Created
November 8, 2018 07:26
-
-
Save marchbold/783e2e1aac82f5975e0f064b40c37110 to your computer and use it in GitHub Desktop.
Resign Script for Adobe AIR applications using the Branch ANE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
##################################### | |
## CONFIG | |
# You need to set the values below for your application | |
# We suggest they are full paths to the files. | |
# The path to the ipa generated from your AIR application packaging | |
IPA="/path/to/your/dist_app.ipa" | |
# The distribution provisioning profile for your application | |
PROVISIONING_PROFILE="/path/to/your/distribution_profile.mobileprovision" | |
# The name of the signing identity. You get this by running the following in a terminal | |
# and selecting the name of your distribution certificate: | |
# | |
# security find-identity -v -p codesigning | |
SIGNING_IDENTITY="iPhone Distribution: Distriqt Pty Ltd (XXXXXXXXXX)" | |
## END CONFIG | |
##################################### | |
OUTPUT=. | |
WORKING_DIR=.tmp | |
WORKING_PROFILE="profile.mobileprovision" | |
IPA_NAME=$(basename ${IPA%.*}) | |
cp -f "$PROVISIONING_PROFILE" "$WORKING_PROFILE" | |
rm -rf "$WORKING_DIR" | |
unzip -qq -o $IPA -d $WORKING_DIR | |
find . -iname '$WORKING_DIR/*.DS_Store' -delete | |
rm -rf "$WORKING_DIR/Payload/$APP_NAME/_CodeSignature/" | |
rm -f "$WORKING_DIR/Payload/$APP_NAME/embedded.mobileprovision" | |
APP_NAME=$(ls -1 $WORKING_DIR/Payload) | |
##################################### | |
echo "Create Signing Entitlements" | |
ENTITLEMENTS="$OUTPUT/Entitlements.plist" | |
WORKING_PROFILE_PLIST="$OUTPUT/$WORKING_PROFILE.plist" | |
security cms -D -i "$WORKING_PROFILE" > "$WORKING_PROFILE_PLIST" | |
# /usr/libexec/PlistBuddy -x -c 'Print :Entitlements' "$WORKING_PROFILE_PLIST" > "$ENTITLEMENTS" | |
TEAM_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :TeamIdentifier:0" "$WORKING_PROFILE_PLIST") | |
APPLICATION_IDENTIFIER_PREFIX=$(/usr/libexec/Plistbuddy -c "Print :ApplicationIdentifierPrefix:0" "$WORKING_PROFILE_PLIST") | |
BUNDLE_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :CFBundleIdentifier" "$WORKING_DIR/Payload/$APP_NAME/Info.plist") | |
APS_ENVIRONMENT=$(/usr/libexec/Plistbuddy -c "Print Entitlements:aps-environment" "$WORKING_PROFILE_PLIST") | |
BETA_REPORTS=$(/usr/libexec/Plistbuddy -c "Print Entitlements:beta-reports-active" "$WORKING_PROFILE_PLIST") | |
PROVISIONING_GET_TASK_ALLOW=$(/usr/libexec/Plistbuddy -c "Print :Entitlements:get-task-allow" "$WORKING_PROFILE_PLIST") | |
echo "\tAPP_NAME = $APP_NAME" | |
echo "\tTEAM_IDENTIFIER = $TEAM_IDENTIFIER" | |
echo "\tAPPLICATION_IDENTIFIER_PREFIX = $APPLICATION_IDENTIFIER_PREFIX" | |
echo "\tBUNDLE_IDENTIFIER = $BUNDLE_IDENTIFIER" | |
echo "\tAPS_ENVIRONMENT = $APS_ENVIRONMENT" | |
echo "\tBETA_REPORTS = $BETA_REPORTS" | |
echo "\tPROVISIONING_GET_TASK_ALLOW = $PROVISIONING_GET_TASK_ALLOW" | |
/usr/libexec/PlistBuddy -c "Add :application-identifier string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS" | |
/usr/libexec/PlistBuddy -c "Add :get-task-allow bool $PROVISIONING_GET_TASK_ALLOW" "$ENTITLEMENTS" | |
/usr/libexec/PlistBuddy -c "Add :keychain-access-groups array" "$ENTITLEMENTS" | |
/usr/libexec/PlistBuddy -c "Add :keychain-access-groups:0 string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS" | |
/usr/libexec/PlistBuddy -c "Add :aps-environment string $APS_ENVIRONMENT" "$ENTITLEMENTS" | |
# /usr/libexec/PlistBuddy -c "Add :beta-reports-active bool $BETA_REPORTS" "$ENTITLEMENTS" | |
cp "$ENTITLEMENTS" "$WORKING_DIR/Payload/$APP_NAME/archived-expanded-entitlements.xcent" | |
cat "$WORKING_DIR/Payload/$APP_NAME/archived-expanded-entitlements.xcent" | |
##################################### | |
echo "Sign Frameworks" | |
function sign_framework() { | |
FRAMEWORK=$1.framework | |
if [ -d "$WORKING_DIR/Payload/$APP_NAME/Frameworks/$FRAMEWORK" ]; | |
then | |
codesign --force --sign "$SIGNING_IDENTITY" --verbose "$WORKING_DIR/Payload/$APP_NAME/Frameworks/$FRAMEWORK" | |
fi | |
} | |
sign_framework Branch | |
##################################### | |
echo "Sign Application" | |
codesign --force --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$WORKING_DIR/Payload/$APP_NAME" --verbose | |
codesign --verify --verbose --deep --no-strict "$WORKING_DIR/Payload/$APP_NAME" | |
OUTPUT_IPA="$OUTPUT/"$IPA_NAME"_resigned.ipa" | |
cd $WORKING_DIR | |
zip -q --symlinks --recurse-paths "../.tmp_output.ipa" . | |
cd .. | |
mv ".tmp_output.ipa" "$OUTPUT_IPA" | |
# Cleanup | |
rm -Rf "$WORKING_DIR" | |
rm -f "$ENTITLEMENTS" | |
rm -f "$WORKING_PROFILE_PLIST" | |
rm -f "$WORKING_PROFILE" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment