from my jailbroken ios device?
I was following instructions pretty good until the signing profile section .
also thanks for your work.

Hi, I have this issue with my CI builder when uploading it with the web interface. How can I fix it?

How to run your service on Android??? Please help me

i have imported my cert to the data/profiles directory and i come across this error (open data/profiles/cert.p12/names.txt: not a directory) wont let me do anything.

could you post a step by step tut on how to set it up

thanks

Hi I cannot access the signing portal the following is what I get when I start the service

Welcome to Alpine!
You can install packages with: apk add

You may change this message by editing
/etc/motd.
Saleem-Urs-iPhone:~# ./start-signer.sh
Starting service...
2021/03/27 19:14:25 get config: read existing: de
code: yaml: line 1: did not find expected key
ngrok by @inconshreveable (Ctl+C to qu
it)
ngrok does not support a dynamic, color terminal
UI on solaris.
Access the web interface for connection and tunne
l status.
Version 2.3.35
Region United States (us)
Web Interface http://127.0.0.1:40
40
Press Ctrl+C / ^+C to stop...

Hi again,

So I thought about the features I would love to see in iOS Signer Service, and I made a list of them. So if you will have time and would like to implement those features, it would be amazing! Here's the list:

Updated by maintainer:

• Reorder apps in list - The current order by date is sufficient in my opinion and I don't want to make the UI more complicated. Unless you have a specific use case I would prefer to keep it this way
• I can help you with this, iOS native app? :) - As discussed in private, this project will stick to a web service so it can avoid the initial sideloading problem and the one extra app slot taken in case of free dev accounts
• Upload date of an app - Added in 2.0.0
• Time since uploading (for apps which are still signing) - Added in 2.0.0
• Drag and drop support to upload .iPA files - Added in 2.3.0
• Custom name for the uploaded app on the website - Added in 2.4.4
• Github button, which redirects to this repository
• FAQ button on top for new users
• Upload progress bar - Added in 2.5.10
• Cancel signing button - Not easily doable since not all builders provide a reference to the job via API. Would be possible to modify the signing script to periodically poll for a "cancel" request, this way we could also know exactly when the job failed instead of waiting for timeout

When I run the ./start-signer command I get the following
Starting service...
ngrok by @inconshreveable (Ctl+C to qu
it)
ngrok does not support a dynamic, color terminal
UI on solaris.
Access the web interface for connection and tunne
l status.
Version 2.3.35 Region United States (us)
Web Interface http://127.0.0.1:4040

Hi @ViRb3, I find it difficult to find->tap->select>copy the trycloudflare.com URL that is generated when running start-signer.sh in the output. Is it possible to either automatically copy it to the iOS clipboard or maybe make it clickable in the start-signer.sh output?

Thank you!

Hello, i have an dev accout but i cant sign my apps

What is the problem?

Run ./sign.sh
Obtaining files...
Creating keychain...
Importing certificate...
1.2.840.113635.100.1.61
Signing...
Usage: xresign.sh -i APP_PATH -c CERT_NAME [-epbdas ...]

-i path to input app to sign
-c Common Name of signing certificate in Keychain
-e new entitlements to use for app (Optional)
-p path to mobile provisioning file (Optional)
-b new bundle id (Optional)
-d enable app debugging (get-task-allow) (Optional)
-a force enable support for all devices (Optional)
-s force enable file sharing through iTunes (Optional)
-n set bundle id to mobile provisioning app id (Optional)
-w write bundle id to file (Optional)
Error: Process completed with exit code 1.

There's an additional "Do you want to enable 2FA now?" prompt that needs to be closed before login is complete.

I tried basic troubleshooting first

• Updated both ios-signer-service and the builder (ios-signer-ci or ios-signer-builder) to the latest version
• Read through the FAQ page

Describe the bug
The build successful but the link https://bunduuk.herokuapp.com/ gives a application error.

To reproduce
Steps to reproduce the behavior:

1. Go to 'https://bunduuk.herokuapp.com/'
2. See error

Expected behavior
A login pop which asks for Username and Password.

Screenshots

System configuration

• ios-signer-service version: [2.3.9] though I believe I didn't use this anywhere.
• Installation type: [heroku]
• Builder type: [ios-signer-ci]
• Builder version: [ios-signer-ci, e888ae5
  ]

Additional context
I believe, I have some major issue with installation I am also attaching the logs from Heroku builds.

