dryark/strawberry
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance macOS build scripts for provisioning profile handling and identity management

Browse Source 
This commit improves the `find_mas_provisioning_profile.sh` script by expanding the search for provisioning profiles to include both `.provisionprofile` and `.mobileprovision` files. It also introduces a new function to print SHA-1 values for identities, helping to avoid ambiguity when multiple identities share the same display name. Additionally, the `check_signing_identities.sh` script is updated to provide clearer recommendations for using SHA-1 hashes with codesigning and installer identities, enhancing the overall usability and clarity for developers working with macOS builds.
This commit is contained in:
David Helkowski
2026-01-22 21:15:07 +09:00
parent d4d805443e
commit 7a954b3f32
5 changed files with 386 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
build_tools/macos/check_signing_identities.sh
View File

@@ -156,4 +156,52 @@ fi
echo "Tip: to pick the right MAS profile for a bundle id, run:"
echo " ./build_tools/macos/find_mas_provisioning_profile.sh --bundle-id com.dryark.strawberry"
\n\necho\n
echo "==> [$(ts)] Recommended SHA-1 values to use (avoids ambiguity when names are duplicated)"
cat <<'EOF'
When you have multiple identities with the same display name, prefer using the SHA-1 hash in scripts:
--codesign-identity "<SHA1>"
--installer-identity "<SHA1>"
This prevents codesign/productbuild from picking an unexpected identity.
EOF
echo
extract_identities() {
local policy="$1" # codesigning | basic
# Output: SHA1|LABEL
security find-identity -p "$policy" -v 2>/dev/null \
| sed -n 's/^[[:space:]]*[0-9][0-9]*[)] \([0-9A-F]\{40\}\) "\(.*\)"$/\1|\2/p'
}
print_sha_list() {
local title="$1"
local policy="$2"
local label_match="$3"
echo "$title"
local matches
matches="$(extract_identities "$policy" | grep -F "$label_match" || true)"
if [[ -z "$matches" ]]; then
echo " (none found)"
return 0
fi
local first=1
while IFS='|' read -r sha label; do
[[ -z "$sha" || -z "$label" ]] && continue
if [[ $first -eq 1 ]]; then
echo " recommended: $sha ($label)"
first=0
else
echo " alternative: $sha ($label)"
fi
done <<<"$matches"
}
print_sha_list "Mac App Store (app signing) [use with --codesign-identity]:" "codesigning" "Apple Distribution:"
print_sha_list "Mac App Store (pkg signing) [use with --installer-identity]:" "basic" "3rd Party Mac Developer Installer:"
print_sha_list "Developer ID (app signing) [outside App Store]:" "codesigning" "Developer ID Application:"
print_sha_list "Developer ID (pkg signing) [outside App Store]:" "basic" "Developer ID Installer:"