如何以编程方式检测到配置文件是用于开发还是分发 [英] How to detect that a provisioning profile is for development or distribution, programmatically
问题描述
我想检测给定的配置文件是开发配置文件还是分发(临时或应用商店)配置文件.我需要纯粹以编程方式执行此操作.
I would like to detect if a given provisioning profile is a development profile or a distribution (adhoc or app store) profile. I need to do this purely programmatically.
我已经了解了如何检测即席vs应用商店.并且对开发与发行特别感兴趣.
I already understand how to detect adhoc vs appstore. And am specifically interested in dev vs. distribution.
我已经检查了每种类型的配置文件内部的支柱,但找不到可区别的差异(通过security cms -D -i #{@profilePath}).我还研究了openssl api,并将其用于某些证书操作.
I've examined the plists internal to each type of profile and cannot find a discernable difference (via security cms -D -i #{@profilePath}). I've also looked into the openssl api and am using this for some certificate manipulation.
这是用于自定义xcode自动构建系统的.作为构建前验证的一部分,我需要确保指定的配置文件不用于开发.
This is for a custom xcode automated build system. As part of pre-build validation I need to ensure that the specified profile is not for development.
这甚至有可能吗?如果是这样,我如何以编程方式区分两者?
Is this even possible? If so, how can I programmatically differentiate between the two?
提前感谢任何想法!
推荐答案
出于相同的目的,我在自己的一个构建系统中解决了这个问题……让我们回到过去的第一天. "iPhone开发人员计划".如果您当时在社区中,您可能还记得该工具链...是否应该说比今天更不友好...
This was something I tackled in one of my own build systems for much the same purpose...let's take a trip back in time to Day 1 of the then 'iPhone Developer Program'. If you were around the community at that time, you may remember that the toolchain was...shall we say less friendly...than it is today.
当您要为AppStore或AdHoc进行构建时,必须制作这个奇怪的entitlements.plist文件,然后将一小段XML粘贴到该文件的主体中.然后,您运行构建,这时看起来很神奇的事情发生了,并且该文件的绝对存在使构建工作得以完成,允许您手动构建IPA,并照常进行.现在我们比SDK的早期版本还老了几年,并且希望比以前更明智,我们已经认识到神奇的XML blob实际上并没有那么神奇-获取任务允许" key是用于指示二进制文件是否应允许其他进程(例如调试器)附加到二进制文件的设置.使用Development Provisioning Profile签署应用程序时,此密钥将设置为"true"(从而允许LLDB附加到您的应用程序并与您的应用程序交互)...并且自然地,使用Distribution Provisioning Profile签署应用程序时,将设置此密钥为假".
When you wanted to build for the AppStore or for AdHoc builds you had to make this curious entitlements.plist file, then paste a blob of XML into the body of that file. You then ran the build and at that time what appeared to be magic occurred and the sheer presence of that file made the build work, allowed you to manually construct your IPA, and carry on with business as usual. Now that we are a few years older and hopefully a bit wiser than in those early days of the SDK, we have come to recognize that the magic XML blob wasn't actually so magical at all -- the 'get-task-allow' key is a setting to indicate if the binary should allow other processes (like perhaps a debugger) to attach to the binary. When signing apps using a Development Provisioning Profile, this key will be set to 'true' (and thus allow LLDB to attach and interact with your app)...and naturally when signing apps using a Distribution Provisioning Profile, this key will be set to 'false'.
Apple已在技术说明TN2250 关于从供应配置文件"中读取XML(以及扩展权利)的信息:
Apple has provided some updates in Tech Note TN2250 about reading the XML (and by extension the entitlements) out of Provisioning Profiles:
安全cms -D -i/path/to/the.app/embedded.mobileprovision
security cms -D -i /path/to/the.app/embedded.mobileprovision
这将返回预配置文件中的XML-从那里您可以解析出"get-task-allow"的键值对,并使用该值确定预配置文件是开发"还是分发".
This will return the XML in the Provisioning profile -- from there you can parse out the key value pair for 'get-task-allow' and use that value to determine if the Provisioning Profile is Development or Distribution.
我完全同意,拥有一个可以直接告诉我们的工具会很不错,这样我们就不必探究配置文件的线索了,但同时,至少我们拥有一个高度可靠的工具,尽管回旋的方式,在开始运行并建立我们无法使用的构建之前进行区分.
I absolutely agree that it would be nice to have a tool that would tell us that directly so we don't have to sniff through the profile for clues, but at the same time, at least we have a highly reliable, albeit roundabout way to make that distinction before running off and making a build we can't use.
祝您好运,如果您需要进一步说明或有其他问题,请告诉我.
Good luck and let me know if you need any more clarification or have other questions.
这篇关于如何以编程方式检测到配置文件是用于开发还是分发的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