=== Fetching app code
=== Building web (Dockerfile.heroku)
Sending build context to Docker daemon 540.2kBStep 1/9 : FROM golang:1.16-alpine AS builder
1.16-alpine: Pulling from library/golang
540db60ca938: Pulling fs layer
adcc1eea9eea: Pulling fs layer
4c4ab2625f07: Pulling fs layer
c5e7595549f7: Pulling fs layer
3df88182f7ac: Pulling fs layer
c5e7595549f7: Waiting
3df88182f7ac: Waiting
4c4ab2625f07: Verifying Checksum
4c4ab2625f07: Download complete
adcc1eea9eea: Download complete
540db60ca938: Download complete
3df88182f7ac: Verifying Checksum
3df88182f7ac: Download complete
540db60ca938: Pull complete
adcc1eea9eea: Pull complete
4c4ab2625f07: Pull complete
c5e7595549f7: Verifying Checksum
c5e7595549f7: Download complete
c5e7595549f7: Pull complete
3df88182f7ac: Pull complete
Digest: sha256:0dc62c5cc2d97657c17ff3bc0224214e10226e245c94317e352ee8a2c54368b4
Status: Downloaded newer image for golang:1.16-alpine
---> 722a834ff95b
Step 2/9 : WORKDIR /src
---> Running in 431784564bd4
Removing intermediate container 431784564bd4
---> c38a3a0442ca
Step 3/9 : COPY . .
---> 1192724828a6
Step 4/9 : RUN go mod download && CGO_ENABLED=0 go build -ldflags="-s -w" -o "bin-release"
---> Running in 2d0a680312f2
Removing intermediate container 2d0a680312f2
---> 044f91b66b53
Step 5/9 : FROM alpine:3.13.5
3.13.5: Pulling from library/alpine
540db60ca938: Already exists
Digest: sha256:69e70a79f2d41ab5d637de98c1e0b055206ba40a8145e7bddb55ccc04e13cf8f
Status: Downloaded newer image for alpine:3.13.5
---> 6dbb9cc54074
Step 6/9 : WORKDIR /
---> Running in 85bcf73a00b4
Removing intermediate container 85bcf73a00b4
---> 2ed9012a259d
Step 7/9 : COPY --from=builder "/src/bin-release" "/"
---> 3d3e13115e41
Step 8/9 : CMD ["/bin-release"]
---> Running in 6d4e512ae82c
Removing intermediate container 6d4e512ae82c
---> 50ce2b9d2932
Step 9/9 : EXPOSE 8080
---> Running in 212ce83ad59b
Removing intermediate container 212ce83ad59b
---> 7015cf9ae0d3
Successfully built 7015cf9ae0d3
Successfully tagged a7d14991461630b60f3a5730b21c85fb54409d35:latest
=== Pushing web (Dockerfile.heroku)
Tagged image "a7d14991461630b60f3a5730b21c85fb54409d35" as "registry.heroku.com/bunduuk/web"
Using default tag: latest
The push refers to repository [registry.heroku.com/bunduuk/web]
75f5bfce6a4b: Preparing
b2d5eeeaba3a: Preparing
b2d5eeeaba3a: Pushed
75f5bfce6a4b: Pushed
latest: digest: sha256:0ca52de2e022c0a76be35c0591574d6418872412b9f756800131f3671dc42a19 size: 739

Please help me :(

always get error , find the log file

logs_28.zip

Hi, I hope you can help me. I set up the ios-signer-service on Heroku as per instructions.
Under PROFILE_CERT_BASE64 I pasted the base64 for my Apple developer Distribution certificate (as I want to enable various entitlements such as push notifications) and pasted the cert password in PROFILE_CERT_PASS.
Is this the correct way to use my Apple Distribution certificate?

When I try to sign an IPA I get this error:
error: Revoke certificate: Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain. Xcode can create a new one after revoking your existing certificate. (in target 'SimpleApp' from project 'SimpleApp')\nerror: No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "SOMETEAMID" with a private key was found.

Any idea what I might be doing wrong?

Thank you!

Should make it easier than creating the files and directories manually.

So, my build succeeded, but when I open the app link it says Application Error.

I don't know what else to tell you or what log files should I attach.
Please guide me.

Sorry for another issue and being stupid, but where can I find it? I tried to find it in the keychain, but if I try to export one of the certificates I have (Development), it wouldn't let me chose the .p12 option. How can I find the right certificate? Thanks!

I tried basic troubleshooting first

• Updated the web service and the builder to the latest version
• Read through the FAQ: https://github.com/SignTools/ios-signer-service/blob/master/FAQ.md

Describe the bug
I cannot see a progress bar when uploading .ipa.

To reproduce
Steps to reproduce the behavior:

1. Upload an app

Expected behavior
As far as I understand, there should be a upload progress bar. You said that in #12

Screenshots

System statistics

• Web service version: 2.0.0
• Builder type: Github Actions
• Builder version, if applicable: 427dc08
• Deployment method: ngrok

!! Please fill in this template, DO NOT ignore or delete it. !!

I tried basic troubleshooting first

yes

• [X ] Updated both ios-signer-service and the builder (ios-signer-ci or ios-signer-builder) to the latest version
• [ X] Read through the FAQ page

Describe the bug

when the build happens it returns this error:

Obtaining files...
Traceback (most recent call last):
  File "/Users/runner/work/ios-signer-ci/ios-signer-ci/util.py", line 24, in run_process
    result = subprocess.run(cmd, capture_output=capture, check=check, env=env, cwd=cwd, timeout=timeout)
  File "/usr/local/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/subprocess.py", line 528, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('curl', '-s', '-S', '-f', '-L', '-H', 'Authorization: ***', '-o', 'job.tar', '***/jobs')' returned non-zero exit status 6.

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/runner/work/ios-signer-ci/ios-signer-ci/sign.py", line 211, in <module>
    curl_with_auth(secret_url + "/jobs", output=job_archive)
  File "/Users/runner/work/ios-signer-ci/ios-signer-ci/sign.py", line 27, in curl_with_auth
    return run_process(
  File "/Users/runner/work/ios-signer-ci/ios-signer-ci/util.py", line 26, in run_process
    raise (
Exception: {'stdout': '', 'stderr': 'curl: (6) Could not resolve host: ***'}
Error: Process completed with exit code 1.

To reproduce
Steps to reproduce the behavior:

1. Load the Delta ipa
2. wait until the build starts
3. the build fails

Expected behavior
App get signed

Screenshots

System configuration

• ios-signer-service version: [e.g. 2.1.1]
• Installation type: heroku
• Builder type: ios-signer-ci
• Builder version: 9201af5

Additional context

Selected, hopefully, both the certificate and the key.