在Xcode中强制进行代码签名刷新 [英] Forcing code signing refresh in Xcode

问题描述

在我们的环境中，我们在多个项目和平台之间共享资源。在为iPhone构建时，只需要这些资源的一部分。由于该子集仍然很大，我们有一个清单文件列出了进入的内容，这限制了副本。我们有自己的Python脚本来执行复制，只刷新已更改的文件。

In our environment, we share resources across multiple projects and platforms. When building for iPhone, only a subset of those resources are needed. Since that subset is still considerable, we have a manifest file listing what goes in, which limits the copy. We have our own Python script which does the copy, refreshing only the files which have changed.

我在Xcode中创建了一个Run Script Phase来调用该脚本，但是我我有一些与代码签名阶段相关的问题。

I have made a Run Script Phase in Xcode to call that script, but I am having a few issues related to the Code Signing phase.

由于我们使用单独的清单文件，我的运行脚本阶段无法在Xcode GUI中指定任何输入/输出文件：它取决于当时目录中包含的内容。这样做的副作用是Xcode并不严格知道会复制哪些文件（事情发生在封面下，可以这么说）。

Since we use a separate manifest file, my Run Script Phase cannot specify any input/output file in the Xcode GUI: it varies depending on what is contained in directories at the time. The side effect of this is that Xcode doesn't strictly know what files will get copied (things happen "under the cover", so to speak).

问题我如果我只修改构建之间的资源文件，重建我的应用程序将正确调用我的脚本，这将复制相应的文件，只有Xcode不会重新运行代码签名步骤，并且不会将我的应用程序重新复制到我的设备。

The problem I have is that if I only modify resource files between builds, rebuilding my app will properly call my script, which copies the appropriate files, only Xcode won't rerun the Code Signing step, and won't re-copy my app to my device.

我发现这很奇怪，考虑到我的资源文件确实列在< app_bundle> / _ CodeSignature / CodeResources 文件，但看起来Xcode决定了独立于此的重建要求（可能只是项目文件中列出的文件），这是可以理解的。

I found that odd, considering that my resource files are indeed listed in the <app_bundle>/_CodeSignature/CodeResources file, but it looks like Xcode determines rebuilds requirements independent of that (likely only files listed in the project file), which is understandable.

我试过玩弄技巧触摸我的应用程序包的目录，或应用程序的二进制文件本身，但它不是很有效。触摸应用程序的bundle目录似乎没有做任何事情，虽然触摸二进制文件将起作用，但不是当前构建，只有后续的（因为没有输入文件需要重新编译，Xcode推断没有生成新的二进制文件，但是下一个时间，它确实会检测到二进制文件已经被触摸，并且重做代码签名等等。

I tried playing tricks by touching my app bundle's directory, or the app's binary itself, but it doesn't quite work. Touching the app's bundle directory doesn't seem to do anything, while touching the binary will work, but NOT FOR THE CURRENT BUILD, only the subsequent one (since no input file requires recompilation, Xcode infers no new binary gets generated, but the next time, it will indeed detect that the binary has been touched, and redo both Code Signing and on).

但是，这是一个非常不完美的解决方法，因为：

Still, this is quite an imperfect workaround, because:

• 必须构建两次容易出错


• 我的dSYM文件将不必要地重新生成

有没有人知道在Xcode中强制执行代码签名步骤的任何方法（从运行脚本或其他地方）？

Does anyone know of any way to force the Code Signing step in Xcode (from a Run Script, or elsewhere)?

推荐答案

您可以直接从命令行或shell脚本调用codesign，例如

You can call codesign directly from the command line or a shell script, e.g.

codesign -f -s "iPhone Distribution" --entitlements Entitlements.xcent -vv location/MyApp.app/MyApp

运行人工码ign 查找用法。

您可以通过查看Xcode中的详细构建输出来发现所有内部命令。选择Build选项卡，然后单击该窗口窗格左下角的小图标 - 看起来像文本的图标（它位于警告图标旁边）。这将在Xcode的新窗格中显示完整的构建输出。

You can discover all the internal commands run by viewing the detailed build output in Xcode. Select the Build tab, then click the little icon at the bottom left of that window pane - the one that looks like text (it is next to the warning icon). This will show the full build output in a new pane in Xcode.

我创建了一个直接调用codesign的shell脚本，因此我可以使用新证书重新签名现有的二进制文件和配置文件（例如在更新二进制文件中的某些图形之后）。

I created a shell script calling codesign directly so I could re-sign an existing binary using a new certificate and provisioning profile (e.g. after updating some graphics in the binary).

事实证明这很复杂，因为Xcode在内部构建过程中做了一些微妙的事情（一个例子：Xcode将配置文件嵌入到生成的应用程序二进制文件中，但在此过程中会更改其某些值，例如get-task-allow设置。这意味着我必须编写一个工具来从配置文件生成适当的.xcent文件，具体取决于是否正在进行开发/分发/ App Store构建。希望这些都不会影响你...

This turned out to be really complicated as Xcode does some subtle stuff as part of its internal build processes (one example: Xcode embeds the provisioning profile in the resulting app binary, but in the process changes some of its values, e.g. the get-task-allow setting). That meant I had to write a tool to generate an appropriate .xcent file from the provisioning profile, depending on whether a Development/Distribution/App Store build is being done. Hopefully none of that will affect you...

这篇关于在Xcode中强制进行代码签名刷新的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！