I haven’t settled down to write something about iOS for a long time. Maybe we are busy, maybe we are not what we were a few years ago, but our salary is back to a few years ago. Ok, without nonsense, today I will talk about those things about signature

There are currently two types of download available: 1. Apple Certificate Signature 2. Apple Super SignatureCopy the code

Apple Corporate Certificate Signature (Corporate signature)


#### features summary 1, can be distributed at any time APP 2, acceptable Apple unacceptable APP #### shortcomings summary 1, Apple developers account is difficult to find, it is said that the recently fried up to 500,000 or so 2, the market certificate confusion, rotten street many certificates 3, high risk of signing off 4, after signing off to obtain users, increased operating costs

#### re-signature method ###### tool 1, iOS APP Signer 2, iReSign, etc. (there are many third-party provided, said to steal the certificate) ###### use method above two see Git

###### terminal signature 1. Prepare IPA suffix file (Ad Hoc Deployment package) xx. Mobileprovision file (enterprise)

2. Obtain the information in the certificate (xx.plist)

security cms -D -i xx.mobileprovision > xx.plist
Copy the code

3. Export xx.plist

/usr/libexec/plistbuddy -x -c 'Print:xx project name 'xx.plist > xx.plistCopy the code

4. Decompress ipA packages

unzip xx.ipa
Copy the code

5. Delete the old signature

rm -rf Payload/xx.app/_CodeSignature/
Copy the code

Delete dynamic library signatures (this step is required for all frameworks)

(1), remove the signature rm - rf Payload/xx. App/Frameworks/xx framework / _CodeSignature (2), the signature codesign -f -s "the name of the certificate" Payload/xx.app/Frameworks/xx.framework/Copy the code

7. Replace the configuration file

cp xx.mobileprovision Payload/xx.app/
Copy the code

8, signature

Codesign -F-S "Name of certificate" -- Entitlements xx.plist Payload/xx.appCopy the code

9. Package as IPA

zip -r new_xx.ipa Payload/
Copy the code

Finally, new_xx.ipa is the re-signed file

### Apple Super signature

The principle of #### is clear. The developer can add the UDID of the mobile phone in the developer background, and then repackage an IPA file, distribute the platform, and then the added UDID can be downloaded

#### Overall architecture diagram

#### Features summary 1. Direct distribution, installation can run, users do not need to do the trust operation of enterprise certificate 2. Currently stable, there is no business risk caused by certificate revocation #### Disadvantages summary 1. Very high distribution costs ($99 / year /100 devices)

1. Create a.mobileconfig XML description file on your Web server. The XML code is as follows

<? The XML version = "1.0" encoding = "utf-8"? > <! DOCTYPE plist PUBLIC "- / / / / DTD plist Apple / 1.0 / EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" > < plist Version ="1.0"> <dict> <key>PayloadContent</key> <dict> <key>URL</key> <string> a URL to receive UDID </string> <key>DeviceAttributes</key> <array> <string>UDID</string> <string>IMEI</string> <string>ICCID</string> <string>VERSION</string> <string>PRODUCT</string> </array> </dict> <key>PayloadOrganization</key> <string>GuangdongQi</string><! -- Organization name --> <key>PayloadDisplayName > <string>AppFree</string> <key>PayloadVersion</key> < INTEGER >1</integer> <key>PayloadUUID</key> <string>9CF421B3-9853-4454-BC8A-982CBD3C907C</string><! -- a unique string that you randomly fill in, http://www.guidgen.com/ can generate --> <key>PayloadIdentifier</key> <string>com.gpon.profile-service</string> <key>PayloadDescription</key> <string>This temporary profile will be used to find and display your current device's UDID.</string> <key>PayloadType</key> <string>Profile Service</string> </dict> </plist>Copy the code

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Application /x-apple-aspen-config(the problem is all because of this), or as here with a simple page to download mobileconfig file, guide users to install 2, the server do some 301 jump, store UDID and other operations

# # # # automation

Register a new developer appliance + Update Provisioning Profile

The next key is how to register new developer devices and update Provisioning Profiles in seconds after the user’s UDID is obtained. And here we need an open source tool (Spaceship) :

Spaceship exposed the Apple Developer Center API and executed two orders of magnitude faster than parsing Developer Web pages, landing the Provisioning Profile in a very short time. This framework addresses the key issues of the entire mechanism and becomes the cornerstone of the entire tool chain. In fact, a platform has already completed the technical reserve of UDID acquisition and application signature distribution, except for this API.

Here is a comparison of the speed of parsing developer Web pages versus direct access to the API:

Automatic signature packet encapsulation

There should be 10,000 solutions that can be implemented through command-line scripts /Python scripts/other third parties.

The Sigh framework is recommended to solve this problem.

The Sigh is simple to use and configure, a command-only tool, rich configuration options (consult the documentation yourself), and an active community.

Go directly to the demo diagram:

distribution

Without further ado, what about dandelions, FIR, various small platforms and so on

advertising

Let’s finish with a commercial

Separate, separate, separate, very expensive