codesign就是创建和管理证书的。下面列举一些基本的操作使用。
可以查看codesign的使用帮助
codesign --help
使用方法的命令
Usage: codesign -s identity [-fv*] [-o flags] [-r reqs] [-i ident] path ... # sign
codesign -v [-v*] [-R=<req string>|-R <req file path>] path|[+]pid ... # verify
codesign -d [options] path ... # display contents
codesign -h pid ... # display hosting paths
查看签名
比如我们看一下xcode的签名,我们使用 -d -v 参数,-d 是display展示签名信息的意思,-v 是verbose的意思,越多的verbose显示信息越多,通常3个就已经足够了。
codesign -d -vvv WeChat.app
Executable=/Users/ruicong/Desktop/com.tencent.xin-iOS9.0-(Clutch-2.0.4)/Payload/WeChat.app/WeChat
Identifier=com.tencent.xin
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=1951259 flags=0x0(none) hashes=30483+7 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=8b199f83297c9d4dfce84acdd247a3d07c2438b5
CandidateCDHashFull sha1=8b199f83297c9d4dfce84acdd247a3d07c2438b5
CandidateCDHash sha256=72a6c8461208c19fe4dafac2454ef5d8b5bc109e
CandidateCDHashFull sha256=72a6c8461208c19fe4dafac2454ef5d8b5bc109ed52220563192135d09d27361
Hash choices=sha1,sha256
CMSDigest=46f2db359a6fb9d3d73dd26585ced3bf8eb94c9bd44397490db199b14fc111d6
CMSDigestType=2
CDHash=72a6c8461208c19fe4dafac2454ef5d8b5bc109e
Signature size=4390
Authority=(unavailable)
Info.plist=not bound
TeamIdentifier=88L2Q4487U
Sealed Resources version=2 rules=21 files=1469
Internal requirements count=1 size=96
上面的签名中没有显示一些额外的信息,比如授权机制 entitements信息 。那么如何显示证书中的其他信息呢,在查看时使用 --entitlements 选项可以查看,比如:
codesign -d --entitlements - WeChat.app
Executable=/Users/ruicong/Desktop/com.tencent.xin-iOS9.0-(Clutch-2.0.4)/Payload/WeChat.app/WeChat
??qqm<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.networking.wifi-info</key>
<true/>
<key>com.apple.developer.siri</key>
<true/>
<key>com.apple.developer.team-identifier</key>
<string>88L2Q4487U</string>
<key>com.apple.developer.healthkit</key>
<true/>
<key>application-identifier</key>
<string>532LCLCWL8.com.tencent.xin</string>
<key>com.apple.developer.networking.HotspotHelper</key>
<true/>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>packet-tunnel-provider</string>
<string>app-proxy-provider</string>
<string>content-filter-provider</string>
</array>
<key>aps-environment</key>
<string>production</string>
<key>com.apple.developer.networking.HotspotConfiguration</key>
<true/>
<key>com.apple.developer.associated-domains</key>
<array>
<string>applinks:help.wechat.com</string>
</array>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.tencent.xin</string>
</array>
</dict>
</plist>%
签名
签名使用codesign -s 命令,s就是签名sign的意思
签名需要一个证书,我们可以打开 钥匙串应用 查看我们拥有的证书,或者通过命令行使用security命令访问钥匙串,查找可以签名的证书,
security find-identity -v -p codesigning
1) 63CDF0F7E792C6037B5D695F55181ABF09E652DD "iPhone Developer: jmhmobile@jchtcorp.com (FRSJUDZYE3)"
为了方便起见,我就创建一个my.app文件。创建文件可以使用 touch 命令
来到桌面
cd ~/Desktop
touch my.app
查看是否签名
codesign -d -vvv my.app
my.app: code object is not signed at all
然后签名的时候,指定此证书进行签名就可以了
codesign -s "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" my.app
然后可以使用上的命令查看签名状态
codesign -d -vvv my.app
Executable=/Users/ruicong/Desktop/my.app
Identifier=my
Format=generic
CodeDirectory v=20200 size=130 flags=0x0(none) hashes=0+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=c51b127800028dd7efa7e802e2d06ef3e7d4d7df
CandidateCDHashFull sha1=c51b127800028dd7efa7e802e2d06ef3e7d4d7df
CandidateCDHash sha256=41b6c9c7bbe1eef6d2ed3362d65cadd7b4b5a29f
