cmd/gogio: [iOS] identify certificates by their SHA-1 fingerprint

Unlike the common name, the fingerprint is almost certainly unique.
Xcode uses the fingerprint as well.

Signed-off-by: Elias Naur <mail@eliasnaur.com>
This commit is contained in:
Elias Naur
2021-02-01 12:59:09 +01:00
parent b698c8ed82
commit 5dd3ce9923
+5 -7
View File
@@ -4,7 +4,8 @@ package main
import ( import (
"archive/zip" "archive/zip"
"crypto/x509" "crypto/sha1"
"encoding/hex"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@@ -130,10 +131,6 @@ func signIOS(bi *buildInfo, tmpDir, app string) error {
} }
// Omit trailing newline. // Omit trailing newline.
certDER = certDER[:len(certDER)-1] certDER = certDER[:len(certDER)-1]
cert, err := x509.ParseCertificate(certDER)
if err != nil {
return fmt.Errorf("sign: failed to parse developer certificate from %q: %v", prov, err)
}
entitlements, err := runCmd(exec.Command("/usr/libexec/PlistBuddy", "-x", "-c", "Print:Entitlements", provInfo)) entitlements, err := runCmd(exec.Command("/usr/libexec/PlistBuddy", "-x", "-c", "Print:Entitlements", provInfo))
if err != nil { if err != nil {
return err return err
@@ -142,8 +139,9 @@ func signIOS(bi *buildInfo, tmpDir, app string) error {
if err := ioutil.WriteFile(entFile, []byte(entitlements), 0660); err != nil { if err := ioutil.WriteFile(entFile, []byte(entitlements), 0660); err != nil {
return err return err
} }
signIdentity := cert.Subject.CommonName identity := sha1.Sum(certDER)
_, err = runCmd(exec.Command("codesign", "-s", signIdentity, "--entitlements", entFile, app)) idHex := hex.EncodeToString(identity[:])
_, err = runCmd(exec.Command("codesign", "-s", idHex, "-v", "--entitlements", entFile, app))
return err return err
} }
return fmt.Errorf("sign: no valid provisioning profile found for bundle id %q among %v", bi.appID, avail) return fmt.Errorf("sign: no valid provisioning profile found for bundle id %q among %v", bi.appID, avail)