The MAC command line re-signs the complex IPA package

Recently in the Automation platform for iOS, you need to load the IPA package via command line security

Okay, the question is, someone else uploads the IPA package, which is probably the development of a Test IPA package that can only be installed on a specific phone, so how do we install it on our automated iphone?

The answer looks obvious, re-signing it, but we're an automated platform that can't be signed manually so you need to re-sign it with your Mac's command line

This is my first version of the code:

#!/bin/bashecho $1cd uploadfilesunzip $1rm-rf $1cd payloada= ' ls|sed ' s/[[]*//g ' |grep *.app ' echo ' A: ' $ACD. RM-RF payload/$a/_CODESIGNATURECP embedded.mobileprovision  payload/$a/embedded.mobileprovisionsecurity cms-d- I embedded.mobileprovision > T_entitlements_full.plist/usr/libexec/plistbuddy-x-C ' print:entitlements ' T_ Entitlements_full.plist >entitlements.plist/usr/bin/codesign-f-S "IPhone Developer:wei Sang (4KC7XYF69X)"-- Entitlements Entitlements.plist payload/$azip-R $ payloadrm-rf T_ENTITLEMENTS_FULL.PLISTRM-RF ENTITLEMENTS.PLISTRM- RF PAYLOADCD.

It turns out that some IPA packages are signed with this script to be able to install, while the other IPA packages are signed and cannot be installed

Why? Why? Why?

Fortunately found a piece of depth on the Internet Good article: 1190000004144556

Here's my point:

iOS programs will eventually be exported as an. IPA file, first to understand the structure of the IPA file:

In fact, the IPA file is just a zip package that can be extracted using the following command:

<destination>

After extracting, get the payload directory, below is the subdirectory, where the contents are as follows:

1. Resource files, examples, HTML, and so on.

2. _codesignature/coderesources. This is a plist file that can be viewed in text, where the content is the signature of all files in the package (not including frameworks). Notice here is 所有文件 . means that once your program is signed, you cannot change anything, including the resource file and the executable itself. These signatures are checked by the iOS system.

3. Executable file. This file needs to be signed like a resource file.

4. A mobileprovision file. Used when packaging, generated from the MC.

5. Frameworks. Program refers to the non-system comes with frameworks, each frameworks is actually an app, in which the structure should be similar to the app, also contains the signature information coderesources file

See the Point no frameworks!!!!!! What the hell is this?????

Because I have not done iOS development, I will understand it as an app app, specifically what, everyone Baidu, should have explained

At the time of signing, if there are Frameworks subdirectories, sign all the frameworks under the. App Folder ... The key points of this question must be tested


Okay, I'm going to embedded.mobileprovision the subdirectory under the new, and also regenerate the signature file _codesignature

And then I installed, I went, incredibly failed .

What the heck!!!!!!!

Then I thought, and I guessed that a possibility had to be signed from the inner frameworks, why? Because the inner layer signs the file, it causes its folder to change.

If from the outside to sign, outside the first sign, check in the time, the frameworks folder changes, the outside of the signature is void ... That's the point .

The final code:

#!/bin/bashecho $1cd uploadfilesunzip $1rm-rf $1find payload-name _codesignature-exec rm-rf {} \;find payload-name em Bedded.mobileprovision-exec cp embedded.mobileprovision {} \;security cms-d-i embedded.mobileprovision > T_entitlem Ents_full.plist/usr/libexec/plistbuddy-x-C ' print:entitlements ' T_entitlements_full.plist >entitlements.plista = ' Find Payload-name embedded.mobileprovision|wc-l ' b= ' find Payload-name embedded.mobileprovision|sed ' s/\/ Embedded.mobileprovision/\@/g ' echo $btxt [0]= "" for ((i=0; i<a; i++)); Do let j=i+1 c= ' echo $b |cut-d "@"-f$j ' echo "$c" D= ' echo $c |grep-o '/' | Wc-l ' echo $d if [$i-eq 0];then num[0]= $d txt[0]= $c num[1]=                0 txt[1]= "" echo "num0=" ${num[0 "} else let e=0 let l=0 for ((l=0; l<=i; l++));               do if [${num[$l]}-gt $d];then                 echo "Continue" else e=${num[$l]}                                etxt=${txt[$l]} num[$l]= $d txt[$l]= $c                d= $e c= $etxt fi done                  num[$l]= $d fi echo "Xxxxxxxxxxxxxxxxxxxxxxxxxx" for Var in ${num[*]}        Echo $var; Done echo "Xxxxxxxxxxxxxxxxxxxxxxxxxx" Donefor ((o=0;o<a;o++));d o txt[o]= ' echo ${txt[o]}|sed ' s/payload        /payload/' echo ${txt[o]}; /usr/bin/codesign-f-S "IPhone Developer:wei Sang (4kc7xyf69x)"--entitlements entitlements.plist "${txt[o]}" done#/usr /bin/codesign-f-S "IPhone Developer:wei Sang (4kc7xyf69x)"--entitlements entitlements.plist payload/$aazip-R $ Paylo ADRM-RF t_entitlements_full.plistrm-rf entitlements.plistrm-rf PAYLOADCD.

The MAC command line re-signs the complex IPA package