search

nowsecure / node-applesign

NodeJS module and commandline utility for re-signing iOS applications (IPA files).
https://www.nowsecure.com
MIT License
425 stars 77 forks source link

Add -j to specify a JSON with custom signing options #102

Closed trufae closed 4 years ago

trufae commented 4 years ago

This feature has been requested for a couple of years already, and the only reason for not having it was a simple interface for managing all the possible use cases. In order to move forward i just implemented -j which allows to override with an inline json string the signing options for files matching specific attributes, here's an example:

{
  "custom": [
      {
      "filematch": "RegexMatchExpr$",
      "entitlements": "/tmp/custom-entitlements.plist",
      "identity": "89312489X",
      "keychain": "/tmp/custom-keychain.db"
     }
  ]
}

The only required key in here is filematch which is used by signFile to determine which files needs to use custom signing options. The entitlements, identity and keychain path fields are optional. those will override the default signing attributes when matching.

This is useful for resigning app extensions like custom keyboards, network extensions, sharing extensions, etc.. which use to have different entitlements (and in some cases different signing identities, f.ex: apple watch)

Note that in order to sign app extensions you need to pass the -a flag to sign ALL the binaries, even the ones not associated with the main app executable

To sumarize in one line: 

$ applesign -a -m embedded.mobileprovision -c -j "`cat foo.json`" Twitter.ipa

PD: This is an experimental feature. json format, options and commandline flags may change in the future. PD2: Review comments are welcome