Introduction

Apple allows you to send IPA files to AppStore Connect with iTMSTransporter on Linux. I tried to send it with Ubuntu and Redhat but it didn’t work. This is my notes to understand why it doesn’t work.

What is iTMSTransporter?

iTMSTransporter is Java based application that allows you to send content to iTunes or App Store connect. It is supposed to work on macOS, Windows, and Linux.

Sending on Linux

In order to send IPA files on Linux we need the following

  • Download iTMSTransporter from App Store Connect.
  • App Store Connect Key. iTMSTransporter will search the following directories in sequence for a private key file with the name of AuthKey_<apiKey>.p8 /private_keys, or <user home>/private_keys, or <user home>/.private_keys, or <user home>/.appstoreconnect/private_keys.
  • Issuer Id
  • Key Id
  • AppStoreInfo.plist This file must be generated with Xcode. This code has meta data related to the IPA file. You can create this file by adding generateAppStoreInformation to your exportOptions.plist during IPA export.
  • Your IPA file

Does it work on Linux?

I have tried to send the same binaries both on macOS and Linux but on Linux, it failed.

./iTMSTransporter -m upload -apiIssuer $ISSUER -apiKey $API_KEY -v eXtreme -assetDescription /home/mustafa/tmp/AppStoreInfo.plist -assetFile myapp.ipa

Error code was

[2023-01-16 18:44:28 UTC] <main> DEBUG: SMART-CLIENT: getCurrent(); using pinned data center = contentdelivery01.itunes.apple.com
[2023-01-16 18:44:28 UTC] <main> DEBUG: SMART-CLIENT: getCurrent(); using pinned data center = contentdelivery01.itunes.apple.com
[2023-01-16 18:44:28 UTC] <main> DEBUG: SMART-CLIENT: getCurrent(); using pinned data center = contentdelivery01.itunes.apple.com
[2023-01-16 18:44:28 UTC] <main>  INFO: Setting transport log file: c4f1d88f-994a-4c2b-b685-81db6c90f6db9865568822872792841.tx.log
[2023-01-16 18:44:28 UTC] <main>  INFO: Configuring the software uploader...
[2023-01-16 18:44:28 UTC] <main>  INFO: Performing software analysis...



Package Summary:

1 package(s) were not uploaded because they had problems:
[2023-01-16 18:44:28 UTC] <main> DBG-X: Returning 1

Even though I set the logging to the extreme I couldn’t see the underlying error. I thought maybe it is due to a connection error. I setup a proxy and tried to listen to the traffic.

Listening Traffic

It is not easy to sniff SSL traffic, especially in Java applications. Most of the time Java applications don’t respect HTTPS_PROXY or HTTP_PROXY environment variables. Luckily, iTMSTransporter has a configuration file to set a proxy. Edit /usr/local/itms/java/conf and add proxies like below

http.proxyHost=172.16.70.1
http.proxyPort=8888
https.proxyHost=172.16.70.1
https.proxyPort=8888

Although this allows sniffing traffic, we can’t see SSL traffic. If we try to sniff SSL traffic we will get an error because our proxy’s self-signed certificate will be rejected. We need to add our self-signed certificate to Java’s keystore. Since iTMSTransporter has its own bundled JRE, we need to add our keys there. I am using Charles Proxy. I exported its certificate, uploaded it to my home directory, and run the below commands to add my self-signed certificate.

/usr/local/itms/java/bin
sudo ./keytool -import -v -trustcacerts -alias charles -file ~/charles-ssl-proxying-certificate.pem -keystore /usr/local/itms/java/lib/security/cacerts -keypass changeit -storepass changeit

Running again

I didn’t see any error during the HTTPS connection. It first connected https://contentdelivery.itunes.apple.com and got the hashes and then tried to login https://contentdelivery01.itunes.apple.com/WebObjects/MZLabelService.woa/json/MZITunesProducerService. Every request was successful but I still saw the same error. I suspect this error is due to underlying Java code but I haven’t checked it yet. I will revisit this post when I find some time.

I am actively job-hunting and available
Interested? Feel free to reach