marchbold · December 13, 2021 10:22 · Klug76 · Dec 23, 2021
diff --git a/resign.sh b/resign.sh
 #!/bin/bash

 #####################################
 ## CONFIG

 # You need to set the values below for your application
 # We suggest they are full paths to the files. 

 # The path to the ipa generated from your AIR application packaging
 IPA="/path/to/your/dist_app.ipa"

 # The distribution provisioning profile for your application
 PROVISIONING_PROFILE="/path/to/your/distribution_profile.mobileprovision"

 # The name of the signing identity. You get this by running the following in a terminal 
 # and selecting the name of your distribution certificate:
 # 
 # security find-identity -v -p codesigning
 SIGNING_IDENTITY="iPhone Distribution: Distriqt Pty Ltd (XXXXXXXXXX)"

 ## END CONFIG
 #####################################




 OUTPUT=.
 WORKING_DIR=.tmp
 WORKING_PROFILE="profile.mobileprovision"
 IPA_NAME=$(basename ${IPA%.*})

 cp -f "$PROVISIONING_PROFILE" "$WORKING_PROFILE"

 rm -rf "$WORKING_DIR"
 unzip -qq -o $IPA -d $WORKING_DIR
 find . -iname '$WORKING_DIR/*.DS_Store' -delete 

 rm -rf "$WORKING_DIR/Payload/$APP_NAME/_CodeSignature/"
 rm -f "$WORKING_DIR/Payload/$APP_NAME/embedded.mobileprovision"

 APP_NAME=$(ls -1 $WORKING_DIR/Payload)


 #####################################
 echo "Create Signing Entitlements"
 ENTITLEMENTS="$OUTPUT/Entitlements.plist"
 rm -f "$ENTITLEMENTS" 
 WORKING_PROFILE_PLIST="$OUTPUT/$WORKING_PROFILE.plist"
 security cms -D -i "$WORKING_PROFILE" > "$WORKING_PROFILE_PLIST"


 TEAM_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :TeamIdentifier:0" "$WORKING_PROFILE_PLIST")
 APPLICATION_IDENTIFIER_PREFIX=$(/usr/libexec/Plistbuddy -c "Print :ApplicationIdentifierPrefix:0" "$WORKING_PROFILE_PLIST")
 BUNDLE_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :CFBundleIdentifier" "$WORKING_DIR/Payload/$APP_NAME/Info.plist")
 APS_ENVIRONMENT=$(/usr/libexec/Plistbuddy -c "Print Entitlements:aps-environment" "$WORKING_PROFILE_PLIST")
 BETA_REPORTS=$(/usr/libexec/Plistbuddy -c "Print Entitlements:beta-reports-active" "$WORKING_PROFILE_PLIST")
 PROVISIONING_GET_TASK_ALLOW=$(/usr/libexec/Plistbuddy -c "Print :Entitlements:get-task-allow" "$WORKING_PROFILE_PLIST")
 
 echo "  APP_NAME = $APP_NAME"
 echo "  TEAM_IDENTIFIER = $TEAM_IDENTIFIER"
 echo "  APPLICATION_IDENTIFIER_PREFIX = $APPLICATION_IDENTIFIER_PREFIX"
 echo "  BUNDLE_IDENTIFIER = $BUNDLE_IDENTIFIER"
 echo "  APS_ENVIRONMENT = $APS_ENVIRONMENT"
 echo "  BETA_REPORTS = $BETA_REPORTS"
 echo "  PROVISIONING_GET_TASK_ALLOW = $PROVISIONING_GET_TASK_ALLOW"


