Apple allows you to send IPA files to AppStore Connect with iTMSTransporter on Linux. I tried to send it with Ubuntu and Redhat but it didn’t work. This is my notes to understand why it doesn’t work.
iTMSTransporter is Java based application that allows you to send content to iTunes or App Store connect. It is supposed to work on macOS, Windows, and Linux.
In order to send IPA files on Linux we need the following
- Download iTMSTransporter from App Store Connect.
- App Store Connect Key. iTMSTransporter will search the following directories in sequence for a private key file with the name of
<user home>/private_keys, or
<user home>/.private_keys, or
- Issuer Id
- Key Id
AppStoreInfo.plistThis file must be generated with Xcode. This code has meta data related to the IPA file. You can create this file by adding
exportOptions.plistduring IPA export.
- Your IPA file
I have tried to send the same binaries both on macOS and Linux but on Linux, it failed.
./iTMSTransporter -m upload -apiIssuer $ISSUER -apiKey $API_KEY -v eXtreme -assetDescription /home/mustafa/tmp/AppStoreInfo.plist -assetFile myapp.ipa
Error code was
[2023-01-16 18:44:28 UTC] <main> DEBUG: SMART-CLIENT: getCurrent(); using pinned data center = contentdelivery01.itunes.apple.com [2023-01-16 18:44:28 UTC] <main> DEBUG: SMART-CLIENT: getCurrent(); using pinned data center = contentdelivery01.itunes.apple.com [2023-01-16 18:44:28 UTC] <main> DEBUG: SMART-CLIENT: getCurrent(); using pinned data center = contentdelivery01.itunes.apple.com [2023-01-16 18:44:28 UTC] <main> INFO: Setting transport log file: c4f1d88f-994a-4c2b-b685-81db6c90f6db9865568822872792841.tx.log [2023-01-16 18:44:28 UTC] <main> INFO: Configuring the software uploader... [2023-01-16 18:44:28 UTC] <main> INFO: Performing software analysis... Package Summary: 1 package(s) were not uploaded because they had problems: [2023-01-16 18:44:28 UTC] <main> DBG-X: Returning 1
Even though I set the logging to the extreme I couldn’t see the underlying error. I thought maybe it is due to a connection error. I setup a proxy and tried to listen to the traffic.
It is not easy to sniff SSL traffic, especially in Java applications. Most of the time Java applications don’t respect
HTTP_PROXY environment variables. Luckily, iTMSTransporter has a configuration file to set a proxy. Edit
/usr/local/itms/java/conf and add proxies like below
http.proxyHost=172.16.70.1 http.proxyPort=8888 https.proxyHost=172.16.70.1 https.proxyPort=8888
Although this allows sniffing traffic, we can’t see SSL traffic. If we try to sniff SSL traffic we will get an error because our proxy’s self-signed certificate will be rejected. We need to add our self-signed certificate to Java’s keystore. Since iTMSTransporter has its own bundled JRE, we need to add our keys there. I am using Charles Proxy. I exported its certificate, uploaded it to my home directory, and run the below commands to add my self-signed certificate.
/usr/local/itms/java/bin sudo ./keytool -import -v -trustcacerts -alias charles -file ~/charles-ssl-proxying-certificate.pem -keystore /usr/local/itms/java/lib/security/cacerts -keypass changeit -storepass changeit
I didn’t see any error during the HTTPS connection. It first connected
https://contentdelivery.itunes.apple.com and got the hashes and then tried to login
https://contentdelivery01.itunes.apple.com/WebObjects/MZLabelService.woa/json/MZITunesProducerService. Every request was successful but I still saw the same error. I suspect this error is due to underlying Java code but I haven’t checked it yet. I will revisit this post when I find some time.