forked from bq/ipa-resigner
-
Notifications
You must be signed in to change notification settings - Fork 0
/
resign.sh
161 lines (125 loc) · 5.12 KB
/
resign.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
#!/bin/bash
IPA=$1
PROVISIONING_PROFILE=$2
DESTINATION_PATH=${3%/}
SIGNING_IDENTITY=$4
#Args processing
if [ "$IPA" == "" ];
then
echo "Usage: sh resign.sh ipa_path provisioning_path destination_path signing_identity"
exit 1
fi
if [ ! -f "$IPA" ];
then
echo "Cannot find IPA, given path: ${IPA}"
exit 1
fi
if [ ! -f "$PROVISIONING_PROFILE" ];
then
echo "Cannot find Provisioning profile, given path: ${PROVISIONING_PROFILE}"
exit 1
fi
if [ "$DESTINATION_PATH" == "" ];
then
echo "Usage: sh resign.sh ipa_path provisioning_path destination_path signing_identity"
exit 1
fi
if [ ! -d "$DESTINATION_PATH" ];
then
mkdir -p $DESTINATION_PATH
fi
codes_availables=$(security find-identity -p codesigning -v | grep -o '".*"' | tr -d '"')
if [ "$SIGNING_IDENTITY" == "" ] || [[ $codes_availables != *$SIGNING_IDENTITY* ]];
then
echo "The signing identity not exists."
exit 1
fi
IPA_CONTENT_PATH="ipa_content"
#Unzip ipa
if [ -d $IPA_CONTENT_PATH ]
then
rm -rf $IPA_CONTENT_PATH
fi
unzip ${IPA} -d $IPA_CONTENT_PATH
#Data analysis
echo "Analysing data..."
PROVISIONING_PROFILE_DECRYPTED="${DESTINATION_PATH}/${PROVISIONING_PROFILE}.plist"
echo $PROVISIONING_PROFILE_DECRYPTED
security cms -D -i "${PROVISIONING_PROFILE}" > "${PROVISIONING_PROFILE_DECRYPTED}"
APP_NAME=$(ls -1 $IPA_CONTENT_PATH/Payload)
echo "APP Name: ${APP_NAME}"
TEAM_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :TeamIdentifier:0" "${PROVISIONING_PROFILE_DECRYPTED}")
echo "Team Identifier: ${TEAM_IDENTIFIER}"
APPLICATION_IDENTIFIER_PREFIX=$(/usr/libexec/Plistbuddy -c "Print :ApplicationIdentifierPrefix:0" "${PROVISIONING_PROFILE_DECRYPTED}")
echo "Application Identifier Prefix: ${APPLICATION_IDENTIFIER_PREFIX}"
echo "Signing Identity: ${SIGNING_IDENTITY}"
BUNDLE_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :CFBundleIdentifier" $IPA_CONTENT_PATH/Payload/${APP_NAME}/Info.plist)
echo "Bundle Identifier: ${BUNDLE_IDENTIFIER}"
PROVISIONING_DEVICES=$(/usr/libexec/Plistbuddy -c "Print :ProvisionedDevices" "${PROVISIONING_PROFILE_DECRYPTED}")
if [ "$PROVISIONING_DEVICES" == "" ];
then
echo "Provisioning profile WITHOUT attached devices"
HAS_DEVICES="NO"
else
echo "Provisioning profile WITH attached devices"
HAS_DEVICES="YES"
fi
PROVISIONING_GET_TASK_ALLOW=$(/usr/libexec/Plistbuddy -c "Print :Entitlements:get-task-allow" "${PROVISIONING_PROFILE_DECRYPTED}")
echo "Provisioning get-task-allow: ${PROVISIONING_GET_TASK_ALLOW}"
/bin/rm "${PROVISIONING_PROFILE_DECRYPTED}"