 /usr/libexec/PlistBuddy -c "Add :application-identifier string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS"
 /usr/libexec/PlistBuddy -c "Add :get-task-allow bool $PROVISIONING_GET_TASK_ALLOW" "$ENTITLEMENTS"
 /usr/libexec/PlistBuddy -c "Add :keychain-access-groups array" "$ENTITLEMENTS"
 /usr/libexec/PlistBuddy -c "Add :keychain-access-groups:0 string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS"
 if [ $APS_ENVIRONMENT ]; then
    echo "Setting aps-environment=$APS_ENVIRONMENT" 
    /usr/libexec/PlistBuddy -c "Add :aps-environment string $APS_ENVIRONMENT" "$ENTITLEMENTS"
 fi
 if [ $BETA_REPORTS ]; then
    echo "Setting beta-reports-active=$BETA_REPORTS" 
    /usr/libexec/PlistBuddy -c "Add :beta-reports-active bool $BETA_REPORTS" "$ENTITLEMENTS"
 fi

 # Uncomment these lines if you are using AppleSignIn
 #/usr/libexec/PlistBuddy -c "Add :com.apple.developer.applesignin array" "$ENTITLEMENTS"
 #/usr/libexec/PlistBuddy -c "Add :com.apple.developer.applesignin:0 string Default" "$ENTITLEMENTS"


 #####################################
 echo "Sign Frameworks" 

 find $WORKING_DIR/Payload/$APP_NAME/Frameworks/ -name "*.framework" -exec codesign --force --sign "$SIGNING_IDENTITY" --generate-entitlement-der {} \;


 #####################################
 echo "Sign Application"
 codesign --force --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$WORKING_DIR/Payload/$APP_NAME" --verbose


 OUTPUT_IPA="$OUTPUT/"$IPA_NAME"_resigned.ipa"
 cd $WORKING_DIR
 zip -q --symlinks --recurse-paths "../.tmp_output.ipa" .
 cd ..
 mv ".tmp_output.ipa" "$OUTPUT_IPA"


 # Cleanup
 rm -Rf "$WORKING_DIR"
 # rm -f "$ENTITLEMENTS" 
 rm -f "$WORKING_PROFILE_PLIST"
 rm -f "$WORKING_PROFILE"
	#!/bin/bash

	#####################################
	## CONFIG

	# You need to set the values below for your application
	# We suggest they are full paths to the files.

	# The path to the ipa generated from your AIR application packaging
	IPA="/path/to/your/dist_app.ipa"

	# The distribution provisioning profile for your application
	PROVISIONING_PROFILE="/path/to/your/distribution_profile.mobileprovision"

	# The name of the signing identity. You get this by running the following in a terminal
	# and selecting the name of your distribution certificate:
	#
	# security find-identity -v -p codesigning
	SIGNING_IDENTITY="iPhone Distribution: Distriqt Pty Ltd (XXXXXXXXXX)"

	## END CONFIG
	#####################################




	OUTPUT=.
	WORKING_DIR=.tmp
	WORKING_PROFILE="profile.mobileprovision"
	IPA_NAME=$(basename ${IPA%.*})

	cp -f "$PROVISIONING_PROFILE" "$WORKING_PROFILE"

	rm -rf "$WORKING_DIR"
	unzip -qq -o $IPA -d $WORKING_DIR
	find . -iname '$WORKING_DIR/*.DS_Store' -delete

	rm -rf "$WORKING_DIR/Payload/$APP_NAME/_CodeSignature/"
	rm -f "$WORKING_DIR/Payload/$APP_NAME/embedded.mobileprovision"

	APP_NAME=$(ls -1 $WORKING_DIR/Payload)


	#####################################
	echo "Create Signing Entitlements"
	ENTITLEMENTS="$OUTPUT/Entitlements.plist"
	rm -f "$ENTITLEMENTS"
	WORKING_PROFILE_PLIST="$OUTPUT/$WORKING_PROFILE.plist"
	security cms -D -i "$WORKING_PROFILE" > "$WORKING_PROFILE_PLIST"


	TEAM_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :TeamIdentifier:0" "$WORKING_PROFILE_PLIST")
	APPLICATION_IDENTIFIER_PREFIX=$(/usr/libexec/Plistbuddy -c "Print :ApplicationIdentifierPrefix:0" "$WORKING_PROFILE_PLIST")
	BUNDLE_IDENTIFIER=$(/usr/libexec/Plistbuddy -c "Print :CFBundleIdentifier" "$WORKING_DIR/Payload/$APP_NAME/Info.plist")
	APS_ENVIRONMENT=$(/usr/libexec/Plistbuddy -c "Print Entitlements:aps-environment" "$WORKING_PROFILE_PLIST")
	BETA_REPORTS=$(/usr/libexec/Plistbuddy -c "Print Entitlements:beta-reports-active" "$WORKING_PROFILE_PLIST")
	PROVISIONING_GET_TASK_ALLOW=$(/usr/libexec/Plistbuddy -c "Print :Entitlements:get-task-allow" "$WORKING_PROFILE_PLIST")

	echo " APP_NAME = $APP_NAME"
	echo " TEAM_IDENTIFIER = $TEAM_IDENTIFIER"
	echo " APPLICATION_IDENTIFIER_PREFIX = $APPLICATION_IDENTIFIER_PREFIX"
	echo " BUNDLE_IDENTIFIER = $BUNDLE_IDENTIFIER"
	echo " APS_ENVIRONMENT = $APS_ENVIRONMENT"
	echo " BETA_REPORTS = $BETA_REPORTS"
	echo " PROVISIONING_GET_TASK_ALLOW = $PROVISIONING_GET_TASK_ALLOW"


	/usr/libexec/PlistBuddy -c "Add :application-identifier string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS"
	/usr/libexec/PlistBuddy -c "Add :get-task-allow bool $PROVISIONING_GET_TASK_ALLOW" "$ENTITLEMENTS"
	/usr/libexec/PlistBuddy -c "Add :keychain-access-groups array" "$ENTITLEMENTS"
	/usr/libexec/PlistBuddy -c "Add :keychain-access-groups:0 string $APPLICATION_IDENTIFIER_PREFIX.$BUNDLE_IDENTIFIER" "$ENTITLEMENTS"
	if [ $APS_ENVIRONMENT ]; then
	echo "Setting aps-environment=$APS_ENVIRONMENT"
	/usr/libexec/PlistBuddy -c "Add :aps-environment string $APS_ENVIRONMENT" "$ENTITLEMENTS"
	fi
	if [ $BETA_REPORTS ]; then
	echo "Setting beta-reports-active=$BETA_REPORTS"
	/usr/libexec/PlistBuddy -c "Add :beta-reports-active bool $BETA_REPORTS" "$ENTITLEMENTS"
	fi

	# Uncomment these lines if you are using AppleSignIn
	#/usr/libexec/PlistBuddy -c "Add :com.apple.developer.applesignin array" "$ENTITLEMENTS"
	#/usr/libexec/PlistBuddy -c "Add :com.apple.developer.applesignin:0 string Default" "$ENTITLEMENTS"


	#####################################
	echo "Sign Frameworks"

	find $WORKING_DIR/Payload/$APP_NAME/Frameworks/ -name "*.framework" -exec codesign --force --sign "$SIGNING_IDENTITY" --generate-entitlement-der {} \;


	#####################################
	echo "Sign Application"
	codesign --force --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$WORKING_DIR/Payload/$APP_NAME" --verbose


	OUTPUT_IPA="$OUTPUT/"$IPA_NAME"_resigned.ipa"
	cd $WORKING_DIR
	zip -q --symlinks --recurse-paths "../.tmp_output.ipa" .
	cd ..
	mv ".tmp_output.ipa" "$OUTPUT_IPA"


	# Cleanup
	rm -Rf "$WORKING_DIR"
	# rm -f "$ENTITLEMENTS"
	rm -f "$WORKING_PROFILE_PLIST"
	rm -f "$WORKING_PROFILE"