resignios 0.1.1

data/lib/resign/commands_generator.rb

@@ -0,0 +1,58 @@
+require 'rubygems'
+require 'commander/import'
+
+require 'colored2'
+require 'version'
+require_relative 'resign'
+
+module Sigh
+  class CommandsGenerator
+
+  def self.start
+    self.new.run
+  end
+
+  def run
+    program :name, 'resignios'
+    program :version, Resignios::VERSION
+    program :description, 'ios resign tool.'
+
+    command :ipa do |c|
+      c.syntax = 'resignios ipa'
+      c.description = 'Resigns an existing ipa file with the given provisioning profile'
+      c.option '-i', '--signing_identity STRING', String, 'The signing identity to use. Must match the one defined in the provisioning profile.'
+      c.option '-x', '--version_number STRING', String, 'Version number to force binary and all nested binaries to use. Changes both CFBundleShortVersionString and CFBundleIdentifier.'
+      c.option '-p', '--provisioning_profile PATH', String, '(or BUNDLE_ID=PATH) The path to the provisioning profile which should be used. '\
+                'Can be provided multiple times if the application contains nested applications and app extensions, which need their own provisioning profile. '\
+                'The path may be prefixed with a identifier in order to determine which provisioning profile should be used on which app.',
+                &multiple_values_option_proc(c, "provisioning_profile", &proc { |value| value.split('=', 2) })
+      c.option '-d', '--display_name STRING', String, 'Display name to use'
+      c.option '-e', '--entitlements PATH', String, 'The path to the entitlements file to use.'
+      c.option '--short_version STRING', String, 'Short version string to force binary and all nested binaries to use (CFBundleShortVersionString).'
+      c.option '--bundle_version STRING', String, 'Bundle version to force binary and all nested binaries to use (CFBundleVersion).'
+      c.option '--use_app_entitlements', 'Extract app bundle codesigning entitlements and combine with entitlements from new provisionin profile.'
+      c.option '-g', '--new_bundle_id STRING', String, 'New application bundle ID (CFBundleIdentifier)'
+      c.option '--remove_plugins', 'Remove new Application plugins'
+      c.option '--keychain_path STRING', String, 'Path to the keychain that /usr/bin/codesign should use'
+      c.option '-o', '--output_path STRING', String, 'Output IPA Path.'
+      c.action do |args, options|
+        Sigh::Resign.new.run(options, args)
+      end
+    end
+  
+    default_command :ipa
+  end
+
+  def multiple_values_option_proc(command, name)
+    proc do |value|
+      value = yield(value) if block_given?
+      option = command.proxy_options.find { |opt| opt[0] == name } || []
+      values = option[1] || []
+      values << value
+  
+      command.proxy_options.delete option
+      command.proxy_options << [name, values]
+    end
+  end
+end
+end

