diff options
| author | Emīls <emils@mullvad.net> | 2026-03-09 13:37:06 +0100 |
|---|---|---|
| committer | Emīls <emils@mullvad.net> | 2026-03-09 13:37:06 +0100 |
| commit | 85eea3c0bdb15c2eab5955727a8deb138e7c332e (patch) | |
| tree | a081cbbcffd29bf0632e210b55e155d60f3126e9 | |
| parent | 9510dc0f8be9bc2efe592cba79ec8b4305ea5c11 (diff) | |
| download | mullvadvpn-improve-resign-script.tar.xz mullvadvpn-improve-resign-script.zip | |
Try new resign scriptimprove-resign-script
| -rwxr-xr-x | ios/resign-archive.sh | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/ios/resign-archive.sh b/ios/resign-archive.sh index d6cd546cbc..3c94ecb9ae 100755 --- a/ios/resign-archive.sh +++ b/ios/resign-archive.sh @@ -72,13 +72,58 @@ install_mobile_provisioning() { install_mobile_provisioning ########################################### -# Sign and export IPA +# Resolve entitlements ########################################### +# The .entitlements files use build setting variables that need to be resolved. +SECURITY_GROUP_IDENTIFIER="group.net.mullvad.MullvadVPN" + +resolve_entitlements() { + local src="$1" + local dst="$2" + sed "s/\$(SECURITY_GROUP_IDENTIFIER)/$SECURITY_GROUP_IDENTIFIER/g" "$src" > "$dst" +} + +APP_ENTITLEMENTS=$(mktemp) +PACKET_TUNNEL_ENTITLEMENTS=$(mktemp) +trap 'rm -f "$APP_ENTITLEMENTS" "$PACKET_TUNNEL_ENTITLEMENTS"' EXIT + +resolve_entitlements "$SCRIPT_DIR/MullvadVPN/Supporting Files/MullvadVPN.entitlements" "$APP_ENTITLEMENTS" +resolve_entitlements "$SCRIPT_DIR/PacketTunnel/PacketTunnel.entitlements" "$PACKET_TUNNEL_ENTITLEMENTS" + +########################################### +# Sign archive binaries with entitlements +########################################### + +APP_PATH="$XCODE_ARCHIVE_DIR/Products/Applications/MullvadVPN.app" +SIGNING_IDENTITY="Apple Distribution: Mullvad VPN AB" + echo "" echo "Signing archive: $XCODE_ARCHIVE_DIR" echo "" +# Sign frameworks first (no entitlements needed) +for framework in "$APP_PATH"/Frameworks/*.framework; do + echo "Signing framework: $(basename "$framework")" + codesign --force --sign "$SIGNING_IDENTITY" "$framework" +done + +# Sign the packet tunnel extension with its entitlements +echo "Signing PacketTunnel.appex" +codesign --force --sign "$SIGNING_IDENTITY" \ + --entitlements "$PACKET_TUNNEL_ENTITLEMENTS" \ + "$APP_PATH/PlugIns/PacketTunnel.appex" + +# Sign the main app with its entitlements +echo "Signing MullvadVPN.app" +codesign --force --sign "$SIGNING_IDENTITY" \ + --entitlements "$APP_ENTITLEMENTS" \ + "$APP_PATH" + +########################################### +# Export IPA +########################################### + xcodebuild \ -exportArchive \ -archivePath "$XCODE_ARCHIVE_DIR" \ |