Enhance macOS build scripts for provisioning profile handling and identity management
This commit improves the `find_mas_provisioning_profile.sh` script by expanding the search for provisioning profiles to include both `.provisionprofile` and `.mobileprovision` files. It also introduces a new function to print SHA-1 values for identities, helping to avoid ambiguity when multiple identities share the same display name. Additionally, the `check_signing_identities.sh` script is updated to provide clearer recommendations for using SHA-1 hashes with codesigning and installer identities, enhancing the overall usability and clarity for developers working with macOS builds.
This commit is contained in:
@@ -10,7 +10,7 @@ Usage:
|
||||
|
||||
What it does:
|
||||
- Scans common macOS provisioning profile locations (new Xcode + legacy)
|
||||
- Decodes each *.provisionprofile (CMS) into plist
|
||||
- Uses Apple's `security cms -D` to decode each *.provisionprofile into a plist
|
||||
- Prints a readable table and recommends a best match for the given bundle id
|
||||
|
||||
Notes:
|
||||
@@ -44,6 +44,12 @@ if ! command -v security >/dev/null 2>&1; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
plistbuddy_print() {
|
||||
local keypath="$1"
|
||||
local plist="$2"
|
||||
/usr/libexec/PlistBuddy -c "Print :${keypath}" "$plist" 2>/dev/null || true
|
||||
}
|
||||
|
||||
plutil_extract() {
|
||||
local keypath="$1"
|
||||
local plist="$2"
|
||||
@@ -53,37 +59,29 @@ plutil_extract() {
|
||||
find_profiles_in_dir() {
|
||||
local dir="$1"
|
||||
if [[ -d "$dir" ]]; then
|
||||
find "$dir" -maxdepth 1 -type f -name "*.provisionprofile" 2>/dev/null || true
|
||||
find "$dir" -maxdepth 1 -type f \( -name "*.provisionprofile" -o -name "*.mobileprovision" \) 2>/dev/null || true
|
||||
fi
|
||||
}
|
||||
|
||||
declare -a candidates
|
||||
candidates=()
|
||||
|
||||
# Newer Xcode location (as reported by user)
|
||||
while IFS= read -r f; do candidates+=("$f"); done < <(find_profiles_in_dir "$HOME/Library/Developer/Xcode/UserData/Provisioning Profiles")
|
||||
|
||||
# Legacy location
|
||||
while IFS= read -r f; do candidates+=("$f"); done < <(find_profiles_in_dir "$HOME/Library/MobileDevice/Provisioning Profiles")
|
||||
|
||||
if [[ ${#candidates[@]} -eq 0 ]]; then
|
||||
echo "==> [$(ts)] No .provisionprofile files found in common locations."
|
||||
echo "Checked:"
|
||||
echo " - $HOME/Library/Developer/Xcode/UserData/Provisioning Profiles"
|
||||
echo " - $HOME/Library/MobileDevice/Provisioning Profiles"
|
||||
echo "==> [$(ts)] No provisioning profiles found in common locations."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "==> [$(ts)] Scanning ${#candidates[@]} provisioning profile(s) for bundle id: ${bundle_id}"
|
||||
echo
|
||||
printf "%-4s %-36s %-10s %-25s %-45s %s\n" "No." "UUID" "TeamID" "Expires" "AppID" "Path"
|
||||
printf "%s\n" "---- ------------------------------------ ---------- ------------------------- --------------------------------------------- ----"
|
||||
|
||||
best_score=-1
|
||||
best_path=""
|
||||
best_reason=""
|
||||
|
||||
printf "%-4s %-36s %-10s %-25s %-40s %s\n" "No." "UUID" "TeamID" "Expires" "AppID" "Path"
|
||||
printf "%s\n" "---- ------------------------------------ ---------- ------------------------- ---------------------------------------- ----"
|
||||
|
||||
idx=0
|
||||
for f in "${candidates[@]}"; do
|
||||
idx=$((idx + 1))
|
||||
@@ -97,44 +95,42 @@ for f in "${candidates[@]}"; do
|
||||
uuid="$(plutil_extract UUID "$tmp")"
|
||||
name="$(plutil_extract Name "$tmp")"
|
||||
teamid="$(plutil_extract 'TeamIdentifier.0' "$tmp")"
|
||||
if [[ -z "$teamid" ]]; then
|
||||
teamid="$(plutil_extract 'ApplicationIdentifierPrefix.0' "$tmp")"
|
||||
fi
|
||||
exp="$(plutil_extract ExpirationDate "$tmp")"
|
||||
|
||||
# Profiles vary in which key they use for the app identifier.
|
||||
appid="$(plutil_extract 'Entitlements.application-identifier' "$tmp")"
|
||||
# App identifier lives under Entitlements; use PlistBuddy because some key names contain dots.
|
||||
appid="$(plistbuddy_print 'Entitlements:application-identifier' "$tmp")"
|
||||
if [[ -z "$appid" ]]; then
|
||||
appid="$(plutil_extract 'Entitlements.com.apple.application-identifier' "$tmp")"
|
||||
appid="$(plistbuddy_print 'Entitlements:com.apple.application-identifier' "$tmp")"
|
||||
fi
|
||||
|
||||
rm -f "$tmp" >/dev/null 2>&1 || true
|
||||
|
||||
# Fallbacks for display.
|
||||
[[ -z "$uuid" ]] && uuid="(unknown)"
|
||||
[[ -z "$teamid" ]] && teamid="(unknown)"
|
||||
[[ -z "$exp" ]] && exp="(unknown)"
|
||||
[[ -z "$appid" ]] && appid="(unknown)"
|
||||
|
||||
printf "%-4s %-36s %-10s %-25s %-40s %s\n" "$idx" "$uuid" "$teamid" "$exp" "$appid" "$f"
|
||||
printf "%-4s %-36s %-10s %-25s %-45s %s\n" "$idx" "$uuid" "$teamid" "$exp" "$appid" "$f"
|
||||
|
||||
# Score match quality.
|
||||
score=0
|
||||
reason=""
|
||||
|
||||
# Prefer exact team+bundle match.
|
||||
if [[ "$appid" != "(unknown)" && "$teamid" != "(unknown)" ]]; then
|
||||
if [[ "$appid" == "${teamid}.${bundle_id}" ]]; then
|
||||
score=100
|
||||
reason="exact match (${appid})"
|
||||
elif [[ "$appid" == "${teamid}."* && "$appid" == *"*"* ]]; then
|
||||
# Wildcard profile like TEAMID.*
|
||||
score=60
|
||||
reason="wildcard match (${appid})"
|
||||
elif [[ "$appid" == *".${bundle_id}" ]]; then
|
||||
score=50
|
||||
reason="endswith match (${appid})"
|
||||
elif [[ "$appid" == "${teamid}."* && "$appid" == *"*"* ]]; then
|
||||
score=40
|
||||
reason="wildcard match (${appid})"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Prefer profiles with a plausible name for MAS (heuristic).
|
||||
if [[ "$score" -gt 0 && -n "$name" ]]; then
|
||||
case "$name" in
|
||||
*Mac\ App\ Store*|*App\ Store*|*appstore*|*AppStore*)
|
||||
@@ -161,7 +157,4 @@ fi
|
||||
echo "==> [$(ts)] Recommended profile:"
|
||||
echo " $best_path"
|
||||
echo " reason: $best_reason"
|
||||
echo
|
||||
echo "Use it like:"
|
||||
echo " ./build_tools/macos/build_mas_pkg.sh --run ... --provisionprofile \"$best_path\""
|
||||
|
||||
|
||||
Reference in New Issue
Block a user