/zsign-Windows

merged github action code from https://github.com/Dadoum/zsign-Windows

Primary LanguageC++BSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Maybe it is the most quickly codesign alternative for iOS12+, cross-platform Linux, macOS & Windows , more features. If this tool can help you, please don't forget to 🌟star🌟 Me.

Compile on macOS:

brew install openssl

and then (attention to replace your openssl version)

g++ *.cpp common/*.cpp -lcrypto -I/usr/local/Cellar/openssl@1.1/1.1.1k/include -L/usr/local/Cellar/openssl@1.1/1.1.1k/lib -O3 -o zsign

Compile on Linux:

Ubuntu:

sudo apt-get install git
git clone https://github.com/zhlynn/zsign.git; cd zsign && chmod +x INSTALL.sh &&
./INSTALL.sh

CentOS7:

yum install git 
git clone https://github.com/zhlynn/zsign.git; cd zsign && chmod +x INSTALL.sh &&
./INSTALL.sh

Compile on Windows/MingW:

Note: These instructions describe how to cross-compile for Windows from Linux. I haven't tested these steps compiling for Windows from Windows, but it should mostly work.

These instructions assume that mman-win32, zsign, and openssl are all sibling directories

  1. Install MingW
apt-get install mingw-w64
  1. Build mman-win32
git clone github.com/witwall/mman-win32
cd mman-win32
./configure --cross-prefix=x86_64-w64-mingw32-
make
  1. Build openssl
git clone github.com/openssl/openssl
cd openssl
git checkout OpenSSL_1_0_2s
./Configure --cross-compile-prefix=x86_64-w64-mingw32- mingw64
make

  1. Download dirent.h for windows
git clone https://github.com/tronkko/dirent
# or you can only download that file
mkdir -p dirent/include
curl -L -o dirent/include/dirent.h https://github.com/tronkko/dirent/raw/master/include/dirent.h
  1. Build zsign
x86_64-w64-mingw32-g++  \
*.cpp common/*.cpp -o zsign.exe  \
-I../dirent/include/ \
-lcrypto -I../mman-win32  \
-std=c++17  -I../openssl/include/  \
-DWINDOWS -L../openssl  \
-L../mman-win32  \
-lmman -lgdi32  \
-m64 -static -static-libgcc -lws2_32

PS(Important!!!): On users device, you should install powershell7 from Microsoft Store first! Otherwize zsign can't unzip/zip ipa file!

Optional Compile:

Compile it yourserlf:

  1. Install the required dependencies accodring to your Os.
  2. Clone zsign repositorie.

Recommended

mkdir build; cd build
cmake ..
make

or

Optional

g++ *.cpp common/*.cpp -std=gnu++11 -lcrypto -O3 -o zsign

Compile zsign xmake:

If you have xmake installed, you can use xmake to quickly compile and run it.

Build

xmake

Run

xmake run zsign [-options] [-k privkey.pem] [-m dev.prov] [-o output.ipa] file|folder

Install

xmake install

Get zsign binary

xmake install -o outputdir

binary: outputdir/bin/zsign

Compile using Docker:

  1. Build:
docker build -t zsign https://github.com/zhlynn/zsign.git
  1. Run:

Mount current directory (stored in $PWD) to container and set WORKDIR to it:

docker run -v "$PWD:$PWD" -w "$PWD" zsign -k privkey.pem -m dev.prov -o output.ipa -z 9 demo.ipa

If input files are outside current folder, you will need to mount different folder:

docker run -v "/source/input:/target/input" -w "/target/input" zsign -k privkey.pem -m dev.prov -o output.ipa -z 9 demo.ipa
  1. Extract the zsign executable

You can extract the static linked zsign executable from the container image and deploy it to other server:

docker run -v $PWD:/out --rm --entrypoint /bin/cp zsign zsign /out


Compile tutorial in Chinese.

zsign usage:

I have already tested on macOS and Linux, but you also need unzip and zip command installed.

Usage: zsign [-options] [-k privkey.pem] [-m dev.prov] [-o output.ipa] file|folder

options:
-k, --pkey           Path to private key or p12 file. (PEM or DER format)
-m, --prov           Path to mobile provisioning profile.
-c, --cert           Path to certificate file. (PEM or DER format)
-d, --debug          Generate debug output files. (.zsign_debug folder)
-f, --force          Force sign without cache when signing folder.
-o, --output         Path to output ipa file.
-p, --password       Password for private key or p12 file.
-b, --bundle_id      New bundle id to change.
-n, --bundle_name    New bundle name to change.
-r, --bundle_version New bundle version to change.
-e, --entitlements   New entitlements to change.
-z, --zip_level      Compressed level when output the ipa file. (0-9)
-l, --dylib          Path to inject dylib file.
-w, --weak           Inject dylib as LC_LOAD_WEAK_DYLIB.
-i, --install        Install ipa file using ideviceinstaller command for test.
-q, --quiet          Quiet operation.
-v, --version        Show version.
-h, --help           Show help.
  1. Show mach-o and codesignature segment info.
./zsign demo.app/execute
  1. Sign ipa with private key and mobileprovisioning file.
./zsign -k privkey.pem -m dev.prov -o output.ipa -z 9 demo.ipa
  1. Sign folder with p12 and mobileprovisioning file (using cache).
./zsign -k dev.p12 -p 123 -m dev.prov -o output.ipa demo.app
  1. Sign folder with p12 and mobileprovisioning file (without cache).
./zsign -f -k dev.p12 -p 123 -m dev.prov -o output.ipa demo.app
  1. Inject dylib into ipa and re-sign.
./zsign -k dev.p12 -p 123 -m dev.prov -o output.ipa -l demo.dylib demo.ipa
  1. Change bundle id and bundle name
./zsign -k dev.p12 -p 123 -m dev.prov -o output.ipa -b 'com.tree.new.bee' -n 'TreeNewBee' demo.ipa
  1. Inject dylib(LC_LOAD_DYLIB) into mach-o file.
./zsign -l "@executable_path/demo.dylib" demo.app/execute
  1. Inject dylib(LC_LOAD_WEAK_DYLIB) into mach-o file.
./zsign -w -l "@executable_path/demo.dylib" demo.app/execute

How to sign quickly?

You can unzip the ipa file at first, and then using zsign to sign folder with assets. At the first time of sign, zsign will perform the complete signing and cache the signed info into .zsign_cache dir at the current path. When you re-sign the folder with other assets next time, zsign will use the cache to accelerate the operation. Extremely fast! You can have a try!

License

zsign is licensed under the terms of BSD-3-Clause license. See the LICENSE file.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.