iOS code signing commands

ios_code_signing_examples.sh

//Tutorial https://www.objc.io/issues/17-security/inside-code-signing/

//Print which signing certificates are on computer
security find-identity -v -p codesigning

//Print what was used to codesign an app
codesign -vv -d Example.app

//Print what entitlements are enabled for app
codesign -d --entitlements - Example.app
//Since Xcode 6, the entitlements list you specify is also embedded in the app bundle as Example.app.xcent

//Decode a provisioning profile into a human readable plist
security cms -D -i example.mobileprovision

//View info on attached devie
ideviceinfo

//Show trusted devices
idevicepair list

//Location of trust lockdown files - can cause lockdown_d error -21 if you dont have correct permissions on the folder
/var/db/lockdown

nuke.sh

#!/bin/bash
set -e

# Finds all the code signing identities.
function find_ids() {
  security find-identity -p codesigning -v | sed '$d' | awk '{print $2}'
}

# Removes all code signing certificates and provisioning profiles.
function main() {
  if [[ -z "$FLUTTER_PASSWORD" ]]; then
    echo >&2 Missing '$FLUTTER_PASSWORD': the password of user flutter.
    return 1
  fi

  if [[ -z "$HOME" ]]; then
    echo >&2 Missing '$HOME': the home directory.
    return 1
  fi

  security unlock-keychain -p "$FLUTTER_PASSWORD" login.keychain

  local ids=$(find_ids)
  if [[ -n "$ids" ]]; then
    for id in "$ids"; do
      security delete-identity -Z "$id"
    done
  fi

  rm -f "$HOME"/Library/MobileDevice/Provisioning\ Profiles/*
}

main "$@"

restore.sh

#!/bin/bash
set -e

# Appends the given line to bash profile if it does not exist.
function append_bash_profile() {
  if [[ -z "$HOME" ]]; then
    echo >&2 Missing '$HOME': the home directory.
    return 1
  fi

  local line="$1"
  grep -Fqx "$line" "$HOME"/.bash_profile || echo "$line" >> "$HOME"/.bash_profile
}

function install_rbenv() {
  if rbenv --version; then
    return 0
  fi
  HOMEBREW_NO_AUTO_UPDATE=1 brew install rbenv
  append_bash_profile 'eval "$(rbenv init -)"'
  eval "$(rbenv init -)"
}

function install_newer_ruby() {
  VERSION='2.6.5'
  if ruby --version | grep "$VERSION"; then
    return 0
  fi
  rbenv install "$VERSION" --skip-existing
  rbenv global "$VERSION"
}

function install_bundler() {
  gem install bundler
}

function install_fastlane() {
  echo > ./Gemfile "
    source 'https://rubygems.org'
    gem 'fastlane', '2.141.0'
  "
  bundle install --gemfile=./Gemfile > /dev/null
}

function run_fastlane_match() {
  if [[ -z "$FLUTTER_PASSWORD" ]]; then
    echo >&2 Missing '$FLUTTER_PASSWORD': the password of user flutter.
    return 1
  fi

  if [[ -z "$MATCH_PASSWORD" ]]; then
    echo >&2 Missing '$MATCH_PASSWORD': the password to decrypt profiles during fastlane match.
    return 1
  fi

  if [[ ! -e ./Matchfile ]]; then
    echo >&2 Missing the Matchfile: the configuration of fastlane match.
    return 1
  fi

  security unlock-keychain -p "$FLUTTER_PASSWORD" login.keychain
  bundle exec fastlane match development --readonly | tail -n 30 # Requires $MATCH_PASSWORD and Matchfile.
}

# Fixes codesign password prompt issues. In some cases, codesign waits for the
# keychain password from the prompt but remote access doesn’t have this feature.
# Therefore, generally, the code signing process completed unsuccessfully.
function fix_codesign_prompt() {
  if [[ -z "$FLUTTER_PASSWORD" ]]; then
    echo >&2 Missing '$FLUTTER_PASSWORD': the password of user flutter.
    return 1
  fi

  security set-key-partition-list \
    -k "$FLUTTER_PASSWORD" \
    -S "apple-tool:,apple:,codesign:" \
    -s login.keychain > /dev/null
}

# Configures Flutter Xcode build to use the installed certificate and provisioning profile.
function config_xcode_build() {
  append_bash_profile 'export FLUTTER_XCODE_CODE_SIGN_STYLE=Manual'
  append_bash_profile 'export FLUTTER_XCODE_DEVELOPMENT_TEAM=S8QB4VV633'
  append_bash_profile 'export FLUTTER_XCODE_PROVISIONING_PROFILE_SPECIFIER="match Development *"'
}

function main() {
  install_rbenv
  install_newer_ruby
  install_bundler
  install_fastlane
  run_fastlane_match
  fix_codesign_prompt
  config_xcode_build
}

main "$@"

verify.sh

#!/bin/bash
set -e

# Finds all the code signing identities.
function find_ids() {
  security find-identity -p codesigning -v | sed '$d' | awk '{print $2}'
}

# Verifies that only a single identity exists and it works with code signing.
function main() {
  if [[ -z "$FLUTTER_PASSWORD" ]]; then
    echo >&2 Missing '$FLUTTER_PASSWORD': the password of user flutter.
    return 1
  fi

  security unlock-keychain -p "$FLUTTER_PASSWORD" login.keychain
  local ids=$(find_ids)
  if [[ $(echo "$ids" | wc -w) -ne 1 ]]; then
    return 1
  fi
  codesign --force --sign "$ids" --timestamp=none "$(mktemp)"
}

main "$@"

// command For install .cer/.p12 file is
security unlock-keychain -p "" ~/Library/Keychains/login.keychain
security import XXX.cer -k ~/Library/Keychains/login.keychain -P "" -T /usr/bin/codesign

// and for add Provision Profile
output="~/Library/MobileDevice/Provisioning Profiles/$uuid.mobileprovision"
cp -R  "$mp" "$output"

// Print the uuid of a provisioning profile
/usr/libexec/PlistBuddy -c 'Print UUID' /dev/stdin <<< $(security cms -D -i path_to_mobileprovision)