iOS 代码签名

在 iOS 上进行代码签名是通过官方 Apple App Store 分发你的应用或可能在欧盟的替代市场分发，并且一般是在终端用户设备上安装和执行所必需的。

🌐 Code signing on iOS is required to distribute your application through the official Apple App Store or possibly alternative marketplaces in the European Union and in general to install and execute on end user devices.

先决条件

🌐 Prerequisites

在 iOS 上进行代码签名需要注册 Apple Developer 计划，截至撰写本文时，费用为每年 99 美元。你还需要一台 Apple 设备来执行代码签名。这是签名过程所要求的，同时也是根据 Apple 的条款和条件所必须的。

🌐 Code signing on iOS requires enrolling to the Apple Developer program, which at the time of writing costs 99$ per year. You also need an Apple device where you perform the code signing. This is required by the signing process and due to Apple’s Terms and Conditions.

要分发 iOS 应用，你必须在 App Store Connect 中注册你的应用标识符，拥有适当的 iOS 代码签名证书，以及一个将它们关联在一起并启用你的应用所使用的 iOS 功能的移动配置文件。这些要求可以由 Xcode 自动管理，也可以手动提供。

🌐 To distribute iOS applications you must have your bundle identifier registered in the App Store Connect, an appropriate iOS code signing certificate and a mobile provisioning profile that links them together and enables the iOS capabilities used by your app. These requirements can be either automatically managed by Xcode or provided manually.

自动签名

🌐 Automatic Signing

让 Xcode 管理你的应用的签名和配置文件是导出 iOS 应用以进行分发的最方便方式。它会自动注册你的打包标识符，管理 iOS 功能的更改，并根据你的导出方法配置适当的证书。

🌐 Letting Xcode manage the signing and provisioning for your app is the most convenient way to export your iOS app to be distributed. It automatically registers your bundle identifier, manages iOS capabilities changes, and configures an appropriate certificate based on your export method.

自动签名默认启用，并使用在 Xcode 中配置的账户在本地机器上进行身份验证。要注册你的账户，请打开 Xcode 应用并在 Xcode > Settings 菜单中打开设置页面，切换到账户标签并点击 + 图标。

🌐 Automatic signing is enabled by default, and uses the account configured in Xcode to authenticate when used on your local machine.
To register your account, open the Xcode application and open the Settings page in the Xcode > Settings menu, switch to the Accounts tab and click the + icon.

要在 CI/CD 平台上使用自动签名，你必须创建一个 App Store Connect API 密钥，并定义 APPLE_API_ISSUER、APPLE_API_KEY 和 APPLE_API_KEY_PATH 环境变量。打开 [App Store Connect 的用户与访问页面]，选择“集成”选项卡，点击“添加”按钮，然后选择一个名称并授予管理员访问权限。APPLE_API_ISSUER（发行者 ID）显示在密钥表上方，APPLE_API_KEY 是该表中 Key ID 列的值。你还需要下载私钥，该私钥只能下载一次，并且仅在页面重新加载后可见（按钮位于新创建密钥的表格行中）。私钥文件路径必须通过 APPLE_API_KEY_PATH 环境变量进行设置。

🌐 To use the automatic signing in CI/CD platforms you must create an App Store Connect API key and define the APPLE_API_ISSUER, APPLE_API_KEY and APPLE_API_KEY_PATH environment variables.
Open the App Store Connect’s Users and Access page, select the Integrations tab, click on the Add button and select a name and the Admin access. The APPLE_API_ISSUER (Issuer ID) is presented above the keys table, and the APPLE_API_KEY is the value on the Key ID column on that table. You also need to download the private key, which can only be done once and is only visible after a page reload (the button is shown on the table row for the newly created key). The private key file path must be set via the APPLE_API_KEY_PATH environment variable.

手动签名

🌐 Manual Signing

要手动签署你的 iOS 应用，你可以通过环境变量提供证书和移动配置文件：

🌐 To manually sign your iOS app you can provide the certificate and mobile provisioning profile via environment variables:

• IOS_CERTIFICATE：从密钥串导出的证书的 base64 表示。
• IOS_CERTIFICATE_PASSWORD：从密钥串导出证书时设置的证书密码。
• IOS_MOBILE_PROVISION：配置文件的 base64 表示。

以下部分说明如何获取这些值。

🌐 The following sections explain how to get these values.

签名证书

🌐 Signing Certificate

注册后，导航到 Certificates 页面以创建新的 Apple 分发证书。下载新证书并安装到 macOS 密钥串中。

🌐 After enrolling, navigate to the Certificates page to create a new Apple Distribution certificate. Download the new certificate and install it to the macOS Keychain.

要导出证书密钥，打开“密钥链访问”应用，展开证书条目， 右键点击关键项，选择“导出<key-name>”项。 选择导出的.p12文件路径，记住它的密码。

运行以下 base64 命令将证书转换为 base64 并复制到剪贴板：

🌐 Run the following base64 command to convert the certificate to base64 and copy it to the clipboard:

base64 -i <path-to-certificate.p12> | pbcopy

剪贴板中的值现在是签名证书的 base64 表示形式。将其保存并用作 IOS_CERTIFICATE 环境变量的值。

🌐 The value in the clipboard is now the base64 representation of the signing certificate. Save it and use it as the IOS_CERTIFICATE environment variable value.

证书密码必须设置为 IOS_CERTIFICATE_PASSWORD 变量。

🌐 The certificate password must be set to the IOS_CERTIFICATE_PASSWORD variable.

Choose Certificate Type

You must use an appropriate certificate type for each export method:

• 调试: 苹果开发或 iOS 应用开发
• app-store-connect：苹果分发或 iOS 分发（App Store Connect 和临时分发）
• 临时: Apple 分发或 iOS 分发（App Store Connect 和 临时）

配置配置文件

🌐 Provisioning Profile

此外，你必须提供应用的配置描述文件。在 Identifiers 页面，创建一个新的 App ID，并确保其 “Bundle ID” 值与 identifier 配置中设置的标识符匹配。

🌐 Additionally, you must provide the provisioning profile for your application. In the Identifiers page, create a new App ID and make sure its “Bundle ID” value matches the identifier set in the identifier configuration.

导航到 Profiles 页面以创建新的配置描述文件。对于 App Store 分发，它必须是“App Store Connect”配置文件。选择适当的 App ID 并关联你之前创建的证书。

🌐 Navigate to the Profiles page to create a new provisioning profile. For App Store distribution, it must be an “App Store Connect” profile. Select the appropriate App ID and link the certificate you previously created.

创建配置文件后，下载它并运行以下 base64 命令以转换配置文件并将其复制到剪贴板：

🌐 After creating the provisioning profile, download it and run the following base64 command to convert the profile and copy it to the clipboard:

base64 -i <path-to-profile.mobileprovision> | pbcopy

剪贴板中的值现在是配置文件的 base64 表示。请保存它并用作 IOS_MOBILE_PROVISION 环境变量的值。

🌐 The value in the clipboard is now the base64 representation of the provisioning profile. Save it and use it as the IOS_MOBILE_PROVISION environment variable value.

现在你可以构建你的 iOS 应用并在 App Store 上分发！

🌐 Now you can build your iOS application and distribute on the App Store!