Skip to content

Instantly share code, notes, and snippets.

@WeptunUser

WeptunUser/floatsign.sh

Forked from mediabounds/floatsign.sh
Last active January 1, 2022 21:23
Show Gist options
  • Save WeptunUser/5406993 to your computer and use it in GitHub Desktop.
Save WeptunUser/5406993 to your computer and use it in GitHub Desktop.
Download ZIP
Now fix when no entitlements are present.
Raw
floatsign.sh
# !/bin/bash
# Copyright (c) 2011 Float Mobile Learning
# http://www.floatlearning.com/
# Extension Copyright (c) 2013 Weptun Gmbh
# http://www.weptun.de
#
# Extended by Ronan O Ciosoig January 2012
#
# Extended by Patrick Blitz, April 2013
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Please let us know about any improvements you make to this script!
# ./floatsign source "iPhone Distribution: Name" -p "path/to/profile" [-d "display name"] [-e entitlements] [-k keychain] -b "BundleIdentifier" outputIpa
#
#
# Modifed 26th January 2012
#
# new features January 2012:
# 1. change the app display name
#
# new features April 2013
# 1. specify the target bundleId on the command line
# 2. correctly handles entitlements for keychain-enabled resigning
#
function checkStatus {
if [ $? -ne 0 ];
then
echo "Had an Error, aborting!"
exit 1
fi
}
if [ $# -lt 3 ]; then
echo "usage: $0 source identity -p provisioning [-e entitlements] [-d displayName] -b bundleId outputIpa" >&2
echo "\t\t -p and -b are optional, but their use is heavly recommonded" >&2
exit 1
fi
ORIGINAL_FILE="$1"
CERTIFICATE="$2"
NEW_PROVISION=
ENTITLEMENTS=
BUNDLE_IDENTIFIER=""
DISPLAY_NAME=""
PROVISIONING_PROFILE_PREFIX=""
KEYCHAIN=""
# options start index
OPTIND=3
while getopts p:d:e:k:b: opt; do
case $opt in
p)
NEW_PROVISION="$OPTARG"
echo "Specified provisioning profile: $NEW_PROVISION" >&2
;;
d)
DISPLAY_NAME="$OPTARG"
echo "Specified display name: $DISPLAY_NAME" >&2
;;
e)
ENTITLEMENTS="$OPTARG"
echo "Specified signing entitlements: $ENTITLEMENTS" >&2
;;
b)
BUNDLE_IDENTIFIER="$OPTARG"
echo "Specified bundle identifier: $BUNDLE_IDENTIFIER " >&2
;;
k)
KEYCHAIN="$OPTARG"
echo "Specified Keychain to use: $KEYCHAIN " >&2
;;
\?)
echo "Invalid option: -$OPTARG" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument." >&2
exit 1
;;
esac
done
shift $((OPTIND-1))
NEW_FILE="$1"
# Check if the supplied file is an ipa or an app file
if [ "${ORIGINAL_FILE#*.}" = "ipa" ]
then
# Unzip the old ipa quietly
unzip -q "$ORIGINAL_FILE" -d temp
checkStatus
elif [ "${ORIGINAL_FILE#*.}" = "app" ]
then
# Copy the app file into an ipa-like structure
mkdir -p "temp/Payload"
cp -Rf "${ORIGINAL_FILE}" "temp/Payload/${ORIGINAL_FILE}"
checkStatus
else
echo "Error: Only can resign .app files and .ipa files." >&2
exit
fi
# check the keychain
if [ "${KEYCHAIN}" != "" ];
then
security list-keychains -s $KEYCHAIN
security unlock $KEYCHAIN
security default-keychain -s $KEYCHAIN
fi
# Set the app name
# The app name is the only file within the Payload directory
APP_NAME=$(ls temp/Payload/)
echo "APP_NAME=$APP_NAME" >&2
export PATH=$PATH:/usr/libexec
CURRENT_NAME=`PlistBuddy -c "Print :CFBundleDisplayName" "temp/Payload/$APP_NAME/Info.plist"`
CURRENT_BUNDLE_IDENTIFIER=`PlistBuddy -c "Print :CFBundleIdentifier" "temp/Payload/$APP_NAME/Info.plist"`
if [ "${BUNDLE_IDENTIFIER}" == "" ];
then
BUNDLE_IDENTIFIER=`egrep -a -A 2 application-identifier "${NEW_PROVISION}" | grep string | sed -e 's/<string>//' -e 's/<\/string>//' -e 's/ //' | awk '{split($0,a,"."); i = length(a); for(ix=2; ix <= i;ix++){ s=s a[ix]; if(i!=ix){s=s "."};} print s;}'`
if [[ "${BUNDLE_IDENTIFIER}" == *\** ]]; then
echo "Bundle Identifier contains a *, using the current bundle identifier";
BUNDLE_IDENTIFIER=$CURRENT_BUNDLE_IDENTIFIER;
fi
checkStatus
fi
echo "Bundle Identifier is ${BUNDLE_IDENTIFIER}"
if [ "${DISPLAY_NAME}" != "" ];
then
echo "read Info.plist file" "temp/Payload/$ORIGINAL_FILE/Info.plist"
# CURRENT_NAME=/usr/libexec/PlistBuddy -c "Print :CFBundleDisplayName" "temp/Payload/$ORIGINAL_FILE/Info.plist"
echo "Changing display name from $CURRENT_NAME to " $DISPLAY_NAME
`PlistBuddy -c "Set :CFBundleDisplayName $DISPLAY_NAME" "temp/Payload/$APP_NAME/Info.plist"`
# PlistBuddy -c "Set :CFBundleDisplayName $DISPLAY_NAME" temp/Payload/$ORIGINAL_FILE/Info.plist
fi
# Replace the embedded mobile provisioning profile
if [ "$NEW_PROVISION" != "" ];
then
echo "Adding the new provision: $NEW_PROVISION"
ENTITLEMENTS_TEMP=`/usr/bin/codesign -d --entitlements - "temp/Payload/$APP_NAME" | sed -E -e '1d'`
if [ -n "$ENTITLEMENTS_TEMP" ]; then
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>$ENTITLEMENTS_TEMP" > temp/newEntitlements
fi
# echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>`/usr/bin/codesign -d --entitlements - "temp/Payload/$APP_NAME" | sed -E -e '1d'`" > temp/newEntitlements
cp "$NEW_PROVISION" "temp/Payload/$APP_NAME/embedded.mobileprovision"
PROVISIONING_PROFILE_PREFIX=`grep '<key>application-identifier</key>' "temp/Payload/$APP_NAME/embedded.mobileprovision" -A 1 --binary-files=text | sed -E -e '/<key>/ d' -e 's/(^.*<string>)//' -e 's/([A-Z0-9]*)(.*)/\1/'`
checkStatus
fi
#if the current bundle identifier is different from the new one in the provisioning profile, then change it.
if [ "$CURRENT_BUNDLE_IDENTIFIER" != "$BUNDLE_IDENTIFIER" ];
then
echo "Update the bundle identifier"
`PlistBuddy -c "Set :CFBundleIdentifier $BUNDLE_IDENTIFIER" "temp/Payload/$APP_NAME/Info.plist"`
checkStatus
fi
# Resign the application
echo "Resigning application using certificate: $CERTIFICATE" >&2
if [ "$ENTITLEMENTS" != "" ];
then
echo "Using Entitlements: $ENTITLEMENTS" >&2
/usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$ENTITLEMENTS" --resource-rules="temp/Payload/$APP_NAME/ResourceRules.plist" "temp/Payload/$APP_NAME"
checkStatus
else
if [ "$PROVISIONING_PROFILE_PREFIX" != "" ] && [ -s temp/newEntitlements ];
#if [ -s temp/newEntitlements ];
then
# extract current entitlements
PlistBuddy -c "Set :application-identifier ${PROVISIONING_PROFILE_PREFIX}.${BUNDLE_IDENTIFIER}" temp/newEntitlements
checkStatus
PlistBuddy -c "Set :keychain-access-groups:0 ${PROVISIONING_PROFILE_PREFIX}.${BUNDLE_IDENTIFIER}" temp/newEntitlements
checkStatus
PlistBuddy -c "Set :com.apple.developer.team-identifier ${PROVISIONING_PROFILE_PREFIX}" temp/newEntitlements
checkStatus
plutil -lint temp/newEntitlements
checkStatus
/usr/bin/codesign -f -s "$CERTIFICATE" --resource-rules="temp/Payload/$APP_NAME/ResourceRules.plist" --entitlements="temp/newEntitlements" "temp/Payload/$APP_NAME"
checkStatus
rm temp/newEntitlements
else
/usr/bin/codesign -f -s "$CERTIFICATE" --resource-rules="temp/Payload/$APP_NAME/ResourceRules.plist" "temp/Payload/$APP_NAME"
fi
fi
# Repackage quietly
echo "Repackaging as $NEW_FILE"
# Zip up the contents of the temp folder
# Navigate to the temporary directory (sending the output to null)
# Zip all the contents, saving the zip file in the above directory
# Navigate back to the orignating directory (sending the output to null)
pushd temp > /dev/null
zip -qr ../temp.ipa *
popd > /dev/null
# Move the resulting ipa to the target destination
mv temp.ipa "$NEW_FILE"
# Remove the temp directory
rm -rf "temp"
@phadatareshankar
Copy link

