Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to view code signing entitlements in the application binary #3

Closed
tonyxiao opened this issue Feb 19, 2014 · 9 comments
Closed

Add ability to view code signing entitlements in the application binary #3

tonyxiao opened this issue Feb 19, 2014 · 9 comments
Labels
Feature Request

Comments

@tonyxiao
Copy link

This will help debugging issues such as the following.

http://www.karlmonaghan.com/2012/08/09/invalid-ipa-the-keychain-access-group-in-the-embedded-mobileprovision-and-your-binary-dont-match/
@tonyxiao
Copy link
Author

Viewing application binary with a hex editor and search for text keyword like "keychain" will reveal the presence of such entitlements

@ealeksandrov
Copy link
Owner

Interesting, thanks, I'll check it out.

@ealeksandrov
Copy link
Owner

What entitlement info you would like to see? There is something already:
68747470733a2f2f7261772e6769746875622e636f6d2f65616c656b73616e64726f762f50726f766973696f6e514c2f6d61737465722f53637265656e73686f74732f342e706e67

@ealeksandrov
Copy link
Owner

Closing, as it already displays all bundled entitlements.

@tonyxiao
Copy link
Author

@ealeksandrov I'm talking about the entitlements that you would see from running codesign -d --entitlements - YourApp.app on your app, which can be different from embedded.entitlements if app was incorrectly signed.

@tonyxiao
Copy link
Author

My workflow currently involves unzipping the IPA and then run the above command to display entitlements info encoded into application binary, and then compare that with entitlement info in the provisioning profile (which is what provisionQL displays). It would be super nice if these things were right there alongside each other.

@ealeksandrov
Copy link
Owner

Thanks for mentioning it!

@ealeksandrov ealeksandrov reopened this Feb 20, 2015
@mgrebenets
Copy link

mgrebenets commented Aug 10, 2016
edited
Loading

+1 for this one.
The entitlements that plugin displays right now come from embedded.mobileprovision, but the actual entitlements are usually different. We use similar command: codesign -d --entitlements - path/to/App.app.

For us it's super important, because provisioning profile will always have keychain-access-groups @entry like this:

    <key>keychain-access-groups</key>
    <array>
        <string>FPBCDAABCD.*</string>
    </array>

But the actual entitlements are like this:

        <key>keychain-access-groups</key>
    <array>
        <string>FPBCDAABCD.au.com.company.app</string>
        <string>FPBCDAABCD.au.com.company.shared</string>
    </array>

So it would be very useful if we could look at those with the plugin instead of running shell commands each time.

@thdankert
Copy link

See PR #16

ealeksandrov added a commit that referenced this issue Jan 8, 2018
@ealeksandrov
Merge pull request #16 from thdankert/master
bc2d8b7 
Fix Issue #3: Read code signing entitlements from the application binary
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mgrebenets @tonyxiao @thdankert @ealeksandrov