问题
I have an .ipa file which I need to resign. I tried doing it as explained on the objc.io blog:
$ codesign -f -s 'iPhone Developer: Thomas Kollbach (7TPNXN7G6K)' Example.app
However this is insufficient. When I do codesign I get something like this:
$ codesign -d --entitlements - Example.app/Example
Executable=/Users/myuser/Payload/Example.app/Example
I don't get any entitlements listed.
However if I do codesign -d --entitlements on the original IPA file from xCode I get:
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>UFAYDHAUP.com.company.example</string>
<key>aps-environment</key>
<string>production</string>
<key>beta-reports-active</key>
<true/>
<key>com.apple.developer.team-identifier</key>
<string>UFAYDHAUP</string>
<key>get-task-allow</key>
<false/>
<key>keychain-access-groups</key>
<array>
<string>UFAYDHAUP.com.company.example</string>
</array>
</dict>
</plist>
I tried the line below
codesign --entitlements Example.app/archived-expanded-entitlements.xcent -f -s 'iPhone Developer: Thomas Kollbach (7TPNXN7G6K)' Example.app
But the following keys are not included:
- beta-reports-activ
- get-task-allow
So how am I supposed to do this? I don't have an entitlements file, in xCode 7, one only checks Capabilities. And all I have is Apple Push notifications.
Finally to clarify my requirements:
- I will not change App ID or use different provisioning profile or code signing identity compared to what xCode exports.
- Only the main executable is changed with a tool, which is why a resign is needed.
回答1:
The answer is actually quite self evident in the question itself. The output from:
$ codesign -d --entitlements - Example.app/Example
Is actually a perfectly valid entitlements file. So you can store the output from the original .ipa exported from xCode by writing:
$ codesign -d --entitlements entitlements.xml Example.app/Example
This will store the entitlements in entitlements.xml which you can then use in an argument to sign the .ipa file yourself:
codesign --entitlements entitlements.xml -f -s "iPhone Distribution: Company (UFAYDHAUP)" Payload/Example.app
Naturally "iPhone Distribution: Company (UFAYDHAUP)" has to be replaced with the signing identify you use and Payload/Example.app will be the path to your app which has been unzipped from the .ipa file.
回答2:
It helped me:
--preserve-metadata=entitlements
Saving and restoring entitlements are not needed anymore.
来源:https://stackoverflow.com/questions/36888535/how-do-i-resign-app-with-entitlements