Can anybody tell me the steps how to run the script to resign ipa file, i tried to run but getting error like "Only can resign .app files and .ipa files.". Also possible whats do i need to do pre setup for resigning any ipa with new provisioning profile.

@VooDooChicken
Copy link

Hi, I tried to run this script with something like

sh floatsign.sh myapp.ipa ABC123ASD -p "myapp working dir/myapp_distribution.mobileprovision" -d "My App" -b com.mysite.myapp myappresigned.ipa

I keep getting this error (copy paste except for certificate name)

Resigning application using certificate: ABC123ASD
Set: Entry, ":keychain-access-groups:0", Does Not Exist
Had an Error, aborting!

I am not familiar with codesign command, but if I run codesign -s ABC123ASD myapp.ipa, I get a message that the file is already signed, and if I change the certificate id it will give an error, so it recognizes the string ABC123ASD as a certificate; I also see that inside the script it is called codesign, but there are some things about an optional keychain. I commented those lines about the keychain (added a # before each line that checked if there was a -k parameter), still the same result. any pointers?

thanks in advance

@deepakrout
Copy link

I was getting same issue, but when I passed the entitlement in the command with -e flag it worked.

Somthing like this....

sh floatsign.sh myapp.ipa ABC123ASD -p "myapp working dir/myapp_distribution.mobileprovision" -d "My App" -e entitlements.plist -b com.mysite.myapp myappresigned.ipa

Good luck!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment