diff --git a/floatsign.sh b/floatsign.sh index dbc91ac..659f652 100755 --- a/floatsign.sh +++ b/floatsign.sh @@ -62,7 +62,7 @@ fi } if [ $# -lt 3 ]; then - echo "usage: $0 source identity -p provisioning [-e entitlements] [-r adjustBetaReports] [-d displayName] [-n version] -b bundleId outputIpa" >&2 + echo "usage: $0 source identity -p provisioning [-e entitlements] [-r adjustBetaReports] [-d displayName] [-n version] [-v version] -b bundleId outputIpa" >&2 echo " -b is optional, but heavly recommended" >&2 echo " -r flag requires a value '-r yes'" echo " -r flag is ignored if -e is also used" >&2 @@ -79,15 +79,19 @@ APP_IDENTIFER_PREFIX="" TEAM_IDENTIFIER="" KEYCHAIN="" VERSION_NUMBER="" +BUNDLE_VERSION_NUMBER="" ADJUST_BETA_REPORTS_ACTIVE_FLAG="0" TEMP_DIR="_floatsignTemp" IS_ENTERPRISE_PROFILE="false" IS_ADHOC_PROFILE="false" ADHOC_PROVISIONED_DEVICES="" +CERTIFICATE_HASH=$(security find-certificate -c "$CERTIFICATE" -Z | awk '{print $3; exit}') +echo "Specified certificate hash: "$CERTIFICATE_HASH + # options start index OPTIND=3 -while getopts p:d:e:k:b:r:n: opt; do +while getopts p:d:e:k:b:r:n:v: opt; do case $opt in p) NEW_PROVISION="$OPTARG" @@ -113,6 +117,10 @@ while getopts p:d:e:k:b:r:n: opt; do VERSION_NUMBER="$OPTARG" echo "Specified version to use: '$VERSION_NUMBER'" >&2 ;; + v) + BUNDLE_VERSION_NUMBER="$OPTARG" + echo "Specified bundle version to use: '$BUNDLE_VERSION_NUMBER'" >&2 + ;; r) ADJUST_BETA_REPORTS_ACTIVE_FLAG="1" echo "Enabled adjustment of beta-reports-active entitlements" >&2 @@ -227,7 +235,7 @@ then if [ "$IS_ENTERPRISE_PROFILE" == "true" ]; then echo "Enterprise 'In House' provisioning profile detected" fi - + ADHOC_PROVISIONED_DEVICES=`PlistBuddy -c "Print :ProvisionedDevices" "$TEMP_DIR/profile.plist" 2> /dev/null | tr -d '\n'` if [ -n "$ADHOC_PROVISIONED_DEVICES" ]; then IS_ADHOC_PROFILE="true" @@ -235,9 +243,11 @@ then fi APP_IDENTIFER_PREFIX=$(PlistBuddy -c "Print :Entitlements:application-identifier" "$TEMP_DIR/profile.plist" | grep -E '^[a-zA-Z0-9\.]*' -o | tr -d '\n') + APP_IDENTIFER_PREFIX=$(PlistBuddy -c "Print :ApplicationIdentifierPrefix:0" "$TEMP_DIR/profile.plist") if [ "$APP_IDENTIFER_PREFIX" == "" ]; then APP_IDENTIFER_PREFIX=$(PlistBuddy -c "Print :ApplicationIdentifierPrefix:0" "$TEMP_DIR/profile.plist") + echo $APP_IDENTIFER_PREFIX if [ "$APP_IDENTIFER_PREFIX" == "" ]; then echo "Failed to extract any app identifier prefix from '$NEW_PROVISION'" >&2 @@ -263,6 +273,9 @@ then echo "Profile team identifier is '$TEAM_IDENTIFIER'" >&2 fi + APP_KEYCHAIN_ACCESS_GROUP=$(PlistBuddy -c "Print :Entitlements:keychain-access-groups:0" "$TEMP_DIR/profile.plist") + APPS_ENVIRONMENT=$(PlistBuddy -c "Print :Entitlements:aps-environment" "$TEMP_DIR/profile.plist" 2> /dev/null) + cp "$NEW_PROVISION" "$TEMP_DIR/Payload/$APP_NAME/embedded.mobileprovision" else echo "Provisioning profile '$NEW_PROVISION' file does not exist" >&2 @@ -281,7 +294,6 @@ then PlistBuddy -c "Set :CFBundleIdentifier $BUNDLE_IDENTIFIER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist" checkStatus fi - # Update the version number properties in the Info.plist if a version number has been provided if [ "$VERSION_NUMBER" != "" ]; then @@ -290,7 +302,18 @@ then then echo "Updating the version from '$CURRENT_VERSION_NUMBER' to '$VERSION_NUMBER'" >&2 PlistBuddy -c "Set :CFBundleVersion $VERSION_NUMBER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist" - PlistBuddy -c "Set :CFBundleShortVersionString $VERSION_NUMBER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist" + #PlistBuddy -c "Set :CFBundleShortVersionString $VERSION_NUMBER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist" + fi +fi + +# Update the version number properties in the Info.plist if a version number has been provided +if [ "$BUNDLE_VERSION_NUMBER" != "" ]; +then + CURRENT_BUNDLE_VERSION_NUMBER=$(PlistBuddy -c "Print :CFBundleShortVersionString" "$TEMP_DIR/Payload/$APP_NAME/Info.plist") + if [ "$BUNDLE_VERSION_NUMBER" != "$CURRENT_BUNDLE_VERSION_NUMBER" ]; + then + echo "Updating the version from '$CURRENT_BUNDLE_VERSION_NUMBER' to '$BUNDLE_VERSION_NUMBER'" >&2 + PlistBuddy -c "Set :CFBundleShortVersionString $BUNDLE_VERSION_NUMBER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist" fi fi @@ -303,7 +326,7 @@ then echo "ERROR: embedded plugin detected, re-signing iOS 8 (or higher) applications wihout a team identifier in the certificate/profile does not work" >&2 exit 1; fi - + echo "Resigning embedded plugins using certificate: '$CERTIFICATE'" >&2 for plugin in "$PLUGINS_DIR"/* do @@ -311,10 +334,10 @@ then then for app in "$plugin"/*.app do - /usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$ENTITLEMENTS" "$app" + /usr/bin/codesign -f -s "$CERTIFICATE_HASH" --entitlements="$ENTITLEMENTS" "$app" checkStatus done - /usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$ENTITLEMENTS" "$plugin" + /usr/bin/codesign -f -s "$CERTIFICATE_HASH" --entitlements="$ENTITLEMENTS" "$plugin" checkStatus else echo "Ignoring non-plugin: $plugin" >&2 @@ -337,7 +360,7 @@ then do if [[ "$framework" == *.framework || "$framework" == *.dylib ]] then - /usr/bin/codesign -f -s "$CERTIFICATE" "$framework" + /usr/bin/codesign -f -s "$CERTIFICATE_HASH" "$framework" checkStatus else echo "Ignoring non-framework: $framework" >&2 @@ -381,7 +404,7 @@ then echo "Resigning application using certificate: '$CERTIFICATE'" >&2 echo "and entitlements: $ENTITLEMENTS" >&2 - /usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$ENTITLEMENTS" "$TEMP_DIR/Payload/$APP_NAME" + /usr/bin/codesign -f -s "$CERTIFICATE_HASH" --entitlements="$ENTITLEMENTS" "$TEMP_DIR/Payload/$APP_NAME" checkStatus else echo "Extracting existing entitlements for updating" >&2 @@ -400,7 +423,13 @@ else fi PlistBuddy -c "Set :application-identifier ${APP_IDENTIFER_PREFIX}.${BUNDLE_IDENTIFIER}" "$TEMP_DIR/newEntitlements" checkStatus - PlistBuddy -c "Set :keychain-access-groups:0 ${APP_IDENTIFER_PREFIX}.${BUNDLE_IDENTIFIER}" "$TEMP_DIR/newEntitlements" + + if [ "$APP_KEYCHAIN_ACCESS_GROUP" == "" ]; then + PlistBuddy -c "Set :keychain-access-groups:0 ${APP_IDENTIFER_PREFIX}.${BUNDLE_IDENTIFIER}" "$TEMP_DIR/newEntitlements" + else + PlistBuddy -c "Set :keychain-access-groups:0 ${APP_KEYCHAIN_ACCESS_GROUP}" "$TEMP_DIR/newEntitlements" + fi + # checkStatus -- if this fails it's likely because the keychain-access-groups key does not exist, so we have nothing to update if [[ "$CERTIFICATE" == *Distribution* ]]; then echo "Assuming Distribution Identity" @@ -437,6 +466,13 @@ else echo "Setting get-task-allow entitlement to YES" PlistBuddy -c "Set :get-task-allow YES" "$TEMP_DIR/newEntitlements" fi + + if [ "$APPS_ENVIRONMENT" != "" ]; then + PlistBuddy -c "Set :aps-environment ${APPS_ENVIRONMENT}" "$TEMP_DIR/newEntitlements" + else + PlistBuddy -c "Delete :aps-environment" "$TEMP_DIR/newEntitlements" 2> /dev/null + fi + checkStatus plutil -lint "$TEMP_DIR/newEntitlements" > /dev/null checkStatus @@ -446,7 +482,7 @@ else then echo "and team identifier: '$TEAM_IDENTIFIER'" >&2 fi - /usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$TEMP_DIR/newEntitlements" "$TEMP_DIR/Payload/$APP_NAME" + /usr/bin/codesign -f -s "$CERTIFICATE_HASH" --entitlements="$TEMP_DIR/newEntitlements" "$TEMP_DIR/Payload/$APP_NAME" checkStatus else echo "Failed to create required intermediate file" >&2 @@ -456,14 +492,14 @@ else echo "No entitlements found" >&2 echo "Resigning application using certificate: '$CERTIFICATE'" >&2 echo "without entitlements" >&2 - /usr/bin/codesign -f -s "$CERTIFICATE" "$TEMP_DIR/Payload/$APP_NAME" + /usr/bin/codesign -f -s "$CERTIFICATE_HASH" "$TEMP_DIR/Payload/$APP_NAME" checkStatus fi else echo "Failed to extract entitlements" >&2 echo "Resigning application using certificate: '$CERTIFICATE'" >&2 echo "without entitlements" >&2 - /usr/bin/codesign -f -s "$CERTIFICATE" "$TEMP_DIR/Payload/$APP_NAME" + /usr/bin/codesign -f -s "$CERTIFICATE_HASH" "$TEMP_DIR/Payload/$APP_NAME" checkStatus fi fi