Simplify help message

[radare]

Moving all the experimental flags into a separate long-help message will make the tool easier to use, because the amount of them is pretty high right now :D we can probably remove, group

  -a, --all                     Resign all binaries, even it unrelated to the app
  -A, --all-dirs                Archive all directories, not just Payload/
  -c, --clone-entitlements      Clone the entitlements from the provisioning to the bin
  -f, --force-family            Force UIDeviceFamily in Info.plist to be iPhone
  -h, --help                    Show this help message
  -H, --allow-http              Add NSAppTransportSecurity.NSAllowsArbitraryLoads in plist
  -i, --identity [1C4D1A..]     Specify hash-id of the identity to use
  -I, --insert [frida.dylib]    Insert a dynamic library to the main executable
  -L, --identities              List local codesign identities
  -m, --mobileprovision [FILE]  Specify the mobileprovision file to use
  -o, --output [APP.IPA]        Path to the output IPA filename
  -O, --osversion 9.0           Force specific OSVersion if any in Info.plist
  -p, --parallel                Run layered signing dependencies in parallel
  -r, --replace                 Replace the input IPA file with the resigned one
  -s, --single                  Sign a single file instead of an IPA
  [input-ipafile]               Path to the IPA file to resign

  -7, --use-7zip                Use 7zip instead of unzip
      --use-openssl             Use OpenSSL cms instead of Apple's security tool
  -b, --bundleid [BUNDLEID]     Change the bundleid when repackaging
  -B, --bundleid-access-group   Add $(TeamIdentifier).bundleid to keychain-access-groups
  -e, --entitlements [ENTITL]   Specify entitlements file (EXPERIMENTAL)
  -E, --entry-entitlement       Use generic entitlement (EXPERIMENTAL)
  -k, --keychain [KEYCHAIN]     Specify alternative keychain file
  -K, --add-access-group [NAME] Add $(TeamIdentifier).NAME to keychain-access-groups
  -l, --lipo [arm64|armv7]      Lipo -thin all bins inside the IPA for the given architecture
  -M, --massage-entitlements    Massage entitlements to remove privileged ones
  -n, --noclean                 keep temporary files when signing error happens
  -S, --self-sign-provision     Self-sign mobile provisioning (EXPERIMENTAL)
  -t, --without-get-task-allow  Do not set the get-task-allow entitlement (EXPERIMENTAL)
  -v, --verify                  Verify all the signed files at the end
  -V, --verify-twice            Verify after signing every file and at the end
  -w, --without-watchapp        Remove the WatchApp from the IPA before resigning
      --version                 Show applesign version
  -z, --ignore-zip-errors       Ignore unzip/7z uncompressing errors
  -u, --unfair                  Resign encrypted applications

[trufae]

Another thing that will improve the help message is to compact all the entitlement related options in one or two flags like this:

• -E --entry-entitlement
• -c --clone-entitlements
• -e --entitlements FILE
• -M --massage-entitlements
• -t, --without-get-task-allow

We can have something like this:

• -e FILE
• -E [clone,massage,entry,notask] # rename entry with 'default'

or just use the same -e for both file and type, -e clone vs -e clone.entitlements

[trufae]

Info.plist options are:

• -H allow-http
• -f force-family
• -O os-version
• -b bundle-id
• -B bundle-id-group
• -K add-access-group

[trufae]

Packaging related options:

• -7 use-7zip
• -A - package all subdirs, not just Payload
• -o output ipa
• -l --lipo
• -n --noclean
• -r, --replace
• -w, --without-watchapp
• -z, --ignore-zip-errors

[trufae]

Signing related options:

• -i, --identity [1C4D1A..]
• -a, --all
• -u, --unfair
• -v, --verify Verify all the signed files at the end
• -V, --verify-twice Verify after signing every file and at the end
• -w, --without-watchapp
• -m, --mobileprovision [FILE]
• -S, --self-sign-provision
• -s, --single

[trufae]

[trufae]

I've pushed the improved help message in master