data/lib/resign/resign.rb

@@ -0,0 +1,194 @@
+require 'shellwords'
+
+module Sigh
+    class Resign
+        def run(options, args)
+            # get the command line inputs and parse those into the vars we need...
+            ipa, signing_identity, provisioning_profiles, entitlements, version, display_name, short_version, bundle_version, new_bundle_id, use_app_entitlements, remove_plugins, keychain_path, output_path = get_inputs(options, args)
+            # ... then invoke our programmatic interface with these vars
+            unless resign(ipa, signing_identity, provisioning_profiles, entitlements, version, display_name, short_version, bundle_version, new_bundle_id, use_app_entitlements, remove_plugins, keychain_path, output_path)
+                puts "Failed to re-sign .ipa".red
+            end
+        end
+
+        def find_resign_path
+            File.expand_path('../../assets/resign.sh', __FILE__)
+        end
+
+        def resign(ipa, signing_identity, provisioning_profiles, entitlements, version, display_name, short_version, bundle_version, new_bundle_id, use_app_entitlements, remove_plugins, keychain_path, output_path)
+            resign_path = find_resign_path
+            signing_identity = find_signing_identity(signing_identity)
+      
+            unless provisioning_profiles.kind_of?(Enumerable)
+              provisioning_profiles = [provisioning_profiles]
+            end
+      
+            # validate that we have valid values for all these params, we don't need to check signing_identity because `find_signing_identity` will only ever return a valid value
+            validate_params(resign_path, ipa, provisioning_profiles)
+            entitlements = "-e #{entitlements.shellescape}" if entitlements
+      
+            provisioning_options = create_provisioning_options(provisioning_profiles)
+            version = "-n #{version}" if version
+            display_name = "-d #{display_name.shellescape}" if display_name
+            short_version = "--short-version #{short_version}" if short_version
+            bundle_version = "--bundle-version #{bundle_version}" if bundle_version
+            verbose = "-v" if $verbose
+            bundle_id = "-b '#{new_bundle_id}'" if new_bundle_id
+            use_app_entitlements_flag = "--use-app-entitlements" if use_app_entitlements
+            remove_plugins_flag = "--remove-plugins" if remove_plugins
+            specific_keychain = "--keychain-path #{keychain_path.shellescape}" if keychain_path
+      
+            command = [
+              resign_path.shellescape,
+              ipa.shellescape,
+              signing_identity.shellescape,
+              provisioning_options, # we are aleady shellescaping this above, when we create the provisioning_options from the provisioning_profiles
+              entitlements,
+              version,
+              display_name,
+              short_version,
+              bundle_version,
+              use_app_entitlements_flag,
+              remove_plugins_flag,
+              verbose,
+              bundle_id,
+              output_path || ipa.shellescape,
+              specific_keychain
+            ].join(' ')
+      
+            puts command.magenta
+            puts `#{command}`
+      
+            if $?.to_i == 0
+              puts "Successfully signed #{ipa}!"
+              true
+            else
+              puts "Something went wrong while code signing #{ipa}".red
+              false
+            end
+        end
+
+        def find_signing_identity(signing_identity)
+            until (signing_identity = sha1_for_signing_identity(signing_identity))
+              puts "Couldn't find signing identity '#{signing_identity}'.".red
+              signing_identity = ask_for_signing_identity
+            end
+      
+            signing_identity
+        end
+
+        def sha1_for_signing_identity(signing_identity)
+            identities = installed_identities
+            return signing_identity if identities.keys.include?(signing_identity)
+            identities.key(signing_identity)
+        end
+
+        def create_provisioning_options(provisioning_profiles)
+            # provisioning_profiles is passed either a hash (to be able to resign extensions/nested apps):
+            # (in that case the underlying resign.sh expects values given as "-p at.fastlane=/folder/mobile.mobileprovision -p at.fastlane.today=/folder/mobile.mobileprovision")
+            #   {
+            #     "at.fastlane" => "/folder/mobile.mobileprovision",
