ios ipa包重签名
作用
保持bundleid不变,重新用企业证书签名,分发。
流程
- 解压你所要签名的ipa包(解压后里面包含Payload(如果是个人证书打包还会包含Symbols文件夹))
unzip xxx.ipa - 删除Payload中xxx.app里面的_CodeSignature文件夹
rm -rf Payload/xxx.app/_CodeSignature - 拷贝embedded.mobileprovision(新的必须改名为embedded)到Payload中xxx.app里面
cp embedded.mobileprovision Payload/xxx.app - 创建entitlements.plist,并用该文件进行重签名
codesign -f -s "iPhone Distribution: xxxxxxxxxx" --entitlements entitlements.plist Payload/xxx.app
其中"iPhone Distribution: xxxxxxxxxx"是证书名, 在钥匙串中能找到 - 修改xxx.app下面的info.plist里面的bundleIdentifier为你自己的bundleIdentifier
- 打包
zip -r xxx.ipa Payload(如果之前文件夹包含Symbols文件夹,该文件夹与Payload文件夹一起打包) - 安装到手机进行验证
xcode、iTunes、各种手机助手、或者一些第三方托管平台(比如蒲公英等)
demo
重签名上传蒲公英
#Author bibibi
CURRENT_PATH="$(pwd)"
#生成的APP名称
APPNAME=$(basename ${CURRENT_PATH}/*.app .app)
echo "app name is ${APPNAME}"
if [[ $APPNAME = "*" ]];then
echo "请放入需要破解的app"
exit 1
fi
#输出ipa文件的路径
OUTDIR="${CURRENT_PATH}/output"
#payload路径
PAYLOAD="${OUTDIR}/Payload"
#init
rm -rf ${OUTDIR}
mkdir -p ${PAYLOAD}
mv ${APPNAME}.app ${PAYLOAD}/${APPNAME}.app
#Framework dir
FrameworkDir="${OUTDIR}/Payload/${APPNAME}.app/Frameworks"
#蒲公英apiKey 正式(111) other(111) 线上(111)
PAPIKEY="111"
#蒲公英uKey 正式(111) other(111) 线上(111)
PUKEY="111"
#替换的provision
provision_name="111.mobileprovision"
rule_path="ResourceRules.plist"
#替换的ce
distribution_name="111111"
#-----------resign-------------
cd ${OUTDIR}
#change provision
cp ${CURRENT_PATH}/$provision_name ./Payload/${APPNAME}.app/embedded.mobileprovision
#make rulepath
cp ${CURRENT_PATH}/$rule_path ./Payload/${APPNAME}.app/$rule_path
#make plist
/usr/libexec/PlistBuddy -x -c "print :Entitlements " /dev/stdin <<< $(security cms -D -i Payload/*.app/embedded.mobileprovision) > entitlements.plist
#codesign framework
for file in $(ls ${FrameworkDir})
do
/usr/bin/codesign -f -s "$distribution_name" --entitlements entitlements.plist ${FrameworkDir}/${file}
done
#codesign app
rm -rf ./Payload/${APPNAME}.app/_CodeSignature
/usr/bin/codesign -f -s "$distribution_name" --resource-rules ./Payload/${APPNAME}.app/ResourceRules.plist --entitlements entitlements.plist ./Payload/${APPNAME}.app
zip -qr New_${APPNAME}.ipa Payload
echo "resign done"
#-----------update 蒲公英-------------
echo "curl -F file=@${OUTDIR}/New_${APPNAME}.ipa -F uKey=${PUKEY} -F _api_key=${PAPIKEY} http://www.pgyer.com/apiv1/app/upload"
curl -F "file=@${OUTDIR}/New_${APPNAME}.ipa" -F "uKey=${PUKEY}" -F "_api_key=${PAPIKEY}" "http://www.pgyer.com/apiv1/app/upload"
echo "上传完成\n\n"
cd ${CURRENT_PATH}
#--------------------end--------------
补充一个如何脚本编译
#-----------gernerate ipa-------------
echo "~~~~~~~~~~~~~~~~清理工程~~~~~~~~~~~~~~~~编译工程~~~~~~~"
echo "${OUTDIR}${APPNAME}.ipa"
echo "xcodebuild -workspace ${WORKSPACE_NAME}.xcworkspace -scheme ${SCHEME} -configuration Release clean build -sdk iphoneos CONFIGURATION_BUILD_DIR=${OUTDIR}"
xcodebuild -workspace "${WORKSPACE_PATH}/${WORKSPACE_NAME}.xcworkspace" -scheme "${SCHEME}" -configuration Release clean build -sdk iphoneos CONFIGURATION_BUILD_DIR=${OUTDIR}
