使用codesign重签名ipa包

重新签名步骤

解压

unzip ysl.ipa

移除旧签名

rm -r "Payload/ysl.app/_CodeSignature" 2> /dev/null | true

替换 provisioning profile

cp "$MOBILEPROVISION" "Payload/ysl.app/embedded.mobileprovision"

entitlements生成

/usr/libexec/PlistBuddy -x -c "print :Entitlements " /dev/stdin <<< $(security cms -D -i "$MOBILEPROVISION") > "entitlements.plist"

重新签名

/usr/bin/codesign -f -s "iPhone Distribution: xxx” "--entitlements "entitlements.plist" "Payload/ysl.app"

例如：/usr/bin/codesign -f -s 8F16D32B97E8564C20613BC00699E547B265D62C --entitlements entitlements.plist Payload/ysl.app

验证签名

spctl -a -v Payload/ysl.app

/usr/bin/codesign --verify --deep --verbose=3 Payload/ysl.app

重新打包

zip -qr "ysl.resigned.ipa" Payload

重签名问题

【问题】 ERROR ITMS-90166: "Missing Code Signing Entitlements. No entitlements found in bundle 'com.ysl' for executable ‘Payload/ysl.app/ysl'.""

【解决】签名需要的Entitlements信息可以通过两个地方获取，一个是编译后生成在build/Distribute-iphone/objects/ysl.build/Distribute-iphoneos/ysl.build/ysl.app.xcent

另一种是通过从profile里获取，即/usr/libexec/PlistBuddy -x -c "print :Entitlements " /dev/stdin <<< $(security cms -D -i ~/ProvisioningProfiles/AppStore_com.ysl.mobileprovision) > entitlements.plist

【问题】ERROR ITMS-90179: "Invalid Code Signing. The executable ‘Payload/ysl.app/ysl' must be signed with the certificate that is contained in the provisioning profile."

【解决】发现是重签名指定的证书与 provisioning profile不匹配，重新分配。

[问题iPhone Distribution: xxxxx.: ambiguous (matches "iPhone Distribution: xxxxx" and "iPhone Distribution: xxxxx" in /Users/elian/Library/Keychains/ci.keychain)

［解决］https://developer.apple.com/legacy/library/technotes/tn2250/_index.html#//apple_ref/doc/uid/DTS40009933-CH1-TNTAG41-HOW_DO_I_RESOLVE_THE_CODESIGN_ERROR__IPHONE_DEVELOPER__OR_IPHONE_DISTRIBUTION__AMBIGUOUS_MATCHES_

按照官方提供的方案是需要删除重复的证书。但由于我们的环境是需要多证书的。故使用另一种方式解决，即获取证书的sha1值，在指定--sign时，后面跟上签名证书的sha1.例如：/usr/bin/codesign -f -s 8F16D32B97E8564C20613BC00699E547B265D62C 

如何获取sha1配置：

security find-identity -p codesigning login.keychain

8G16D32B97E8564C20613BC00699E547B265D26C "iPhone Distribution: Company11 name

003981HH13D6226942D43525E6045A23525A85AC "iPhone Distribution: Company22 name"

158DD26AD3B200CF12FE79C66CA9830C52D7813D"iPhone Distribution: Company33 name"

case “$signTeamName" in 

  *11*)

    signIdentity=9G16D32B97E8564C20613BC00699E547B265D35u

    ;;

  *22*)

    signIdentity=003981HH13D6226942D43525E6045A23525A85TD

    ;;

  *33*)

    signIdentity=868DD26AD3B200CF12FE79C66CA890C52D7890I

    ;;      

esac