+            #     "at.fastlane.today" => "/folder/mobile.mobileprovision"
+            #   }
+            # or an array
+            # (resign.sh also takes "-p /folder/mobile.mobileprovision" as a param)
+            #   [
+            #        "/folder/mobile.mobileprovision"
+            #   ]
+            provisioning_profiles.map do |app_id, app_id_prov|
+              if app_id_prov
+                app_id_prov = File.expand_path(app_id_prov)
+              else
+                app_id = File.expand_path(app_id)
+              end
+              "-p #{[app_id, app_id_prov].compact.map(&:shellescape).join('=')}"
+            end.join(' ')
+        end
+
+        def validate_params(resign_path, ipa, provisioning_profiles)
+            validate_resign_path(resign_path)
+            validate_ipa_file(ipa)
+            provisioning_profiles.each { |fst, snd| validate_provisioning_file(snd || fst) }
+        end
+
+        def validate_resign_path(resign_path)
+            puts 'Could not find resign.sh file. Please try re-installing the gem'.red unless File.exist?(resign_path)
+        end
+    
+        def validate_ipa_file(ipa)
+            puts "ipa file could not be found or is not an ipa file (#{ipa})".red unless File.exist?(ipa) && ipa.end_with?('.ipa')
+        end
+    
+        def validate_provisioning_file(provisioning_profile)
+            unless File.exist?(provisioning_profile) && provisioning_profile.end_with?('.mobileprovision')
+                puts "Provisioning profile file could not be found or is not a .mobileprovision file (#{provisioning_profile})".red
+            end
+        end
+
+        def get_inputs(options, args)
+            ipa = args.first || self.input('Path to ipa file: ')
+            signing_identity = options.signing_identity || ask_for_signing_identity
+            provisioning_profiles = options.provisioning_profile || self.input('Path to provisioning file: ')
+            entitlements = options.entitlements || nil
+            version = options.version_number || nil
+            display_name = options.display_name || nil
+            short_version = options.short_version || nil
+            bundle_version = options.bundle_version || nil
+            new_bundle_id = options.new_bundle_id || nil
+            use_app_entitlements = options.use_app_entitlements || nil
+            remove_plugins = options.remove_plugins || (options.provisioning_profile.nil? ? true : false)
+            keychain_path = options.keychain_path || nil
+            output_path = options.output_path || ask_for_output_ipa_path
+            
+            if options.provisioning_name
+              puts "The provisioning_name (-n) option is not applicable to resign. You should use provisioning_profile (-p) instead".yellow
+            end
+      
+            return ipa, signing_identity, provisioning_profiles, entitlements, version, display_name, short_version, bundle_version, new_bundle_id, use_app_entitlements, remove_plugins, keychain_path, output_path
+        end
+
+        def ask_for_signing_identity
+            descriptions = []
+            installed_identities.group_by { |sha1, name| name }.each do |name, identities|
+              descriptions << name
+              # Show SHA-1 for homonymous identities
+              descriptions += identities.map do |sha1, _|
+                "\t#{sha1}"
+              end
+            end
+            puts "Available identities: \n\t#{descriptions.join("\n\t")}\n"
+            self.input('Signing Identity: ')
+        end
+
+        # Hash of available signing identities
+        def installed_identities
+            available = `security find-identity -v -p codesigning`
+            ids = {}
+            available.split("\n").each do |current|
+                begin
+                    sha1 = current.match(/[a-zA-Z0-9]{40}/).to_s
+                    name = current.match(/.*\"(.*)\"/)[1]
+                    ids[sha1] = name
+                rescue
+                    nil
+                end # the last line does not match
+            end
+    
+            ids
+        end
+
+        def ask_for_output_ipa_path
+            output_path = self.input('Output path to ipa file: ')
+            unless output_path.end_with?('.ipa')
+                puts "Output path to ipa file error.".yellow
+                return nil
+            end
+            output_path
+        end
+
+        def input(message)
+            print "#{message}".red
+            STDIN.gets.chomp.strip
+        end
+    end
+end

