本文介绍了正在开发多个iOS应用程序的组织应该如何管理iOS分发证书吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我最近有一些参与的一组与组织账户iOS开发。

I've recently had some involvement with a group with an organizational account for iOS development.

他们有多个团队所有发展中国家独立iOS应用程序。我有点吃惊地了解到,在所有使用组织的iOS的分配的证书没有协调。相反,任何开发人员需要提交构建只是创建一个新的,撤销一个或多个现有的(如有必要,苹果似乎让这三个供应有限是活的同时)。理由这种做法似乎是观察的组合:

They have multiple teams all developing separate iOS applications. I was somewhat surprised to learn that there is no coordination at all of use of the organization's "iOS distribution" certificates. Instead whichever developer needs to submit a build just creates a new one, revoking one or more existing ones if necessary (Apple appears to allow a limited supply of three of these to be "live" simultaneously). Justification for this practice seems to be a combination of the observations that:


  • 由一个开发人员创建的分布证书不是由另一个(容易)用(你可以找到关于此主题围绕SO相当多的问题;解决方案似乎是确保证书的私钥元素也​​分享,但这一​​组织尚未采取在船上。Example, another例如的;还有很多)。

  • X code7使得它比以往更容易流失分配证书,因此它显然是苹果的意图路(X code6会需要去一趟开发中心)。

  • 分发证书仅需要提交的AppStore的相当小窗口;一旦应用程序是在AppStore没有区别分布证书是否被吊销。

  • 苹果似乎还有些有点奇怪后进先出周围分布证书更新规则(如果你有老,更新和最新,并吊销更新或最新...你还是会发现你无法创建一个新的,直到你已经撤销的老)。或者至少这些规则似乎奇怪,它本来希望瓜分各个团队/项目之间分配证书有限的股票,却发现不符合苹果公司实际上提供了一个组织。

  • distribution certificates created by one developer aren't (easily) usable by another (you can find quite a few questions around SO on this topic; the solution appears to be to make sure the private key element of the certificate is also shared, but this organization has yet to take that on board. Example, another example; there are many more).
  • xcode7 makes it easier than ever to churn distribution certificates, so it's clearly Apple's intended way (xcode6 would have needed a trip to the developer center).
  • distribution certificates are only needed for the fairly small window of appstore submission; once the app is in the appstore it makes no difference whether the distribution certificate is revoked.
  • Apple seem to have some slightly odd last-in-first-out rules around distribution certificate renewal (if you have "old", "newer" and "newest" and you revoke "newer" or "newest"... you'll find you still can't create a new one until you've revoked "old"). Or at least those rules appear odd to an organization which would have liked to divide up the limited stock of distribution certificates between various teams/projects, but found that didn't fit what Apple actually provide.

不过,我观察到的快速分发证书客户流失这一政策的一个非常严重的负面后果是,tesflight建立根本不很长时间保持有效和tesflight用户发现自己获取有关无效的证书或有应用他们的对话应该是从testflight所有testflight过早地消失的测试。 (其实也见this问题沿着相同的路线的)。

However, I observe a very serious negative consequence of this policy of rapid distribution certificate churn is that tesflight builds don't stay valid for very long at all and tesflight users find themselves getting dialogs about invalid certificates or having apps they're supposed to be testflight testers of disappearing from testflight all too soon. (In fact see also this question along the same lines).

由于苹果清楚地看到testflight为AppStore的基础设施的重要部分,我觉得很难相信这个组织会有关在苹果的方式其实事情的事情打算要完成。 有人可以用一​​些洞察做事的正确方法请赐教?

Given that Apple clearly see testflight as an important piece of the appstore infrastructure, I find it hard to believe this organization is going about things in the way Apple actually intend things to be done. Can someone with some insight into the Right Way of doing things please enlighten me?

道歉,如果我的术语是关闭一些上面的...我只是涉足这个东西。

Apologies if my terminology is off in some of the above... I just dabble in this stuff.

推荐答案

正确的方法是有一个分发证书和共享密钥。我们也认为,只包含私钥,需要我们的组织中开发/发行证书的小钥匙链。您可以在此存根钥匙串添加到您所有的开发机器,如果它签入到版本控制,你可以轻松地推出更新给大家。您还可以使用密码保护它,在这种情况下,X $ C $ç会问你要使用codesign时解锁。

The right way is to have one distribution certificate and share the private key. We share a small keychain that contains just the private keys and certs needed for development/distribution among our org. You can add this 'stub' keychain to all your development machines, and if it's checked into version control, you can push out updates to everyone easily. You can also password protect it, in which case Xcode will ask you to unlock it when using to codesign.

这是它的轻松地翻腾证书的事实其实是一件坏事,海事组织。正如您所观察到的,很容易让对球队其他开发人员搞砸,特别是关于TestFlight,虽然我从其他开发商听说最近,苹果可能有固定的。 (我还没有证实它自己。)

The fact that it's "easy" to churn the certs is actually a bad thing, IMO. As you've observed, it's easy for other developers on the team to screw things up, particularly regarding TestFlight, although I heard from another developer recently that Apple might have fixed that. (I haven't confirmed it myself.)

这篇关于正在开发多个iOS应用程序的组织应该如何管理iOS分发证书吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-04 09:25
查看更多