ios 如何判断哪个配置文件/签名证书用于签署 .ipa?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14881126/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to tell what profile/signing certificate was used to sign .ipa?
提问by DBD
I have a bunch of .ipa files and I've used a script to resign them.
我有一堆 .ipa 文件,我已经使用脚本对它们进行了签名。
So how can check the provisioning profile/signing certificate to conform they are using the correct information?
那么如何检查配置文件/签名证书以符合他们使用的正确信息呢?
Ideally, I'd like to be able to take any .ipa file and tell which provisioning profile/signing certificate was used to sign it.
理想情况下,我希望能够获取任何 .ipa 文件并说明使用哪个配置文件/签名证书对其进行签名。
Backstory:Our enterprise distribution certificate is expiring and I want to re-sign our stuff. It's a simple take for all the stuff we've made and archived in Xcode, but for 3rd party vendor made distributables I can't do that. I want to avoid asking for a re-signed .ipa file because a new .ipa mightinclude unknown changes and introduce issues and they'd probably charge us too... but I'm more worried about the first issue.
背景故事:我们的企业分发证书即将到期,我想重新签署我们的东西。对于我们在 Xcode 中制作和存档的所有内容,这是一个简单的过程,但对于 3rd 方供应商制作的可分发产品,我无法做到这一点。我想避免要求重新签名的 .ipa 文件,因为新的 .ipa可能包含未知的更改并引入问题,他们可能也会向我们收费......但我更担心第一个问题。
Since both our old and new distribution certificates are still valid (you get a 6month overlap) I need to be able to confirm the new one is used otherwise I'd look really silly when the old one expires and the "resigning" script didn't actually do the job.
由于我们的新旧分发证书仍然有效(您有 6 个月的重叠),我需要能够确认使用了新证书,否则当旧证书过期并且“辞职”脚本没有时,我看起来真的很傻。实际完成工作。
回答by Bobjt
Provisioning Profiles have a UUID that can be seen using the Terminal command:
配置文件有一个 UUID,可以使用终端命令查看:
security cms -D -i (path_to_your_provisioning_profile)
security cms -D -i (path_to_your_provisioning_profile)
See the UUID section of the command output like:
请参阅命令输出的 UUID 部分,例如:
<key>UUID</key>
<string>A008C022-7B82-4E40-8B37-172763E1E3CC</string>
<key>UUID</key>
<string>A008C022-7B82-4E40-8B37-172763E1E3CC</string>
Xcode inserts the provisioning profile used to sign the application within the .app bundle. To find it, rename your .ipa to .zip, uncompress it with Finder, find the .app file in /Payload. "Show Package Contents" on the .app file and find the provisioning profile with the name embedded.mobileprovision.
Xcode 在 .app 包中插入用于签署应用程序的配置文件。要找到它,请将您的 .ipa 重命名为 .zip,使用 Finder 解压缩,在 /Payload 中找到 .app 文件。在 .app 文件中“显示包内容”并找到名称为 的配置文件embedded.mobileprovision。
Dump its entitlements using the above command and compare that with the UUID found within your profiles in your Xcode Organizer > Devices tab > Provisioning Profile section under "Library". You can use "Show in Finder" on those to reveal their location on disk.
使用上述命令转储其权利,并将其与在 Xcode Organizer > Devices 选项卡 > Provisioning Profile 部分“Library”下的配置文件中找到的 UUID 进行比较。您可以使用“在 Finder 中显示”来显示它们在磁盘上的位置。
回答by maersu
Late to the party....
聚会迟到了......
But this tool saves me some time: nomad/shenzhen
但是这个工具为我节省了一些时间:nomad/shenzhen
$ ipa info /path/to/app.ipa
+-----------------------------+----------------------------------------------------------+
| ApplicationIdentifierPrefix | DJ73OPSO53 |
| CreationDate | 2014-03-26T02:53:00+00:00 |
| Entitlements | application-identifier: DJ73OPSO53.com.nomad.shenzhen |
| | aps-environment: production |
| | get-task-allow: false |
| | keychain-access-groups: ["DJ73OPSO53.*"] |
| CreationDate | 2017-03-26T02:53:00+00:00 |
| Name | Shenzhen |
| TeamIdentifier | S6ZYP4L6TY |
| TimeToLive | 172 |
| UUID | P7602NR3-4D34-441N-B6C9-R79395PN1OO3 |
| Version | 1 |
+-----------------------------+----------------------------------------------------------+
回答by Ted
回答by HaemEternal
Based on Bobjt's answer, I used IPCU to get the details of the profile:
根据 Bobjt 的回答,我使用 IPCU 来获取配置文件的详细信息:
- Rename your .ipa to .zip
- Uncompress it with Finder
- Find the .app file in /Payload.
"Show Package Contents" on the .app file and find the provisioning profile with the name embedded.mobileprovision.
