[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[sigh][resign] Fixing replacement of bundle IDs in Patched Entitlements when doing sigh resign with similar old and new bundle ids #22058

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[sigh][resign] Fixing replacement of bundle IDs in Patched Entitlements when doing sigh resign with similar old and new bundle ids #22058

wants to merge 3 commits into from
+4 −7

Conversation

cergfix
Copy link
@cergfix cergfix commented May 31, 2024
edited
Loading

Checklist

  • [ x ] I've run bundle exec rspec from the root directory to see all new and existing tests pass
  • [ x ] I've followed the fastlane code style and run bundle exec rubocop -a to ensure the code style is valid
  • [ x ] I see several green ci/circleci builds in the "All checks have passed" section of my PR (connect CircleCI to GitHub if not)
  • [ x ] I've read the Contribution Guidelines
  • [ x ] I've updated the documentation if necessary.
  • I've added or updated relevant unit tests.

Motivation and Context

Fixing replacement of bundle IDs in Patched Entitlements when doing sigh resign when old bundle name is a substring of the new bundle name. The current logic allows for various edge cases that can result in broken resigned builds.

Resolves #6331.

Description

The following improvements has been made:

  • Escaping all dots . in OLD_BUNDLE_ID and NEW_BUNDLE_ID resulting in \. to avoid targeting any characters in regexes.
  • Improving sed replacement logic by extending the regex to match full lines.

Testing Steps

Testing old approach vs fixed:

#!/bin/bash

OLD_BUNDLE_ID=example.foo
NEW_BUNDLE_ID=com.test.example.foo
PATCHED_ENTITLEMENTS=test.txt

# old
echo "----- old -----"
echo "<string>AB1GP98Q19.com.test.example.foo</string>" > "${PATCHED_ENTITLEMENTS}"
/usr/bin/sed -i .bak "s!${OLD_BUNDLE_ID}</string>!${NEW_BUNDLE_ID}</string>!g" "$PATCHED_ENTITLEMENTS"
cat "${PATCHED_ENTITLEMENTS}"

# patched
echo "----- patched -----"
echo "<string>AB1GP98Q19.com.test.example.foo</string>" > "${PATCHED_ENTITLEMENTS}"
/usr/bin/sed -i .bak "s!\(<string>[A-Z0-9]\{10\}\)\.${OLD_BUNDLE_ID}</string>!\1.${NEW_BUNDLE_ID}</string>!g" "$PATCHED_ENTITLEMENTS"
cat "${PATCHED_ENTITLEMENTS}"

# results
# ----- old -----
# <string>AB1GP98Q19.com.test.com.test.example.foo</string>
# ----- patched -----
# <string>AB1GP98Q19.com.test.example.foo</string>

The result is that the resign is successful, but if you inspect the new build entitlements, the application-identifier (and possibly other fields) are with repeating parts, e.g. com.t.com.t.my.app. Trying to actually install such build results in an error Unable to Install "Build name". This app cannot be installed because its integrity could not be verified..

@cergfix cergfix marked this pull request as ready for review May 31, 2024 10:05
@cergfix cergfix changed the title Optimizing replacement of bundle IDs in Patched Entitlements when doing sigh resign Fixing replacement of bundle IDs in Patched Entitlements when doing sigh resign with similar old and new bundle ids Jun 18, 2024
@cergfix cergfix changed the title Fixing replacement of bundle IDs in Patched Entitlements when doing sigh resign with similar old and new bundle ids [sigh][resign] Fixing replacement of bundle IDs in Patched Entitlements when doing sigh resign with similar old and new bundle ids Jun 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
tool: sigh
Projects
None yet
Milestone
No milestone
1 participant
@cergfix