Create a gist now

Instantly share code, notes, and snippets.

A small bash script to re-sign iOS applications.
# !/bin/bash
# Copyright (c) 2011 Float Mobile Learning
# http://www.floatlearning.com/
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Please let us know about any improvements you make to this script!
# ./sign source identity -p "path/to/profile" -e "path/to/entitlements" target
if [ $# -lt 3 ]; then
echo "usage: $0 source identity [-p provisioning] [-e entitlements] target" >&2
exit 1
fi
ORIGINAL_FILE="$1"
CERTIFICATE="$2"
NEW_PROVISION=
ENTITLEMENTS=
OPTIND=3
while getopts p:e: opt; do
case $opt in
p)
NEW_PROVISION="$OPTARG"
echo "Specified provisioning profile: $NEW_PROVISION" >&2
;;
e)
ENTITLEMENTS="$OPTARG"
echo "Specified signing entitlements: $ENTITLEMENTS" >&2
;;
\?)
echo "Invalid option: -$OPTARG" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument." >&2
exit 1
;;
esac
done
shift $((OPTIND-1))
NEW_FILE="$1"
# Check if the supplied file is an ipa or an app file
if [ "${ORIGINAL_FILE##*.}" = "ipa" ]
then
# Unzip the old ipa quietly
unzip -q "$ORIGINAL_FILE" -d temp
elif [ "${ORIGINAL_FILE##*.}" = "app" ]
then
# Copy the app file into an ipa-like structure
mkdir -p "temp/Payload"
cp -Rf "$ORIGINAL_FILE" "temp/Payload/$ORIGINAL_FILE"
else
echo "Error: Only can resign .app files and .ipa files." >&2
exit
fi
# Set the app name
# The app name is the only file within the Payload directory
APP_NAME=$(ls temp/Payload/)
echo "APP_NAME=$APP_NAME" >&2
# Replace the embedded mobile provisioning profile
if [ "$NEW_PROVISION" != "" ]; then
echo "Adding the new provision: $NEW_PROVISION"
cp "$NEW_PROVISION" "temp/Payload/$APP_NAME/embedded.mobileprovision"
fi
# Resign the application
echo "Resigning application using certificate: $CERTIFICATE" >&2
if [ "$ENTITLEMENTS" != "" ]; then
echo "Using Entitlements: $ENTITLEMENTS" >&2
/usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$ENTITLEMENTS" "temp/Payload/$APP_NAME"
else
/usr/bin/codesign -f -s "$CERTIFICATE" "temp/Payload/$APP_NAME"
fi
# Repackage quietly
echo "Repackaging as $NEW_FILE"
# Zip up the contents of the temp folder
# Navigate to the temporary directory (sending the output to null)
# Zip all the contents, saving the zip file in the above directory
# Navigate back to the orignating directory (sending the output to null)
pushd temp > /dev/null
zip -qry ../temp.ipa *
popd > /dev/null
# Move the resulting ipa to the target destination
mv temp.ipa "$NEW_FILE"
# Remove the temp directory
rm -rf "temp"
@catmac
catmac commented Dec 20, 2011

Very useful script but could do with an extra feature of setting the bundle identifier, and perhaps the display name as well.

@mediabounds
Owner

Great idea--would be happy to review anyone's attempt to implement. Currently, that feature doesn't fall within my needs--but if it ever does, I will likely work on implementing it!

@catmac
catmac commented Dec 20, 2011
@zcharter

Fyi, you can use Apple's (built-in) /usr/libexec/PlistBuddy command to edit the display name or bundle id in the info.plist.

@mediabounds
Owner
@zcharter

Suggestion: rename the argument name from 'target' to a less loaded term. (Targets is already a concept used by Xcode.)

Also, I noticed a bug. If you try and run it on a source file named "MyApp.orig.ipa" the script will quick with "Error: Only can resign .app files and .ipa files."

@catmac
catmac commented Jan 26, 2012

I have this script updated with 2 new features: sent the bundle identifier and the display name. want to test it?

@catmac
catmac commented Jan 26, 2012

it seems I can't paste the code changes here.

@mediabounds
Owner

You should be able to fork the script, make whatever changes you want, and then do a Pull request. Alternatively, I think I still got an e-mail with your code...even though Github won't display it.

@stefanfisk

Would it be possible to modify the script so that it resigns using the same identity? I'm using Xamarin, and it lacks the equivalent of a build script phase, so any scripts modifying the app during build also breaks the signing.

@stefanfisk

Would it be possible to modify the script so that it resigns using the same identity? I'm using Xamarin, and it lacks the equivalent of a build script phase, so any scripts modifying the app during build also breaks the signing.

@derFunk
derFunk commented Jun 26, 2014

Added the option to use another keychain: https://gist.github.com/derFunk/02890dc8a78a56c28491

@Technologx2013

Does this fake codesign apps?

@romainbiard

AirSign (http://www.airsignapp.com) is doing the same but with a GUI.

@obataweb
obataweb commented Oct 7, 2014

romainbiard, thanks for the link to AirSign, it worked for me to resign the app.

@davidguaita

I was not able to use AirSign, but this script worked like a charm.Good work!

@Mohamed-Raffi

Code-signed IPA runs on iOS7 but not on iOS8. please help me.

@xgiovio
xgiovio commented Oct 16, 2015

the float script doesn’t work on ipas with extensions and plugin. here my solution http://www.xgiovio.com/blog-photos-videos-other/blog/resign-your-ios-ipa-frameworks-and-plugins-included/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment