Improved floatsign

floatsign.sh

@@ -62,7 +62,7 @@ fi
 }
 
 if [ $# -lt 3 ]; then
-    echo "usage: $0 source identity -p provisioning [-e entitlements] [-r adjustBetaReports] [-d displayName] [-n version] -b bundleId outputIpa" >&2
+    echo "usage: $0 source identity -p provisioning [-e entitlements] [-r adjustBetaReports] [-d displayName] [-n version] [-v version] -b bundleId outputIpa" >&2
     echo "       -b is optional, but heavly recommended" >&2
     echo "       -r flag requires a value '-r yes'"
     echo "       -r flag is ignored if -e is also used" >&2
@@ -79,15 +79,19 @@ APP_IDENTIFER_PREFIX=""
 TEAM_IDENTIFIER=""
 KEYCHAIN=""
 VERSION_NUMBER=""
+BUNDLE_VERSION_NUMBER=""
 ADJUST_BETA_REPORTS_ACTIVE_FLAG="0"
 TEMP_DIR="_floatsignTemp"
 IS_ENTERPRISE_PROFILE="false"
 IS_ADHOC_PROFILE="false"
 ADHOC_PROVISIONED_DEVICES=""
 
+CERTIFICATE_HASH=$(security find-certificate -c "$CERTIFICATE" -Z | awk '{print $3; exit}')
+echo "Specified certificate hash: "$CERTIFICATE_HASH
+
 # options start index
 OPTIND=3
-while getopts p:d:e:k:b:r:n: opt; do
+while getopts p:d:e:k:b:r:n:v: opt; do
 	case $opt in
 		p)
 			NEW_PROVISION="$OPTARG"
@@ -113,6 +117,10 @@ while getopts p:d:e:k:b:r:n: opt; do
 			VERSION_NUMBER="$OPTARG"
 			echo "Specified version to use: '$VERSION_NUMBER'" >&2
 			;;
+		v)
+			BUNDLE_VERSION_NUMBER="$OPTARG"
+			echo "Specified bundle version to use: '$BUNDLE_VERSION_NUMBER'" >&2
+			;;
 		r)
 			ADJUST_BETA_REPORTS_ACTIVE_FLAG="1"
 			echo "Enabled adjustment of beta-reports-active entitlements" >&2
@@ -227,17 +235,19 @@ then
 		if [ "$IS_ENTERPRISE_PROFILE" == "true" ]; then
 			echo "Enterprise 'In House' provisioning profile detected"
 		fi
-		
+
         ADHOC_PROVISIONED_DEVICES=`PlistBuddy -c "Print :ProvisionedDevices" "$TEMP_DIR/profile.plist" 2> /dev/null | tr -d '\n'`
 		if [ -n "$ADHOC_PROVISIONED_DEVICES" ]; then
 			IS_ADHOC_PROFILE="true"
 			echo "'Ad Hoc' provisioning profile detected"
 		fi
 
 		APP_IDENTIFER_PREFIX=$(PlistBuddy -c "Print :Entitlements:application-identifier" "$TEMP_DIR/profile.plist" | grep -E '^[a-zA-Z0-9\.]*' -o | tr -d '\n')
+		APP_IDENTIFER_PREFIX=$(PlistBuddy -c "Print :ApplicationIdentifierPrefix:0" "$TEMP_DIR/profile.plist")
 		if [ "$APP_IDENTIFER_PREFIX" == "" ];
 		then
 			APP_IDENTIFER_PREFIX=$(PlistBuddy -c "Print :ApplicationIdentifierPrefix:0" "$TEMP_DIR/profile.plist")
+			echo $APP_IDENTIFER_PREFIX
 			if [ "$APP_IDENTIFER_PREFIX" == "" ];
 			then
 				echo "Failed to extract any app identifier prefix from '$NEW_PROVISION'" >&2
@@ -263,6 +273,9 @@ then
 			echo "Profile team identifier is '$TEAM_IDENTIFIER'" >&2
 		fi
 
+		APP_KEYCHAIN_ACCESS_GROUP=$(PlistBuddy -c "Print :Entitlements:keychain-access-groups:0" "$TEMP_DIR/profile.plist")
+		APPS_ENVIRONMENT=$(PlistBuddy -c "Print :Entitlements:aps-environment" "$TEMP_DIR/profile.plist" 2> /dev/null)
+
 		cp "$NEW_PROVISION" "$TEMP_DIR/Payload/$APP_NAME/embedded.mobileprovision"
 	else
 		echo "Provisioning profile '$NEW_PROVISION' file does not exist" >&2
@@ -281,7 +294,6 @@ then
 	PlistBuddy -c "Set :CFBundleIdentifier $BUNDLE_IDENTIFIER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist"
 	checkStatus
 fi
-
 # Update the version number properties in the Info.plist if a version number has been provided
 if [ "$VERSION_NUMBER" != "" ];
 then
@@ -290,7 +302,18 @@ then
 	then
 		echo "Updating the version from '$CURRENT_VERSION_NUMBER' to '$VERSION_NUMBER'" >&2
 		PlistBuddy -c "Set :CFBundleVersion $VERSION_NUMBER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist"
-		PlistBuddy -c "Set :CFBundleShortVersionString $VERSION_NUMBER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist"
+		#PlistBuddy -c "Set :CFBundleShortVersionString $VERSION_NUMBER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist"
+	fi
+fi
+
+# Update the version number properties in the Info.plist if a version number has been provided
+if [ "$BUNDLE_VERSION_NUMBER" != "" ];
+then
+	CURRENT_BUNDLE_VERSION_NUMBER=$(PlistBuddy -c "Print :CFBundleShortVersionString" "$TEMP_DIR/Payload/$APP_NAME/Info.plist")
+	if [ "$BUNDLE_VERSION_NUMBER" != "$CURRENT_BUNDLE_VERSION_NUMBER" ];
+	then
+		echo "Updating the version from '$CURRENT_BUNDLE_VERSION_NUMBER' to '$BUNDLE_VERSION_NUMBER'" >&2
+		PlistBuddy -c "Set :CFBundleShortVersionString $BUNDLE_VERSION_NUMBER" "$TEMP_DIR/Payload/$APP_NAME/Info.plist"
 	fi
 fi
 
@@ -303,18 +326,18 @@ then
     echo "ERROR: embedded plugin detected, re-signing iOS 8 (or higher) applications wihout a team identifier in the certificate/profile does not work" >&2
     exit 1;
   fi
-  
+
   echo "Resigning embedded plugins using certificate: '$CERTIFICATE'" >&2
   for plugin in "$PLUGINS_DIR"/*
   do
     if [[ "$plugin" == *.appex ]]
     then
       for app in "$plugin"/*.app
       do
-        /usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$ENTITLEMENTS" "$app"
+        /usr/bin/codesign -f -s "$CERTIFICATE_HASH" --entitlements="$ENTITLEMENTS" "$app"
         checkStatus
       done
-      /usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$ENTITLEMENTS" "$plugin"
+      /usr/bin/codesign -f -s "$CERTIFICATE_HASH" --entitlements="$ENTITLEMENTS" "$plugin"
       checkStatus
     else
       echo "Ignoring non-plugin: $plugin" >&2
@@ -337,7 +360,7 @@ then
 	do
 		if [[ "$framework" == *.framework || "$framework" == *.dylib ]]
 		then
-			/usr/bin/codesign -f -s "$CERTIFICATE" "$framework"
+			/usr/bin/codesign -f -s "$CERTIFICATE_HASH" "$framework"
 			checkStatus
 		else
 			echo "Ignoring non-framework: $framework" >&2
@@ -381,7 +404,7 @@ then
 
