marchbold/resign.sh

## resign.sh
#!/bin/bash

#####################################
## CONFIG

# You need to set the values below for your application
# We suggest they are full paths to the files.

# The path to the ipa generated from your AIR application packaging
IPA="/path/to/your/dist_app.ipa"

# The distribution provisioning profile for your application
PROVISIONING_PROFILE="/path/to/your/distribution_profile.mobileprovision"

# The name of the signing identity. You get this by running the following in a terminal
# and selecting the name of your distribution certificate:
#
# security find-identity -v -p codesigning
SIGNING_IDENTITY="iPhone Distribution: Distriqt Pty Ltd (XXXXXXXXXX)"

## END CONFIG
#####################################


OUTPUT=.
WORKING_DIR=.tmp
WORKING_PROFILE="profile.mobileprovision"
IPA_NAME=$(basename ${IPA%.*})

cp -f "$PROVISIONING_PROFILE" "$WORKING_PROFILE"

rm -rf "$WORKING_DIR"
unzip -qq -o $IPA -d $WORKING_DIR
find . -iname '$WORKING_DIR/*.DS_Store' -delete

rm -rf "$WORKING_DIR/Payload/$APP_NAME/_CodeSignature/"
rm -f "$WORKING_DIR/Payload/$APP_NAME/embedded.mobileprovision"

APP_NAME=$(ls -1 $WORKING_DIR/Payload)


#####################################
echo "Create Signing Entitlements"
ENTITLEMENTS="$OUTPUT/Entitlements.plist"
rm -f "$ENTITLEMENTS"
WORKING_PROFILE_PLIST="$OUTPUT/$WORKING_PROFILE.plist"
security cms -D -i "$WORKING_PROFILE" > "$WORKING_PROFILE_PLIST"


TEAM_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :TeamIdentifier:0" "$WORKING_PROFILE_PLIST")
APPLICATION_IDENTIFIER_PREFIX=$(/usr/libexec/Plistbuddy -c "Print :ApplicationIdentifierPrefix:0" "$WORKING_PROFILE_PLIST")
BUNDLE_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :CFBundleIdentifier" "$WORKING_DIR/Payload/$APP_NAME/Info.plist")
APS_ENVIRONMENT=$(/usr/libexec/Plistbuddy -c "Print Entitlements:aps-environment" "$WORKING_PROFILE_PLIST")
BETA_REPORTS=$(/usr/libexec/Plistbuddy -c "Print Entitlements:beta-reports-active" "$WORKING_PROFILE_PLIST")
PROVISIONING_GET_TASK_ALLOW=$(/usr/libexec/Plistbuddy -c "Print :Entitlements:get-task-allow" "$WORKING_PROFILE_PLIST")

echo "  APP_NAME = $APP_NAME"
echo "  TEAM_IDENTIFIER = $TEAM_IDENTIFIER"
echo "  APPLICATION_IDENTIFIER_PREFIX = $APPLICATION_IDENTIFIER_PREFIX"
echo "  BUNDLE_IDENTIFIER = $BUNDLE_IDENTIFIER"
echo "  APS_ENVIRONMENT = $APS_ENVIRONMENT"
echo "  BETA_REPORTS = $BETA_REPORTS"
echo "  PROVISIONING_GET_TASK_ALLOW = $PROVISIONING_GET_TASK_ALLOW"


/usr/libexec/PlistBuddy -c "Add :application-identifier string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS"
/usr/libexec/PlistBuddy -c "Add :get-task-allow bool $PROVISIONING_GET_TASK_ALLOW" "$ENTITLEMENTS"
/usr/libexec/PlistBuddy -c "Add :keychain-access-groups array" "$ENTITLEMENTS"
/usr/libexec/PlistBuddy -c "Add :keychain-access-groups:0 string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS"
if [ $APS_ENVIRONMENT ]; then
    echo "Setting aps-environment=$APS_ENVIRONMENT"
    /usr/libexec/PlistBuddy -c "Add :aps-environment string $APS_ENVIRONMENT" "$ENTITLEMENTS"
fi
if [ $BETA_REPORTS ]; then
    echo "Setting beta-reports-active=$BETA_REPORTS"
    /usr/libexec/PlistBuddy -c "Add :beta-reports-active bool $BETA_REPORTS" "$ENTITLEMENTS"
fi

# Uncomment these lines if you are using AppleSignIn
#/usr/libexec/PlistBuddy -c "Add :com.apple.developer.applesignin array" "$ENTITLEMENTS"
#/usr/libexec/PlistBuddy -c "Add :com.apple.developer.applesignin:0 string Default" "$ENTITLEMENTS"


#####################################
echo "Sign Frameworks"

find $WORKING_DIR/Payload/$APP_NAME/Frameworks/ -name "*.framework" -exec codesign --force --sign "$SIGNING_IDENTITY" --generate-entitlement-der {} \;


#####################################
echo "Sign Application"
codesign --force --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$WORKING_DIR/Payload/$APP_NAME" --verbose


OUTPUT_IPA="$OUTPUT/"$IPA_NAME"_resigned.ipa"
cd $WORKING_DIR
zip -q --symlinks --recurse-paths "../.tmp_output.ipa" .
cd ..
mv ".tmp_output.ipa" "$OUTPUT_IPA"


# Cleanup
rm -Rf "$WORKING_DIR"
# rm -f "$ENTITLEMENTS"
rm -f "$WORKING_PROFILE_PLIST"
rm -f "$WORKING_PROFILE"
	#!/bin/bash

	#####################################
	## CONFIG

	# You need to set the values below for your application
	# We suggest they are full paths to the files.

	# The path to the ipa generated from your AIR application packaging
	IPA="/path/to/your/dist_app.ipa"

	# The distribution provisioning profile for your application
	PROVISIONING_PROFILE="/path/to/your/distribution_profile.mobileprovision"

	# The name of the signing identity. You get this by running the following in a terminal
	# and selecting the name of your distribution certificate:
	#
	# security find-identity -v -p codesigning
	SIGNING_IDENTITY="iPhone Distribution: Distriqt Pty Ltd (XXXXXXXXXX)"

	## END CONFIG
	#####################################




	OUTPUT=.
	WORKING_DIR=.tmp
	WORKING_PROFILE="profile.mobileprovision"
	IPA_NAME=$(basename ${IPA%.*})

	cp -f "$PROVISIONING_PROFILE" "$WORKING_PROFILE"

	rm -rf "$WORKING_DIR"
	unzip -qq -o $IPA -d $WORKING_DIR
	find . -iname '$WORKING_DIR/*.DS_Store' -delete

	rm -rf "$WORKING_DIR/Payload/$APP_NAME/_CodeSignature/"
	rm -f "$WORKING_DIR/Payload/$APP_NAME/embedded.mobileprovision"

	APP_NAME=$(ls -1 $WORKING_DIR/Payload)


	#####################################
	echo "Create Signing Entitlements"
	ENTITLEMENTS="$OUTPUT/Entitlements.plist"
	rm -f "$ENTITLEMENTS"
	WORKING_PROFILE_PLIST="$OUTPUT/$WORKING_PROFILE.plist"
	security cms -D -i "$WORKING_PROFILE" > "$WORKING_PROFILE_PLIST"


	TEAM_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :TeamIdentifier:0" "$WORKING_PROFILE_PLIST")
	APPLICATION_IDENTIFIER_PREFIX=$(/usr/libexec/Plistbuddy -c "Print :ApplicationIdentifierPrefix:0" "$WORKING_PROFILE_PLIST")
	BUNDLE_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :CFBundleIdentifier" "$WORKING_DIR/Payload/$APP_NAME/Info.plist")
	APS_ENVIRONMENT=$(/usr/libexec/Plistbuddy -c "Print Entitlements:aps-environment" "$WORKING_PROFILE_PLIST")
	BETA_REPORTS=$(/usr/libexec/Plistbuddy -c "Print Entitlements:beta-reports-active" "$WORKING_PROFILE_PLIST")
	PROVISIONING_GET_TASK_ALLOW=$(/usr/libexec/Plistbuddy -c "Print :Entitlements:get-task-allow" "$WORKING_PROFILE_PLIST")

	echo " APP_NAME = $APP_NAME"
	echo " TEAM_IDENTIFIER = $TEAM_IDENTIFIER"
	echo " APPLICATION_IDENTIFIER_PREFIX = $APPLICATION_IDENTIFIER_PREFIX"
	echo " BUNDLE_IDENTIFIER = $BUNDLE_IDENTIFIER"
	echo " APS_ENVIRONMENT = $APS_ENVIRONMENT"
	echo " BETA_REPORTS = $BETA_REPORTS"
	echo " PROVISIONING_GET_TASK_ALLOW = $PROVISIONING_GET_TASK_ALLOW"


	/usr/libexec/PlistBuddy -c "Add :application-identifier string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS"
	/usr/libexec/PlistBuddy -c "Add :get-task-allow bool $PROVISIONING_GET_TASK_ALLOW" "$ENTITLEMENTS"
	/usr/libexec/PlistBuddy -c "Add :keychain-access-groups array" "$ENTITLEMENTS"
	/usr/libexec/PlistBuddy -c "Add :keychain-access-groups:0 string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS"
	if [ $APS_ENVIRONMENT ]; then
	echo "Setting aps-environment=$APS_ENVIRONMENT"
	/usr/libexec/PlistBuddy -c "Add :aps-environment string $APS_ENVIRONMENT" "$ENTITLEMENTS"
	fi
	if [ $BETA_REPORTS ]; then
	echo "Setting beta-reports-active=$BETA_REPORTS"
	/usr/libexec/PlistBuddy -c "Add :beta-reports-active bool $BETA_REPORTS" "$ENTITLEMENTS"
	fi

	# Uncomment these lines if you are using AppleSignIn
	#/usr/libexec/PlistBuddy -c "Add :com.apple.developer.applesignin array" "$ENTITLEMENTS"
	#/usr/libexec/PlistBuddy -c "Add :com.apple.developer.applesignin:0 string Default" "$ENTITLEMENTS"


	#####################################
	echo "Sign Frameworks"

	find $WORKING_DIR/Payload/$APP_NAME/Frameworks/ -name "*.framework" -exec codesign --force --sign "$SIGNING_IDENTITY" --generate-entitlement-der {} \;


	#####################################
	echo "Sign Application"
	codesign --force --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$WORKING_DIR/Payload/$APP_NAME" --verbose


	OUTPUT_IPA="$OUTPUT/"$IPA_NAME"_resigned.ipa"
	cd $WORKING_DIR
	zip -q --symlinks --recurse-paths "../.tmp_output.ipa" .
	cd ..
	mv ".tmp_output.ipa" "$OUTPUT_IPA"


	# Cleanup
	rm -Rf "$WORKING_DIR"
	# rm -f "$ENTITLEMENTS"
	rm -f "$WORKING_PROFILE_PLIST"
	rm -f "$WORKING_PROFILE"