我想检测给定的配置文件是开发配置文件还是分发(临时或应用商店)配置文件.我需要完全以编程方式执行此操作.
I would like to detect if a given provisioning profile is a development profile or a distribution (adhoc or app store) profile. I need to do this purely programmatically.
我已经了解如何检测 adhoc 与 appstore.并且我对开发与分发特别感兴趣.
I already understand how to detect adhoc vs appstore. And am specifically interested in dev vs. distribution.
我检查了每种类型的配置文件内部的 plist,但找不到可辨别的差异(通过 security cms -D -i #{@profilePath}).我还研究了 openssl api,并将其用于一些证书操作.
I've examined the plists internal to each type of profile and cannot find a discernable difference (via security cms -D -i #{@profilePath}). I've also looked into the openssl api and am using this for some certificate manipulation.
这是一个自定义的 xcode 自动构建系统.作为预构建验证的一部分,我需要确保指定的配置文件不用于开发.
This is for a custom xcode automated build system. As part of pre-build validation I need to ensure that the specified profile is not for development.
这甚至可能吗?如果是这样,我如何以编程方式区分两者?
Is this even possible? If so, how can I programmatically differentiate between the two?
提前感谢您的任何想法!
Thanks in advance for any ideas!
推荐答案这是我在我自己的构建系统中解决的问题,目的大致相同...让我们回到当时的第 1 天iPhone 开发者计划".如果您当时在社区中,您可能还记得工具链……我们可以说不如今天友好吗……不如现在.
This was something I tackled in one of my own build systems for much the same purpose...let's take a trip back in time to Day 1 of the then 'iPhone Developer Program'. If you were around the community at that time, you may remember that the toolchain was...shall we say less friendly...than it is today.
当您想要为 AppStore 或 AdHoc 构建构建时,您必须制作这个奇怪的 entitlements.plist 文件,然后将 XML 的 blob 粘贴到该文件的正文中.然后你运行了构建,在那个时候发生了看起来很神奇的事情,并且该文件的存在使构建工作,允许你手动构建你的 IPA,并像往常一样继续业务.现在,我们比 SDK 的早期时代大了几岁,希望比 SDK 的早期更聪明一点,我们开始认识到神奇的 XML blob 实际上根本没有那么神奇——get-task-allow"key 是一个设置,用于指示二进制文件是否应允许其他进程(例如调试器)附加到二进制文件.使用开发配置文件签署应用程序时,此密钥将设置为true"(从而允许 LLDB 附加您的应用程序并与您的应用程序交互)……当然,使用分发配置文件签署应用程序时,将设置此密钥'假'.
When you wanted to build for the AppStore or for AdHoc builds you had to make this curious entitlements.plist file, then paste a blob of XML into the body of that file. You then ran the build and at that time what appeared to be magic occurred and the sheer presence of that file made the build work, allowed you to manually construct your IPA, and carry on with business as usual. Now that we are a few years older and hopefully a bit wiser than in those early days of the SDK, we have come to recognize that the magic XML blob wasn't actually so magical at all -- the 'get-task-allow' key is a setting to indicate if the binary should allow other processes (like perhaps a debugger) to attach to the binary. When signing apps using a Development Provisioning Profile, this key will be set to 'true' (and thus allow LLDB to attach and interact with your app)...and naturally when signing apps using a Distribution Provisioning Profile, this key will be set to 'false'.
Apple 在 技术说明 TN2250 关于从配置文件中读取 XML(以及扩展的权利):
Apple has provided some updates in Tech Note TN2250 about reading the XML (and by extension the entitlements) out of Provisioning Profiles:
security cms -D -i/path/to/the.app/embedded.mobileprovision
security cms -D -i /path/to/the.app/embedded.mobileprovision
这将返回供应配置文件中的 XML -- 从那里您可以解析出get-task-allow"的键值对,并使用该值来确定供应配置文件是开发还是分发.
This will return the XML in the Provisioning profile -- from there you can parse out the key value pair for 'get-task-allow' and use that value to determine if the Provisioning Profile is Development or Distribution.
我完全同意,如果有一个工具可以直接告诉我们,这样我们就不必通过嗅探来寻找线索,但同时,至少我们有一个高度可靠的工具,尽管在跑掉并进行我们无法使用的构建之前进行区分的迂回方式.
I absolutely agree that it would be nice to have a tool that would tell us that directly so we don't have to sniff through the profile for clues, but at the same time, at least we have a highly reliable, albeit roundabout way to make that distinction before running off and making a build we can't use.
祝您好运,如果您需要更多说明或有其他问题,请告诉我.
Good luck and let me know if you need any more clarification or have other questions.
更多推荐
如何以编程方式检测配置文件是用于开发还是分发
发布评论