This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

A tool and library to re-sign iOS applications, without proprietary Apple software.

For example, an iOS app in development would probably only run on the developer’s iPhone. isign can alter the app so that it can run on another developer’s iPhone.

Apple tools already exist to do this. But with isign, now you can do this on operating systems like Linux.

Installing

Linux

The latest version of isign can be installed via PyPi:

$ pip install isign

Mac OS X

On Mac OS X, there are a lot of prerequisites, so the pip method probably won’t work. The easiest method is to use git to clone the source code repository and run the install script:

$ git clone https://github.com/saucelabs/isign.git
$ cd isign
$ sudo ./INSTALL.sh

How to get started

All the libraries and tools that isign needs to run will work on both Linux and Mac OS X. However, you will need a Mac to export your Apple developer credentials.

If you’re like most iOS developers, credentials are confusing – if so check out the documentation on credentials on Github.

You should have a key and certificate in Keychain Access, and a provisioning profile associated with that certificate, that you can use to sign iOS apps for one or more of your own iOS devices.

In Keychain Access, open the Certificates. Find the certificate you use to sign apps. Right click on it and export the key as a .p12 file, let’s say Certificates.p12. If Keychain asks you for a password to protect this file, just leave it blank.

Next, let’s extract the key and certificate you need, into a standard PEM format.

$ isign_export_creds.sh ~/Certificates.p12

If you get prompted for a password, just press Return.

By default, isign_export_creds.sh will put these files into ~/.isign, which is the standard place to put isign configuration files.

Finally, you need a provisioning profile from the Apple Developer Portal that uses the same certificate. If you’ve never dealt with this, the provisioning profile is what tells the phone that you Apple has okayed you installing apps onto this particular phone.

If you develop with XCode, you might have a provisioning profile already. On the Mac where you develop with XCode, try running the isign_guess_mobileprovision.sh script. If you typically have only a few provisioning profiles and install on one phone, it might find it.

Anyway, once you have a .mobileprovision file, move it to ~/.isign/isign.mobileprovision.

The end result should look like this:

$ ls -l ~/.isign
-r--r--r--    1 alice  staff  2377 Sep  4 14:17 certificate.pem
-r--r--r--    1 alice  staff  9770 Nov 23 13:30 isign.mobileprovision
-r--------    1 alice  staff  1846 Sep  4 14:17 key.pem

And now you’re ready to start re-signing apps!

How to use isign

If you’ve installed all the files in the proper locations above, then isign can be now invoked on any iOS .app directory, or .ipa archive, or .app.zip zipped directory. For example:

$ isign -o resigned.ipa my.ipa
archived Ipa to /home/alice/resigned.ipa

You can also call it from Python:

from isign import isign

isign.resign("my.ipa", output_path="resigned.ipa")

isign command line arguments

Synopsis:

isign [-h] [-a <path to applecerts.pem>]
           [-c <path to your cert in .pem form>]
           [-k <path to your key in .pem form>]
           [-p <your.mobileprovision>]
           [-o <output path>]
           <path to app to resign>

-a <path>, –apple-cert <path>

Path to Apple certificate in PEM format. This is already included in the library, so you will likely never need it. In the event that the certificates need to be changed, See the Apple Certificate documentation.

-c <path>, –certificate <path>

Path to your certificate in PEM format. Defaults to $HOME/.isign/certificate.pem.

-h, –help

Show a help message and exit.

-k <path>, –key <path>

Path to your private key in PEM format. Defaults to $HOME/.isign/key.pwm.

-o <path>, –output <path>

Path to write the re-signed application. Defaults to out in your current working directory.

-p <path>, –provisioning-profile <path>

Path to your provisioning profile. This should be associated with your certificate. Defaults to $HOME/.isign/isign.mobileprovision.

Contributing

Development happens on our Github repository. File an issue, or fork the code!

You’ll probably want to create some kind of python virtualenv, so you don’t have to touch your system python or its libraries. virtualenvwrapper is a good tool for this.

Then, just do the following:

$ git clone https://github.com/saucelabs/isign.git
$ cd isign
$ dev/setup.sh
$ ./run_tests.sh

If the tests don’t pass please file an issue. Please keep the tests up to date as you develop.

Note: some tests require Apple’s codesign to run, so they are skipped unless you run them on a Macintosh computer with developer tools.

Okay, if all the tests passed, you now have an ‘editable’ install of isign. Any edits to this repo will affect (for instance) how the isign command line tool works.

Sauce Labs supports ongoing public isign development. isign is a part of our infrastructure for the iOS Real Device Cloud, which allows customers to test apps and websites on real iOS devices. isign has been successfully re-signing submitted customer apps in production since June 2015.

This project not have an official code of conduct, yet, but one is forthcoming. Please contribute to discussion here.

More documentation

See the docs directory of this repository for random stuff that didn’t fit here.

Authors

Neil Kandalgaonkar is the main developer and maintainer.

Proof of concept by Steven Hazel and Neil Kandalgaonkar.

Reference scripts using Apple tools by Michael Han.

Release History

Release History

0.9.3

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9.2

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
ak-isign-0.9.3.tar.gz (31.3 kB) Copy SHA256 Checksum SHA256 Source Jun 7, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting