Ios – Codesigning ios app from the command line

codesigncommand lineios

I'm working on creating a command line workflow for my ios development and I'm stuck at the last stage: codesigning.

I built an app for armv7 and armv7s, link it and create the app bundle:

$ codesign -d -v path/to/myapp.app
Executable=/path/to/myapp.app/myapp
Identifier=com.mycompany.myapp
Format=bundle with Mach-O universal (armv7 armv7s)
CodeDirectory v=20200 size=2292 flags=0x0(none) hashes=105+5 location=embedded
Signature size=4332
Signed Time=Sep 7, 2014, 2:47:55 AM
Info.plist entries=26
TeamIdentifier=XXXXXX
Sealed Resources version=2 rules=5 files=3
Internal requirements count=1 size=192

I get a codesigning hash XXXXX from:

$ security find-identity -pcodesigning -v
  1) XXXXX "iPhone Developer: My Name (YYYY)"
     1 valid identities found

However, after I codesign using the following:

codesign --force -vvvv --sign XXXXX --resource-rules=path/to/myapp.app/ResourceRules.plist --entitlements path/to/myapp.xcent path/to/myapp.app
path/to/myapp.app: replacing existing signature
path/to/myapp.app: signed bundle with Mach-O universal (armv7 armv7s) [com.mycompany.myapp]

It still seems to be unhappy:

$ codesign --verify -vvvv path/to/myapp.app
path/to/myapp.app: invalid Info.plist (plist or signature have been modified)
In architecture: armv7s

As a reference I built a (similar) app using xcode (I actually used the codesign line from the logs to sign this app), and it works just fine:

$ codesign --verify -vvvv path/to/otherapp.app
path/to/otherapp.app: valid on disk
path/to/otherapp.app: satisfies its Designated Requirement

I'm definitely sure that I have correct codesigning hash, since I have signed and deployed apps via xcode. I'm just trying to reproduce the same steps on the command line and failing miserably. Obviously if I changed info.plist or something, I would expect to see this error, but I don't expect to see it right after I do the codesign step. Some black magic is at work here. Could anyone shed some light or help with some pointers please?

EDIT:

I removed armv7s and just built armv7 and now it seems happy at the codesign verification stage, however I still can't deploy the app with the following error from the logs:

installd[26777] : 0x10050c000 verify_signer_identity: MISValidateSignatureAndCopyInfo failed for /var/tmp/install_staging.Mvi7tR/myapp.app/myapp: 0xe8008019

I have no idea what's going on :\

ANOTHER EDIT:

I got the codesign verification to fail again, heh. So, if I verify myapp.app, then it says everything is OK. However, if I try to verify myapp.app/myapp binary directly, then it says that verification failed (with the above error except for architecture armv7)

Best Answer

Long story short, if I codesign myapp.app/myapp instead of myapp.app, then I can deploy the app to my phone without any issues. I can't seem to codesign both yet, as one of myapp.app/myapp or myapp.app fails codesign --verify, but it's good enough for now since I can deploy the app.

Hopefully this helps someone who is bashing their head against the wall.

I'll try and figure out if I can codesign both on one line somehow, but it's a minor posterity issue.

Bash Space-Separated (e.g., `--option argument`)

cat >/tmp/demo-space-separated.sh <<'EOF'
#!/bin/bash

POSITIONAL=()
while [[ $# -gt 0 ]]; do
  key="$1"

  case $key in
    -e|--extension)
      EXTENSION="$2"
      shift # past argument
      shift # past value
      ;;
    -s|--searchpath)
      SEARCHPATH="$2"
      shift # past argument
      shift # past value
      ;;
    -l|--lib)
      LIBPATH="$2"
      shift # past argument
      shift # past value
      ;;
    --default)
      DEFAULT=YES
      shift # past argument
      ;;
    *)    # unknown option
      POSITIONAL+=("$1") # save it in an array for later
      shift # past argument
      ;;
  esac
done

set -- "${POSITIONAL[@]}" # restore positional parameters

echo "FILE EXTENSION  = ${EXTENSION}"
echo "SEARCH PATH     = ${SEARCHPATH}"
echo "LIBRARY PATH    = ${LIBPATH}"
echo "DEFAULT         = ${DEFAULT}"
echo "Number files in SEARCH PATH with EXTENSION:" $(ls -1 "${SEARCHPATH}"/*."${EXTENSION}" | wc -l)
if [[ -n $1 ]]; then
    echo "Last line of file specified as non-opt/last argument:"
    tail -1 "$1"
fi
EOF

chmod +x /tmp/demo-space-separated.sh

/tmp/demo-space-separated.sh -e conf -s /etc -l /usr/lib /etc/hosts

Output from copy-pasting the block above

FILE EXTENSION  = conf
SEARCH PATH     = /etc
LIBRARY PATH    = /usr/lib
DEFAULT         =
Number files in SEARCH PATH with EXTENSION: 14
Last line of file specified as non-opt/last argument:
#93.184.216.34    example.com

Usage

demo-space-separated.sh -e conf -s /etc -l /usr/lib /etc/hosts

Bash Equals-Separated (e.g., `--option=argument`)

cat >/tmp/demo-equals-separated.sh <<'EOF'
#!/bin/bash

for i in "$@"; do
  case $i in
    -e=*|--extension=*)
      EXTENSION="${i#*=}"
      shift # past argument=value
      ;;
    -s=*|--searchpath=*)
      SEARCHPATH="${i#*=}"
      shift # past argument=value
      ;;
    -l=*|--lib=*)
      LIBPATH="${i#*=}"
      shift # past argument=value
      ;;
    --default)
      DEFAULT=YES
      shift # past argument with no value
      ;;
    *)
      # unknown option
      ;;
  esac
done
echo "FILE EXTENSION  = ${EXTENSION}"
echo "SEARCH PATH     = ${SEARCHPATH}"
echo "LIBRARY PATH    = ${LIBPATH}"
echo "DEFAULT         = ${DEFAULT}"
echo "Number files in SEARCH PATH with EXTENSION:" $(ls -1 "${SEARCHPATH}"/*."${EXTENSION}" | wc -l)
if [[ -n $1 ]]; then
    echo "Last line of file specified as non-opt/last argument:"
    tail -1 $1
fi
EOF

chmod +x /tmp/demo-equals-separated.sh

/tmp/demo-equals-separated.sh -e=conf -s=/etc -l=/usr/lib /etc/hosts

Output from copy-pasting the block above

FILE EXTENSION  = conf
SEARCH PATH     = /etc
LIBRARY PATH    = /usr/lib
DEFAULT         =
Number files in SEARCH PATH with EXTENSION: 14
Last line of file specified as non-opt/last argument:
#93.184.216.34    example.com

Usage

demo-equals-separated.sh -e=conf -s=/etc -l=/usr/lib /etc/hosts

To better understand ${i#*=} search for "Substring Removal" in this guide. It is functionally equivalent to `sed 's/[^=]*=//' <<< "$i"` which calls a needless subprocess or `echo "$i" | sed 's/[^=]*=//'` which calls two needless subprocesses.

Using bash with getopt[s]

getopt(1) limitations (older, relatively-recent getopt versions):

can't handle arguments that are empty strings
can't handle arguments with embedded whitespace

More recent getopt versions don't have these limitations. For more information, see these docs.

POSIX getopts

Additionally, the POSIX shell and others offer getopts which doen't have these limitations. I've included a simplistic getopts example.

cat >/tmp/demo-getopts.sh <<'EOF'
#!/bin/sh

# A POSIX variable
OPTIND=1         # Reset in case getopts has been used previously in the shell.

# Initialize our own variables:
output_file=""
verbose=0

while getopts "h?vf:" opt; do
  case "$opt" in
    h|\?)
      show_help
      exit 0
      ;;
    v)  verbose=1
      ;;
    f)  output_file=$OPTARG
      ;;
  esac
done

shift $((OPTIND-1))

[ "${1:-}" = "--" ] && shift

echo "verbose=$verbose, output_file='$output_file', Leftovers: $@"
EOF

chmod +x /tmp/demo-getopts.sh

/tmp/demo-getopts.sh -vf /etc/hosts foo bar

Output from copy-pasting the block above

verbose=1, output_file='/etc/hosts', Leftovers: foo bar

Usage

demo-getopts.sh -vf /etc/hosts foo bar

The advantages of getopts are:

It's more portable, and will work in other shells like dash.
It can handle multiple single options like -vf filename in the typical Unix way, automatically.

The disadvantage of getopts is that it can only handle short options (-h, not --help) without additional code.

There is a getopts tutorial which explains what all of the syntax and variables mean. In bash, there is also help getopts, which might be informative.

Ios – How to change the name of an iOS app

Go to Targets in Xcode.
Build Settings on your project's target (your current development name).
Search for Product Name under Packaging. Change its value to what you want your new project name to be.

Best Answer

Related Solutions

Bash – How to parse command line arguments in Bash

Bash Space-Separated (e.g., --option argument)

Output from copy-pasting the block above

Usage

Bash Equals-Separated (e.g., --option=argument)

Output from copy-pasting the block above

Usage

Using bash with getopt[s]

POSIX getopts

Output from copy-pasting the block above

Usage

Ios – How to change the name of an iOS app

Related Topic

Bash Space-Separated (e.g., `--option argument`)

Bash Equals-Separated (e.g., `--option=argument`)