howsigned 0.0.2 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/howsigned +7 -40
- data/lib/entitlements.rb +38 -0
- data/lib/extract_zip.rb +12 -0
- data/lib/profiles.rb +33 -0
- data/lib/validate_ipa.rb +9 -0
- data/lib/verify.rb +40 -0
- metadata +20 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 39da123c01e7a3a8e46966e6b8b503d72491178e
|
4
|
+
data.tar.gz: e804e937c4be505827b3b105a3ffa22d35d4fea2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6027d20b39f6940b005b23ff8db9a29a48f505bbdb2e88bbd59451a4d04d430f612e267b54212d39933bb9865987aaa83eddb13ecd5ac327496fe969dd166aca
|
7
|
+
data.tar.gz: e88ac8a53c40c1c00c8b689c8119377e80b08c70eeadf023cfbfc536aff4246d02a46fa16992fdcebf0ad97eca5cd925403b0fea0f9ecc642c5c3134ee47f353
|
data/bin/howsigned
CHANGED
@@ -1,45 +1,12 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
|
-
|
4
|
-
|
3
|
+
require 'rubygems'
|
4
|
+
require 'commander/import'
|
5
5
|
|
6
|
-
require '
|
7
|
-
require '
|
8
|
-
require '
|
6
|
+
require 'entitlements'
|
7
|
+
require 'profiles'
|
8
|
+
require 'verify'
|
9
9
|
|
10
|
-
|
11
|
-
|
12
|
-
@file ||= case files.length
|
13
|
-
when 0 then nil
|
14
|
-
when 1 then files.first
|
15
|
-
else
|
16
|
-
@file = choose "Select an .ipa", *files
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
validate_ipa! unless @file = ARGV[0]
|
21
|
-
puts "Missing or unspecified .ipa file" and abort unless @file and ::File.exist?(@file)
|
22
|
-
|
23
|
-
tempdir = ::File.new(Dir.mktmpdir)
|
24
|
-
unzip = `unzip "#{@file}" -d "#{tempdir.path}"`
|
25
|
-
|
26
|
-
entitlements_hash = Hash.new
|
27
|
-
|
28
|
-
# .app
|
29
|
-
Dir.glob("#{tempdir.path}/**/*.app") do |file|
|
30
|
-
entitlements = `codesign -d --entitlements :- "#{file}" 2>&1`
|
31
|
-
plist_entitlements = Plist::parse_xml(entitlements)
|
32
|
-
application_identifier = plist_entitlements["application-identifier"]
|
33
|
-
entitlements_hash[application_identifier] = plist_entitlements
|
34
|
-
end
|
35
|
-
|
36
|
-
# .appex
|
37
|
-
Dir.glob("#{tempdir.path}/**/*.appex") do |file|
|
38
|
-
entitlements = `codesign -d --entitlements :- "#{file}" 2>&1`
|
39
|
-
plist_entitlements = Plist::parse_xml(entitlements)
|
40
|
-
application_identifier = plist_entitlements["application-identifier"]
|
41
|
-
entitlements_hash[application_identifier] = plist_entitlements
|
42
|
-
end
|
43
|
-
|
44
|
-
puts entitlements_hash.to_plist
|
10
|
+
program :version, '0.0.4'
|
11
|
+
program :description, 'Utility to determine codesigning on contained binaries in an .ipa'
|
45
12
|
|
data/lib/entitlements.rb
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
# Heavily inspired by Shenzhen's `ipa info`
|
2
|
+
# https://github.com/nomad/shenzhen/blob/master/lib/shenzhen/commands/info.rb
|
3
|
+
|
4
|
+
require 'plist'
|
5
|
+
require 'zip'
|
6
|
+
require 'zip/filesystem'
|
7
|
+
require 'validate_ipa'
|
8
|
+
require 'extract_zip'
|
9
|
+
|
10
|
+
def append_entitlements(path, entitlements_hash)
|
11
|
+
Dir.glob(path) do |file|
|
12
|
+
entitlements = `codesign -d --entitlements :- "#{file}" 2>&1`
|
13
|
+
plist_entitlements = Plist::parse_xml(entitlements)
|
14
|
+
application_identifier = plist_entitlements["application-identifier"]
|
15
|
+
entitlements_hash[application_identifier] = plist_entitlements
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
command :entitlements do |c|
|
20
|
+
c.syntax = 'howsigned entitlements [.ipa file]'
|
21
|
+
c.description = 'Prints entitlements of specified .ipa in plist format'
|
22
|
+
c.action do |args, options|
|
23
|
+
validate_ipa! unless @file = args.pop
|
24
|
+
puts "Missing or unspecified .ipa file" and abort unless @file and ::File.exist?(@file)
|
25
|
+
|
26
|
+
tempdir = ::File.new(Dir.mktmpdir)
|
27
|
+
extract_zip(@file, tempdir)
|
28
|
+
|
29
|
+
entitlements_hash = Hash.new
|
30
|
+
|
31
|
+
append_entitlements("#{tempdir.path}/**/*.app", entitlements_hash)
|
32
|
+