 	echo "Resigning application using certificate: '$CERTIFICATE'" >&2
 	echo "and entitlements: $ENTITLEMENTS" >&2
-	/usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$ENTITLEMENTS" "$TEMP_DIR/Payload/$APP_NAME"
+	/usr/bin/codesign -f -s "$CERTIFICATE_HASH" --entitlements="$ENTITLEMENTS" "$TEMP_DIR/Payload/$APP_NAME"
 	checkStatus
 else
 	echo "Extracting existing entitlements for updating" >&2
@@ -400,7 +423,13 @@ else
 				fi
 				PlistBuddy -c "Set :application-identifier ${APP_IDENTIFER_PREFIX}.${BUNDLE_IDENTIFIER}" "$TEMP_DIR/newEntitlements"
 				checkStatus
-				PlistBuddy -c "Set :keychain-access-groups:0 ${APP_IDENTIFER_PREFIX}.${BUNDLE_IDENTIFIER}" "$TEMP_DIR/newEntitlements"
+
+				if [ "$APP_KEYCHAIN_ACCESS_GROUP" == "" ]; then
+					PlistBuddy -c "Set :keychain-access-groups:0 ${APP_IDENTIFER_PREFIX}.${BUNDLE_IDENTIFIER}" "$TEMP_DIR/newEntitlements"
+				else
+					PlistBuddy -c "Set :keychain-access-groups:0 ${APP_KEYCHAIN_ACCESS_GROUP}" "$TEMP_DIR/newEntitlements"
+				fi
+
 #				checkStatus  -- if this fails it's likely because the keychain-access-groups key does not exist, so we have nothing to update
 				if [[ "$CERTIFICATE" == *Distribution* ]]; then
 					echo "Assuming Distribution Identity"
@@ -437,6 +466,13 @@ else
 					echo "Setting get-task-allow entitlement to YES"
 					PlistBuddy -c "Set :get-task-allow YES" "$TEMP_DIR/newEntitlements"
 				fi
+
+				if [ "$APPS_ENVIRONMENT" != "" ]; then
+					PlistBuddy -c "Set :aps-environment ${APPS_ENVIRONMENT}" "$TEMP_DIR/newEntitlements"
+				else
+					PlistBuddy -c "Delete :aps-environment" "$TEMP_DIR/newEntitlements" 2> /dev/null
+				fi
+
 				checkStatus
 				plutil -lint "$TEMP_DIR/newEntitlements" > /dev/null
 				checkStatus
@@ -446,7 +482,7 @@ else
 				then
 					echo "and team identifier: '$TEAM_IDENTIFIER'" >&2
 				fi
-				/usr/bin/codesign -f -s "$CERTIFICATE" --entitlements="$TEMP_DIR/newEntitlements" "$TEMP_DIR/Payload/$APP_NAME"
+				/usr/bin/codesign -f -s "$CERTIFICATE_HASH" --entitlements="$TEMP_DIR/newEntitlements" "$TEMP_DIR/Payload/$APP_NAME"
 				checkStatus
 			else
 				echo "Failed to create required intermediate file" >&2
@@ -456,14 +492,14 @@ else
 			echo "No entitlements found" >&2
 			echo "Resigning application using certificate: '$CERTIFICATE'" >&2
 			echo "without entitlements" >&2
-			/usr/bin/codesign -f -s "$CERTIFICATE" "$TEMP_DIR/Payload/$APP_NAME"
+			/usr/bin/codesign -f -s "$CERTIFICATE_HASH" "$TEMP_DIR/Payload/$APP_NAME"
 			checkStatus
 		fi
 	else
 		echo "Failed to extract entitlements" >&2
 		echo "Resigning application using certificate: '$CERTIFICATE'" >&2
 		echo "without entitlements" >&2
-		/usr/bin/codesign -f -s "$CERTIFICATE" "$TEMP_DIR/Payload/$APP_NAME"
+		/usr/bin/codesign -f -s "$CERTIFICATE_HASH" "$TEMP_DIR/Payload/$APP_NAME"
 		checkStatus
 	fi
 fi