Drag the mobileprovisioning file into iPhone Configuration Utility
- 将您的 .ipa 重命名为 .zip
- 用 Finder 解压
- 在 /Payload 中找到 .app 文件。
在 .app 文件中“显示包内容”并找到名为 embedding.mobileprovision 的配置文件。
将 mobileprovisioning 文件拖到 iPhone 配置实用程序中
IPCU shows the Name/Expiration Date etc of the profile.
IPCU 显示配置文件的名称/到期日期等。
回答by Lasse
I ended up using a mixture of Bobjt and HaemEternal solutions proposals.
我最终混合使用了 Bobjt 和 HaemEternal 解决方案建议。
- Find archive.
- Show package content.
- Copy .app file out
- Show package content of the .app file.
- Copy embedded.mobileprovision file out.
- Run "security cms -D -i (path_to_your_provisioning_profile)"
- Find the UUID number from the outcome of the of call in step 6.
- Open Iphone Configuration Utility and look at the profiles to find the one that has the same UUID number.
- 查找存档。
- 显示包内容。
- 复制 .app 文件
- 显示 .app 文件的包内容。
- 复制embedded.mobileprovision 文件。
- 运行“security cms -D -i (path_to_your_provisioning_profile)”
- 从步骤 6 中调用的结果中找到 UUID 号。
- 打开 Iphone 配置实用程序并查看配置文件以找到具有相同 UUID 编号的配置文件。
回答by DBD
I've been able to successfully test using the following process.
我已经能够使用以下过程成功测试。
- Install original .ipa onto device.
- Go to Settings->General->Profiles (see old provisioning profile)
- Delete app and old profile from device
- Resign app.
- Install re-signed app on device
- Go to Settings->General->Profiles (see new provisioning profile)
- 将原始 .ipa 安装到设备上。
- 转到设置-> 常规-> 配置文件(请参阅旧的配置文件)
- 从设备中删除应用程序和旧配置文件
- 辞职应用。
- 在设备上安装重新签名的应用程序
- 转到设置-> 常规-> 配置文件(请参阅新的配置文件)
This seems to be a bullet-proof way to confirm the provisioning profile was updated and since the profile only has the 1 signing certificate in it... then we must be signed with the new cert.
这似乎是确认配置文件已更新的防弹方法,并且由于配置文件中只有 1 个签名证书……那么我们必须使用新证书进行签名。
(but I still want to find a better way)
(但我还是想找到更好的方法)
回答by Ron Sims II
If you are trying to determine if a specific certificate was used to sign an .ipa, you can do the following:
如果您正在尝试确定是否使用特定证书对 .ipa 进行签名,您可以执行以下操作:
If you are comfortable with python, you can use this script that I created to compare the certificate(s) embedded in the .ipa to one that you have.
如果您对 python 感到满意,您可以使用我创建的这个脚本将嵌入在 .ipa 中的证书与您拥有的证书进行比较。
https://gist.github.com/ronsims2/1b7a8b9e15898f9406788988106b2f78
https://gist.github.com/ronsims2/1b7a8b9e15898f9406788988106b2f78
python ipa_cert_checker.py /Users/janedoe/Dcouments/Foobar.ipa /Users/janedoe/Dcouments/barfoo.cer
Alternatively, you can do what the script does manually from the command line of your Mac.
或者,您可以从 Mac 的命令行手动执行脚本执行的操作。
Unzip the IPA archive. It will produce a folder called "Payload".
unzip Foobar.ipaRead the embedded provisioning information. Note the package/folder inside of the Payload directory is named the same as the .ipa except with the .app extension.
security cms -Di Payload/Foobar.app/embedded.mobileprovision
解压缩 IPA 档案。它将生成一个名为“Payload”的文件夹。
unzip Foobar.ipa阅读嵌入式配置信息。请注意,Payload 目录中的包/文件夹的名称与 .ipa 相同,但扩展名为 .app。
security cms -Di Payload/Foobar.app/embedded.mobileprovision
In the output of the above command, the certificate(s) are embedded in the array data elements associated with the key "DeveloperCertificates" as a base64 string. 3. Copy the certificate(s) (do not include the xml tags and make sure there is no extra whitespace) and save them to a convenient location as text. In this example I will call it "cert_from_foobar.txt"
在上述命令的输出中,证书作为 base64 字符串嵌入与密钥“DeveloperCertificates”关联的数组数据元素中。3. 复制证书(不包括 xml 标签并确保没有多余的空格)并将它们作为文本保存到一个方便的位置。在本例中,我将其称为“cert_from_foobar.txt”
Base64 encode the known certificate and save the output to a file.
base64 barfoo.cer > barfoo.txtCompare the known certificate to the embedded one(s) you saved.
cmp cert_from_foobar.txt barfoo.txt || echo 'These files are NOT the same.'
Base64 对已知证书进行编码并将输出保存到文件中。
base64 barfoo.cer > barfoo.txt将已知证书与您保存的嵌入证书进行比较。
cmp cert_from_foobar.txt barfoo.txt || echo 'These files are NOT the same.'
If they are the same you will not seeany message.
如果它们相同,您将看不到任何消息。