append_entitlements("#{tempdir.path}/**/*.appex", entitlements_hash)
|
33
|
+
|
34
|
+
puts entitlements_hash.to_plist
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
|
data/lib/extract_zip.rb
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'zip'
|
2
|
+
|
3
|
+
def extract_zip(file, destination)
|
4
|
+
FileUtils.mkdir_p(destination)
|
5
|
+
|
6
|
+
Zip::File.open(file) do |zip_file|
|
7
|
+
zip_file.each do |f|
|
8
|
+
fpath = File.join(destination, f.name)
|
9
|
+
zip_file.extract(f, fpath) unless File.exist?(fpath)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/lib/profiles.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'plist'
|
2
|
+
require 'zip'
|
3
|
+
require 'zip/filesystem'
|
4
|
+
require 'validate_ipa'
|
5
|
+
require 'extract_zip'
|
6
|
+
|
7
|
+
def get_profiles(path)
|
8
|
+
profiles = Hash.new
|
9
|
+
Dir.glob(path) do |file|
|
10
|
+
profile = `security cms -D -i "#{file}" 2>&1`
|
11
|
+
plist_profile = Plist::parse_xml(profile)
|
12
|
+
app_id = plist_profile["AppIDName"]
|
13
|
+
profiles[app_id] = plist_profile
|
14
|
+
end
|
15
|
+
|
16
|
+
return profiles.to_plist
|
17
|
+
end
|
18
|
+
|
19
|
+
command :profiles do |c|
|
20
|
+
c.syntax = 'howsigned profiles [.ipa file]'
|
21
|
+
c.description = 'Prints embedded profiles of specified .ipa in plist format'
|
22
|
+
c.action do |args, options|
|
23
|
+
validate_ipa! unless @file = args.pop
|
24
|
+
puts "Missing or unspecified .ipa file" and abort unless @file and ::File.exist?(@file)
|
25
|
+
|
26
|
+
tempdir = ::File.new(Dir.mktmpdir)
|
27
|
+
extract_zip(@file, tempdir)
|
28
|
+
|
29
|
+
puts get_profiles("#{tempdir.path}/**/*.mobileprovision")
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
|
data/lib/validate_ipa.rb
ADDED
data/lib/verify.rb
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'plist'
|
2
|
+
require 'zip'
|
3
|
+
require 'zip/filesystem'
|
4
|
+
require 'validate_ipa'
|
5
|
+
require 'extract_zip'
|
6
|
+
|
7
|
+
def verify_binaries(path)
|
8
|
+
Dir.glob(path) do |file|
|
9
|
+
codesign = `codesign --verify "#{file}" 2>&1`
|
10
|
+
if(!codesign.to_s.empty?)
|
11
|
+
puts codesign
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
command :verify do |c|
|
17
|
+
c.syntax = 'howsigned verify [.ipa file]'
|
18
|
+
c.description = 'Verifies the code signature of all binaries contained within the .ipa, will return nothing if signed correctly'
|
19
|
+
c.action do |args, options|
|
20
|
+
validate_ipa! unless @file = args.pop
|
21
|
+
puts "Missing or unspecified .ipa file" and abort unless @file and ::File.exist?(@file)
|
22
|
+
|
23
|
+
tempdir = ::File.new(Dir.mktmpdir)
|
24
|
+
extract_zip(@file, tempdir)
|
25
|
+
|
26
|
+
entitlements_hash = Hash.new
|
27
|
+
|
28
|
+
app_codesign = verify_binaries("#{tempdir.path}/**/*.app")
|
29
|
+
if(!app_codesign.to_s.empty?)
|
30
|
+
puts app_codesign
|
31
|
+
end
|
32
|
+
|
33
|
+
appex_codesign = verify_binaries("#{tempdir.path}/**/*.appex")
|
34
|
+
if(!appex_codesign.to_s.empty?)
|
35
|
+
puts appex_codesign
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: howsigned
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael MacDougall
|
@@ -38,6 +38,20 @@ dependencies:
|
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '1.1'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: commander
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '4.3'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '4.3'
|
41
55
|
description: Utility to see how the contained binaries within an .ipa are signed
|
42
56
|
email: mmacdougall@etsy.com
|
43
57
|
executables:
|
@@ -46,6 +60,11 @@ extensions: []
|
|
46
60
|
extra_rdoc_files: []
|
47
61
|
files:
|
48
62
|
- bin/howsigned
|
63
|
+
- lib/entitlements.rb
|
64
|
+
- lib/extract_zip.rb
|
65
|
+
- lib/profiles.rb
|
66
|
+
- lib/validate_ipa.rb
|
67
|
+
- lib/verify.rb
|
49
68
|
homepage: http://www.etsy.com
|
50
69
|
licenses:
|
51
70
|
- MIT
|