#打包成 .ipa
echo "~~~~~~~~~~~${APPNAME}.ipa}~~~scuess"
echo "xcrun -sdk iphoneos PackageApplication -v ${OUTDIR}/${APPNAME}.app -o ${OUTDIR}/${APPNAME}.ipa"
xcrun -sdk iphoneos PackageApplication -v "${OUTDIR}/${APPNAME}.app" -o "${OUTDIR}/${APPNAME}.ipa"
# --sign "${IDENTITY}" --embed "${PROVISIONING_PROFILE}"
echo "ipa done"
遇到的问题
如果是使用framework的方式而不是.a的方式,那么要针对打包后ipa里的每个framework进行单独重签名。
#codesign framework
for file in $(ls ${FrameworkDir})
do
/usr/bin/codesign -f -s "$distribution_name" --entitlements entitlements.plist ${FrameworkDir}/${file}
done
排查问题
遇到包装不上或者包安装好后打开就闪退,可以结合手机闪退日志,查看ipa包信息分析问题。
排查问题的命令:
- 查看授权文件
codesign -d --entitlements - 111.app
结果
Executable=111.app/111
��qq�<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>111</string>
<key>aps-environment</key>
<string>development</string>
<key>com.apple.developer.associated-domains</key>
<array/>
<key>com.apple.developer.team-identifier</key>
<string>111</string>
<key>get-task-allow</key>
<true/>
</dict>
</plist>
- 查看证书信息
codesign -vv -d /Users/zhangbin/Desktop/Payload/FKY-TEST.app
结果
Executable=111.app/111
Identifier=111
Format=app bundle with Mach-O universal (armv7 arm64)
CodeDirectory v=20200 size=212082 flags=0x0(none) hashes=6620+5 location=embedded
Signature size=4728
Authority=iPhone Developer: 111
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=2017年9月19日 上午10:09:13
Info.plist entries=41
TeamIdentifier=111
Sealed Resources version=2 rules=13 files=422
Internal requirements count=1 size=180
- 查看描述文件
security cms -D -i 111.app/embedded.mobileprovision
结果
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AppIDName</key>
<string>111</string>
<key>ApplicationIdentifierPrefix</key>
<array>
<string>111</string>
</array>
<key>CreationDate</key>
<date>111</date>
<key>Platform</key>
<array>
<string>iOS</string>
</array>
<key>DeveloperCertificates</key>
<array>
</array>
<key>Entitlements</key>
<dict>
<key>keychain-access-groups</key>
<array>
<string>111.*</string>
</array>
<key>get-task-allow</key>
<true/>
<key>application-identifier</key>
<string>111</string>
<key>com.apple.developer.associated-domains</key>
<string>*</string>
<key>com.apple.developer.team-identifier</key>
<string>111</string>
<key>aps-environment</key>
<string>development</string>
</dict>
<key>ExpirationDate</key>
<date>2018-08-07T03:44:44Z</date>
<key>Name</key>
<string>iOS Team Provisioning Profile: 111</string>
<key>ProvisionedDevices</key>
<array>
</array>
<key>TeamIdentifier</key>
<array>
<string>111</string>
</array>
<key>TeamName</key>
<string>111</string>
<key>TimeToLive</key>
<integer>365</integer>
<key>UUID</key>
<string>111</string>
<key>Version</key>
<integer>1</integer>
</dict>
结果太长,部分内容省略了。
签名过程中遇到很多问题,举几个例子:
- 包安装失败,分析数据后发现ExpirationDate有问题,说明签名证书有问题。
- 安装成功,打开app闪退。查看闪退日志后发现有些framework加载失败导致,分析可能是framework没有做签名,查看描述文件后发现确实没签名,全部重签名后修复问题。