CandidateCDHashFull sha256=41b6c9c7bbe1eef6d2ed3362d65cadd7b4b5a29fd6d4ce7afdbd9386dabe138d
Hash choices=sha1,sha256
CMSDigest=6a42110e5b4646ef8d43445d67eacb58561d19069d3dd81e8b943044adf68229
CMSDigestType=2
CDHash=41b6c9c7bbe1eef6d2ed3362d65cadd7b4b5a29f
Signature size=4797
Authority=iPhone Developer: 812883574@qq.com (8QLSY8DC93)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Sep 24, 2020 at 10:36:15 AM
Info.plist=not bound
TeamIdentifier=263Y58BPS8
Sealed Resources=none
Internal requirements count=1 size=168
如果想要重新签名 那么需要加上-f参数,-f的意思是force的意思,如果没有这个参数,签名不会不替换,签名操作会失败。
修改签名参数
- 修改Identifier
需要使用-i参数
codesign -f -i com.123.ok -s "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" my.app
my.app: replacing existing signature
新的查看命令
codesign -d --verbose=4 my.app
修改后的效果
Executable=/Users/ruicong/Desktop/my.app
Identifier=com.123.ok
Format=generic
CodeDirectory v=20200 size=138 flags=0x0(none) hashes=0+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=3567f98200ac467364ca68988cc2a78634454772
CandidateCDHashFull sha1=3567f98200ac467364ca68988cc2a78634454772
CandidateCDHash sha256=ce616778881d96aee0685feca2537a59842e444a
CandidateCDHashFull sha256=ce616778881d96aee0685feca2537a59842e444ab0ed09aadd5557a2b54d9054
Hash choices=sha1,sha256
CMSDigest=2182561168c0a9e6713e6a3bc05e8900e1f1c8d9580cb66971d19275a0a486b3
CMSDigestType=2
Page size=none
CDHash=ce616778881d96aee0685feca2537a59842e444a
Signature size=4797
Authority=iPhone Developer: 812883574@qq.com (8QLSY8DC93)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Sep 24, 2020 at 10:53:48 AM
Info.plist=not bound
TeamIdentifier=263Y58BPS8
Sealed Resources=none
Internal requirements count=1 size=176
- 修改flags
使用参数-o
codesign -f -o 0x2200 -s "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" my.app
my.app: replacing existing signature
Executable=/Users/ruicong/Desktop/my.app
Identifier=my
Format=generic
CodeDirectory v=20200 size=130 flags=0x2200(kill,library-validation) hashes=0+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=846ba07c34cc5eeba1a8c72f013e38d68e6692f1
CandidateCDHashFull sha1=846ba07c34cc5eeba1a8c72f013e38d68e6692f1
CandidateCDHash sha256=c52557fade71316712b74e6b37d22bed92267b9c
CandidateCDHashFull sha256=c52557fade71316712b74e6b37d22bed92267b9c39963f5d350d9bad7d7e5cc6
Hash choices=sha1,sha256
CMSDigest=299e7fc5bf844fc261cade3fef2538c4ce6e821053cbde9cb47d19e9a3fdd047
CMSDigestType=2
Page size=none
CDHash=c52557fade71316712b74e6b37d22bed92267b9c
Signature size=4797
Authority=iPhone Developer: 812883574@qq.com (8QLSY8DC93)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Sep 24, 2020 at 11:03:20 AM
Info.plist=not bound
TeamIdentifier=263Y58BPS8
Sealed Resources=none
Internal requirements count=1 size=168
- 重新签名framwork
1.先cd到framwork目录下
cd Frameworks
2.然后查看有多少个库要签名,最后一个一个进行重签名
ls
OpenSSL.framework andromeda.framework marsbridgenetwork.framework
ProtobufLite.framework mars.framework matrixreport.framework
codesign -fs "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" OpenSSL.framework
给不是可执行文件,
上可执行文件权限
先cd到WeChat.app目录下
chmod +x WeChat
查看描述文件
security cms -Di embedded.mobileprovision
对app包进行签名
1.先得在xcode中创建一个plist文件,然后把描述文件中的授权文件拷到这个plist文件中,然后把这个plist文件拷贝到和WeChat.app一起
这里的 no-strict 是不严谨的,--entitlements=en.plist权限文件来自哪个文件
codesign -fs "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" --no-strict --entitlements=en.plist WeChat.app
网友评论