Use custom re-sign paths for component-specific signing

Some iOS applications include components such as plug-ins that require specific entitlements. These components may need to be signed with different provisioning profiles and developer certificates. The provisioning profiles also contain the appropriate entitlements required for the components to function properly.

To support this, the customInstrumentWrapper.py script accepts an optional parameter, -crp, which specifies a custom resign paths definition file in .plist format.

On this page:

Before you begin

Make sure you’ve met the general prerequisites for script-based instrumentation. To learn more, see Prerequisites.

You also need access to the required provisioning profiles and certificates on the signing Mac machine.

Step 1 | Create a custom resign paths definition file

The .plist file must define a dictionary with the key CustomResignPaths, as shown in the following example.

Copy

Example format

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CustomResignPaths</key>
    <dict>
        <key>PATH_1</key>
        <dict>
            <key>ProvisioningProfilePath</key>
            <string>PROVISIONING_PROFILE_PATH</string>
            <key>CertName</key>
            <string>CERTIFICATE_NAME</string>
        </dict>
        <key>PATH_2</key>
        <dict>
            <key>ProvisioningProfilePath</key>
            <string>PROVISIONING_PROFILE_PATH</string>
            <key>CertName</key>
            <string>CERTIFICATE_NAME</string>
        </dict> 
    </dict>
</dict>
</plist>

Each entry in the dictionary specifies:

PATH_1, PATH_2: The relative path to the component within the app bundle. For example, if the iOS application has a notification plug-in located at the PlugIns/notificationExtension.appex location relative to the application bundle, then PATH_1 would take on this value.
PROVISIONING_PROFILE_PATH: The absolute path to the provisioning profile (.mobileprovision)
CERTIFICATE_NAME: The name of the certificate to use

The following example shows how you might define a notification plug-in located at PlugIns/notificationExtension.appex.

Copy

<key>PlugIns/notificationExtension.appex</key>
<dict>
  <key>ProvisioningProfilePath</key>
  <string>/Users/user/Profiles/notification.mobileprovision</string>
  <key>CertName</key>
  <string>Apple Development: Jane Doe (ABC123XYZ)</string>
</dict>

Step 2 | Run the script with the custom re-sign paths

Use the -crp parameter to specify the path to your .plist file:

Copy

python3 customInstrumentWrapper.py -crp /path/to/customResignPaths.plist

This enables the script to re-sign each specified component with the appropriate profile and certificate, including the necessary entitlements.

The -crp parameter works in addition to the standard arguments required for script-based instrumentation. You must still provide the parameters used to sign the main application bundle and its dependencies, as described in Run script-based instrumentation on iOS apps. The custom re-sign path only affects the components listed in the .plist file.

What's next?

Continue with the standard instrumentation flow to ensure the main app bundle and dependencies are signed correctly.

When the app is instrumented, installed, and running on the device, you can inject sensory input. To learn more, see Sensor testing.