data/lib/tool/command/cert.rb

@@ -0,0 +1,31 @@
+
+module ResignTool
+    class Command
+        class Cert < Command
+            self.summary = "列出本机安装的所有证书信息"
+            self.description = '列出本机安装的所有证书信息'
+            self.command = "cert"
+            self.abstract_command = false
+            self.arguments = [
+            ]
+            def self.options
+                [
+                    ["--valid", "输出有效证书"],
+                    ["--codesigning", "只输出用于iOS签名的证书信息"]
+                ]
+            end
+            def initialize(argv)
+                @valid = argv.flag?("valid", true)
+                @codesigning = argv.flag?("codesigning", false)
+                super
+            end
+            def validate!
+                super
+            end
+            def run
+                command = 'security find-identity' << (@valid ? ' -v' : '') << (@codesigning ? ' -p codesigning' : '')
+                exec "#{command}"
+            end
+        end
+    end
+end

data/lib/tool/command/provisioning.rb

@@ -0,0 +1,80 @@
+module ResignTool
+    class Command
+        class Provisioning < Command
+            self.summary = '展示和清除本机安装的描述文件'
+            self.description = '展示和清除本机安装的描述文件'
+            self.command = 'provisioning'
+            self.arguments = [
+                CLAide::Argument.new('Provisioning Profiles Path', false)
+            ]
+            def self.options
+                [
+                    ["--list", "列出本机安装的所有描述文件"],
+                    ["--clean", "清除本机已安装的所有描述文件"]
+                ]
+            end
+
+            def initialize(argv)
+                @list = argv.flag?("list", true)
+                @clean = argv.flag?("clean", false)
+
+                @profile_path = argv.shift_argument || "~/Library/MobileDevice/Provisioning\ Profiles/"
+                super
+            end
+  
+            def validate!
+              super
+            end
+  
+            def run
+                @profile_path = File.expand_path(@profile_path)
+                if !File.exist?(@profile_path)
+                    puts "没有找到`mobile provision`的安装路径, #{@profile_path}"
+                    return
+                end
+
+                if @clean
+                    clean_pp
+                else
+                    find_pp
+                end
+            end
+            
+            private
+            def clean_pp
+                FileUtils.chdir(@profile_path)
+
+                Dir.glob("*.mobileprovision").each do |file|
+                    FileUtils.rm_rf(file)
+                end
+                puts "mobileprovision files clean success"
+            end
+
+            def find_pp
+                FileUtils.chdir(@profile_path)
+
+                index = 0
+                Dir.glob("*.mobileprovision").each do |file|
+                    name = print_pp_info("Name", file)
+                    identifier = print_pp_info("Entitlements:application-identifier", file)
+                    uuid = print_pp_info("UUID", file) || ''
+                    team_name = print_pp_info("TeamName", file) || ''
+                    create_date = print_pp_info("CreationDate", file) || ''
+                    expiration_date = print_pp_info("ExpirationDate", file) || ''
+
+                    puts "#{index += 1})".red " #{name}".green
+                    puts "   application-identifier: ".yellow "#{identifier}".green
+                    puts "   UUID: ".yellow "#{uuid}".green
+                    puts "   TeamName: ".yellow "#{team_name}".green
+                    puts "   CreationDate: ".yellow "#{create_date}".green
+                    puts "   ExpirationDate: ".yellow "#{expiration_date}".green
+                end
+            end
+            
+            def print_pp_info(name, file)
+                command = "/usr/libexec/PlistBuddy -c 'Print :#{name}' /dev/stdin <<< $(security cms -D -u 11 -i #{file})"
+                `#{command}`.lines.to_a.first.strip! || ''
+            end
+        end
+    end
+end

data/lib/tool/resigntool.rb

@@ -0,0 +1,33 @@
+require 'claide'
+require 'colored2'
+require 'version'
+
+module ResignTool
+    class Command < CLAide::Command
+        self.summary = "iOS重签名"
+        self.description = 'ipa包重签名信息查看，证书、描述文件等'
+        self.command = "resigntool"
+        self.abstract_command = true
+        def self.options
+            [
+                ["--version", "Show sign tool version"]
+            ]
+        end
+        def initialize(argv)
+            @version = argv.flag?("version", false)
+            super
+        end
+        def validate!
+            if @version
+                puts "#{Resignios::VERSION}"
+                return
+            end
+            super
+        end
+        def run
+        end
+    end
+end
+
+require_relative 'command/cert'
+require_relative 'command/provisioning'

data/lib/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Resignios
+  VERSION = "0.1.1"
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: resignios
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Cary
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-09-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: claide
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: colored2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: commander
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shellwords
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: iOS重签名工具，基于fastlane sigh命令做了些许修改
+email:
+- guojiashuang@live.com
+executables:
+- resigntool
+- resign
+- resignios
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- bin/resign
+- bin/resignios
+- bin/resigntool
+- lib/assets/resign.sh
+- lib/resign/commands_generator.rb
+- lib/resign/resign.rb
+- lib/tool/command/cert.rb
+- lib/tool/command/provisioning.rb
+- lib/tool/resigntool.rb
+- lib/version.rb
+homepage: https://github.com/CaryGo/resignios
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: iOS重签名工具，基于fastlane sigh命令做了些许修改
+test_files: []