Having just gone through the process of signing the PlayBook version of Poker Solitaire, which was approved by RIM last month, I thought it would be a good idea to jot down a few notes about the process. Overall, it went pretty smoothly for me, so I can’t complain terribly about the process. Basically, all I did was follow the steps outlined in this post, which assume that you’re somewhat comfortable with working from the command line.
Skip the stuff at the beginning and just scroll on down to “Configure application signing from the command line. The first thing you need to do is request a registration file, which you can get by filling out this form and waiting a little while (mine arrived by email in a couple of hours or so). The one thing to note is that the password you provide on this page MUST be lowercase, so if you’re used to including at least one uppercase letter in your password you may run into troubles (says the voice of experience, ahem). The frustrating thing about that form is that if you enter an uppercase letter, it will automatically get converted to a lowercase letter, but it doesn’t tell you that. So, if you gloss over the fine print, later on you may end up getting frustrated when the password that you think is correct is in fact wrong.
Once you receive your registration file via email, save the file somewhere convenient - since I haven’t added the PlayBook SDK to my path, I just saved it directly into the bin/ directory of the sdk. Here’s where you’ll need to open up the Terminal and get all command line. To simplify this part, I changed into the sdk directory and did steps one to three from there.
When you get to step two, the csjpin is the pin/password you used when requested the CSJ registration file. Remember, lowercase! If you get this password wrong five times, you can’t use that file anymore and have to request another one (this was when I noticed the lowercase-only proviso). After step three, save the Developer Certificate someplace handy; I was somewhat lazy and just copied it into the same directory as the bar file I was planning to sign, but this probably isn’t a best practice!
After that, I used the unsigned bar file that I’d already created when Poker Solitaire was originally submitted to AppWorld, so I didn’t bother to re-package the application. If you need to do that and are comfortable with the command line - and you probably will be by this point - just follow the instructions from that page.
(Note: Technically, I should have re-packaged my app as a new version with a new version number in the Application Descriptor, because RIM treats the signed version as a new version of the app. However, I didn’t do that and it was accepted anyway, so it looks like RIM doesn’t check to see that the version number you use when you submit an app is the same as the version number within the app itself.)
Second-last step is to actually sign your application. I tried both methods listed in the instructions (signing via the RIM Signing Authority and signing locally), and both worked fine, although the latter was somewhat quicker, being a local operation.
Last step! Login to your AppWorld vendor account. To submit your signed app, all you need to do is treat it as a new release. Click the ‘plus’ icon underneath ‘Releases’ for the app your uploading. If you’re not changing anything at all and just uploading a signed version, you can click the ‘Continue’ button on the pop-up about Export Controls, etc. From here on, it’s exactly the same process as when you first submitted your app.
Enter your new version number - I used 1.0.1 - and then click the ‘Add filebundle’ button near the bottom of the page. Give this release a name (“1.0 signed” is all I used), select PlayBook under Device Support, 5.0.0 as the Minimum OS, and the appropriate language support. Then click the icon under the ‘File’ column and upload your signed .bar file.
Click through the remaining prompts until you’re told that your app has been submitted for approval. In my case, I submitted the signed Poker Solitaire late yesterday afternoon, and received an email this morning telling me that it has been approved and is ready for sale.
One final note: I actually tried the process of signing the app from within Flash Builder Burrito, and that was an entirely painless process. It still requires that you do the initial work from the command line - i.e. steps one to three under “Configure your application…” - but after that you can combine the steps of packaging and signing your application from within Burrito. Those specific steps are probably worthy of their own post, but if you just click through and follow the instructions you shouldn’t have any problem (famous last words!).
Hope this helps you navigate the slightly murky waters of PlayBook app signing!