#Cleaning Ipacontent files
rm -rf $IPA_CONTENT_PATH/Payload/${APP_NAME}/_CodeSignature/
rm -f $IPA_CONTENT_PATH/Payload/${APP_NAME}/embedded.mobileprovision
#Setting a new identity
cp ${PROVISIONING_PROFILE} $IPA_CONTENT_PATH/Payload/${APP_NAME}/embedded.mobileprovision
APP_ENTITLEMENTS="$DESTINATION_PATH/Entitlements.plist"
if [ -f ${APP_ENTITLEMENTS} ]
then
rm -f ${APP_ENTITLEMENTS}
fi
/usr/libexec/PlistBuddy -c "Add :application-identifier string ${APPLICATION_IDENTIFIER_PREFIX}.${BUNDLE_IDENTIFIER}" "${APP_ENTITLEMENTS}"
if [ ${HAS_DEVICES} == "NO" ] && [ ${PROVISIONING_GET_TASK_ALLOW} == "false" ]
then
/usr/libexec/PlistBuddy -c "Add :beta-reports-active bool true" "${APP_ENTITLEMENTS}"
fi
/usr/libexec/PlistBuddy -c "Add :get-task-allow bool ${PROVISIONING_GET_TASK_ALLOW}" "${APP_ENTITLEMENTS}"
/usr/libexec/PlistBuddy -c "Add :keychain-access-groups array" "${APP_ENTITLEMENTS}"
/usr/libexec/PlistBuddy -c "Add :keychain-access-groups:0 string ${APPLICATION_IDENTIFIER_PREFIX}.${BUNDLE_IDENTIFIER}" "${APP_ENTITLEMENTS}"
cp "${APP_ENTITLEMENTS}" "$IPA_CONTENT_PATH/Payload/${APP_NAME}/archived-expanded-entitlements.xcent"
#Resinging
echo "Resigning the app with identity: ${SIGNING_IDENTITY}"
if [ -d "$IPA_CONTENT_PATH/Payload/${APP_NAME}/Frameworks" ];
then
for SWIFT_LIB in $(ls -1 $IPA_CONTENT_PATH/Payload/${APP_NAME}/Frameworks); do
codesign --force --sign "${SIGNING_IDENTITY}" --verbose "$IPA_CONTENT_PATH/Payload/${APP_NAME}/Frameworks/${SWIFT_LIB}"
done
fi
codesign --force --entitlements "${APP_ENTITLEMENTS}" --sign "${SIGNING_IDENTITY}" "$IPA_CONTENT_PATH/Payload/${APP_NAME}" --verbose
codesign --verify --verbose --deep --no-strict "$IPA_CONTENT_PATH/Payload/${APP_NAME}"
#Packaging
IPA_RESIGNED_PATH="${DESTINATION_PATH}/${IPA%.*}_RESIGNED.ipa"
cd $IPA_CONTENT_PATH
zip --symlinks --verbose --recurse-paths "../RESIGNED.ipa" .
cd ..
mv "RESIGNED.ipa" "${IPA_RESIGNED_PATH}"
#Cleaning tmp files
rm -rf $IPA_CONTENT_PATH
rm $APP_ENTITLEMENTS
#Output
echo
echo "***************************"
echo
if [ ${HAS_DEVICES} == "NO" ] && [ ${PROVISIONING_GET_TASK_ALLOW} == "false" ]
then
echo "IPA succesfully signed for AppStore Distribution. This binary is NOT COMPATIBLE for AdHoc Deployment or Development."
elif [ ${HAS_DEVICES} == "YES" ] && [ ${PROVISIONING_GET_TASK_ALLOW} == "false" ]
then
echo "IPA succesfully signed for AdHoc Distribution. This binary is not compatible for AppStore Deployment."
else
echo "IPA succesfully signed for Development Distribution. This binary is NOT COMPATIBLE for AppStore Deployment or Adhoc Distribution."
fi
echo
echo "Result IPA: ${IPA_RESIGNED_PATH}"
echo
echo "***************************"
echo