github: build fakesigned IPA

We use ldid to fakesign the IPA before uploading it for release. This means jailbroken users can install the IPA directly and other users can re-sign the IPA. Resolves #36
utmapp · Feb 24, 2020 · abfc5d4 · abfc5d4
1 parent 21a6e65
commit abfc5d4
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 30 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -63,25 +63,28 @@ jobs:
           path: build-utm
   package:
     name: Package
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
     needs: build
     if: github.event_name == 'release'
     steps:
+      - name: Checkout
+        uses: actions/checkout@v1
       - name: Download Artifact
         uses: actions/download-artifact@v1
         with:
           name: UTM-arm64
-      - name: Package IPA
+      - name: Install ldid
+        run: |
+          brew install ldid
+      - name: Fakesign IPA
         run: |
-          mkdir Payload
-          mv UTM-arm64/UTM.xcarchive/Products/Applications/UTM.app Payload/UTM.app
-          zip -r UTM.zip Payload
+          ./scripts/resign.sh UTM-arm64/UTM.xcarchive .
       - name: Upload Release Asset
         uses: actions/[email protected]
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ github.event.release.upload_url }}
-          asset_path: UTM.zip
+          asset_path: UTM.ipa
           asset_name: UTM.ipa
           asset_content_type: application/octet-stream
diff --git a/scripts/resign.sh b/scripts/resign.sh
@@ -1,41 +1,69 @@
 #!/bin/sh
 
-if [ $# -ne 4 ]; then
-    echo "usage: $0 UTM.xcarchive PROFILE_NAME TEAM_ID outputPath"
-    exit 1
+set -e
+if [ $# -ne 2 ] && [ $# -ne 4 ]; then
+	echo "usage: $0 UTM.xcarchive outputPath [PROFILE_NAME TEAM_ID]"
+	exit 1
 fi
 
 INPUT=$1
-PROFILE_NAME=$2
-TEAM_ID=$3
-OUTPUT=$4
+OUTPUT=$2
+PROFILE_NAME=$3
+TEAM_ID=$4
 OPTIONS="/tmp/options.plist"
+FAKEENT="/tmp/fakeent.plist"
 
 cat >"$OPTIONS" <<EOL
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-  <key>compileBitcode</key>
-  <false/>
-  <key>method</key>
-  <string>development</string>
-  <key>provisioningProfiles</key>
-  <dict>
-    <key>com.osy86.UTM</key>
-    <string>${PROFILE_NAME}</string>
-  </dict>
-  <key>signingStyle</key>
-  <string>manual</string>
-  <key>stripSwiftSymbols</key>
-  <true/>
-  <key>teamID</key>
-  <string>${TEAM_ID}</string>
-  <key>thinning</key>
-  <string>&lt;none&gt;</string>
+	<key>compileBitcode</key>
+	<false/>
+	<key>method</key>
+	<string>development</string>
+	<key>provisioningProfiles</key>
+	<dict>
+		<key>com.osy86.UTM</key>
+		<string>${PROFILE_NAME}</string>
+	</dict>
+	<key>signingStyle</key>
+	<string>manual</string>
+	<key>stripSwiftSymbols</key>
+	<true/>
+	<key>teamID</key>
+	<string>${TEAM_ID}</string>
+	<key>thinning</key>
+	<string>&lt;none&gt;</string>
 </dict>
 </plist>
 EOL
 
-xcodebuild -exportArchive -exportOptionsPlist "$OPTIONS" -archivePath "$INPUT" -exportPath "$OUTPUT"
+cat >"$FAKEENT" <<EOL
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>get-task-allow</key>
+	<true/>
+	<key>dynamic-codesigning</key>
+	<true/>
+</dict>
+</plist>
+EOL
+
+if [ $# -eq 2 ]; then
+	mkdir -p "$OUTPUT"
+	rm -rf "$OUTPUT/Payload" "$OUTPUT/UTM.ipa"
+	cp -r "$INPUT/Products/Applications" "$OUTPUT/Payload"
+	find "$OUTPUT/Payload" -type f -path '*/Frameworks/*.dylib' -exec ldid -S \{\} \;
+	ldid -S${FAKEENT} "$OUTPUT/Payload/UTM.app/UTM"
+	cd "$OUTPUT"
+	zip -r "UTM.ipa" "Payload" -x "._*" -x ".DS_Store" -x "__MACOSX"
+	rm -r "$OUTPUT/Payload"
+else
+	xcodebuild -exportArchive -exportOptionsPlist "$OPTIONS" -archivePath "$INPUT" -exportPath "$OUTPUT"
+fi
+
 rm "$OPTIONS"
+rm "$FAKEENT"