iOS開(kāi)發(fā)證書指南

蘋果官方文檔

證書是對(duì)電腦開(kāi)發(fā)資格的認(rèn)證,每個(gè)開(kāi)發(fā)者帳號(hào)有一套,分為兩種:

1)、Developer Certification(開(kāi)發(fā)證書)

安裝在電腦上提供權(quán)限:開(kāi)發(fā)人員通過(guò)設(shè)備進(jìn)行真機(jī)測(cè)試。

2)、Distribution Certification(發(fā)布證書)

安裝在電腦上提供發(fā)布iOS程序的權(quán)限:開(kāi)發(fā)人員可以制做Ad-hoc版和App Store版的程序。

2、Provisioning Profile(授權(quán)文件)

一個(gè)蘋果特色的東西,該文件將appID,開(kāi)發(fā)者證書,硬件Device綁定到一塊兒。授權(quán)文件是對(duì)設(shè)備如iPod Touch、iPad、iPhone的授權(quán),文件內(nèi)記錄的是設(shè)備的UDID和程序的App Id,即:使被授權(quán)的設(shè)備可以安裝或調(diào)試Bundle identifier與授權(quán)文件中記錄的App Id對(duì)應(yīng)的程序。
開(kāi)發(fā)者帳號(hào)在創(chuàng)建授權(quán)文件時(shí)候會(huì)選擇App Id,(開(kāi)發(fā)者帳號(hào)下App Id中添加,單選)和UDID(開(kāi)發(fā)者帳號(hào)下Devices中添加最多100個(gè),多選)。
授權(quán)文件分為兩種,對(duì)應(yīng)相應(yīng)的證書使用:

1)、Developer Provisioning Profile(開(kāi)發(fā)授權(quán)文件)

在裝有開(kāi)發(fā)證書或副本的電腦上使用,開(kāi)發(fā)人員選擇該授權(quán)文件通過(guò)電腦將程序安裝到授權(quán)文件記錄的設(shè)備中,即可進(jìn)行真機(jī)測(cè)試。
注意:確保電腦有權(quán)限真機(jī)調(diào)試,即安裝了開(kāi)發(fā)證書或副本;在開(kāi)發(fā)工具中程序的Bundle identifier和選中使用的授權(quán)文件的App Id要一致;連接調(diào)試的設(shè)備的UDID在選中的授權(quán)文件中有記錄。

2)、Distribution Provisioning Profile(發(fā)布授權(quán)文件)
在裝有發(fā)布證書的電腦上制做測(cè)試版和發(fā)布版的程序。
發(fā)布版就是發(fā)布到App Store上的程序文件,開(kāi)發(fā)者帳號(hào)創(chuàng)建授權(quán)文件時(shí)選擇store選項(xiàng),選擇App Id,無(wú)需選擇UDID;
測(cè)試版就是在發(fā)布之前交給測(cè)試人員可同步到設(shè)備上的程序文件,開(kāi)發(fā)者帳號(hào)創(chuàng)建授權(quán)文件時(shí)選擇AdHoc,選擇App Id和UDID;只有選中的UDID對(duì)應(yīng)的設(shè)備才可能安裝上通過(guò)該授權(quán)文件制做的程序。

3. Keychain(開(kāi)發(fā)密鑰)

安裝證書成功的情況下證書下都會(huì)生成Keychain,可通過(guò)配置證書的電腦導(dǎo)出Keychain(就是.p12文件)安裝到其他機(jī)子上,讓其他機(jī)子得到證書對(duì)應(yīng)的權(quán)限

.p12證書的必要性

一個(gè)bundle ID最多包含了3個(gè)發(fā)布證書,2個(gè)開(kāi)發(fā)證書,如果有3臺(tái)以上的設(shè)備最好的方式是共用.p12文件,或者revoke別人的證書。

team方式管理證書:
21_10556_9af05237761197a.png

fastlane證書管理:
Match

match is the implementation of the https://codesigning.guide concept. match creates all required certificates & provisioning profiles and stores them in a separate git repository. Every team member with access to the repo can use those credentials for code signing. match also automatically repairs broken and expired credentials. It's the easiest way to share signing credentials across teams

Match所提供的功能:

match
?? Automatically sync your iOS keys and profiles across all your team members using git
?? Handle all the heavy lifting of creating and storing your certificates and profiles
?? Setup codesigning on a new machine in under a minute
?? Designed to work with apps with multiple targets and bundle identifiers
?? You have full control over your files and Git repo, no third party service involved
? Provisioning profile will always match the correct certificate
?? Easily reset your existing profiles and certificates if your current account has expired or invalid profiles
?? Automatically renew your provisioning profiles to include all your devices using the --force option
?? Support for multiple Apple accounts and multiple teams
? Tightly integrated with fastlane to work seamlessly with gym and other build tools

Match使用步驟:

官方文檔

1、創(chuàng)建一個(gè)私有管理證書的私有倉(cāng)庫(kù),并且開(kāi)始使用match:
fastlane match init
輸入倉(cāng)庫(kù)地址:
URL of the Git Repo: http://192.168.1.33:9090/Certificates/VivaVideo.git

[15:13:13]: Successfully created './fastlane/Matchfile'. You can open the file using a code editor.
[15:13:13]: You can now run `fastlane match development`, `fastlane match adhoc`, `fastlane match enterprise` and `fastlane match appstore`

2、更新證書及描述文件:
1)、development
fastlane match development
2)、adhoc
fastlane match adhoc
3)、appstore
fastlane match appstore
4)、enterprise (企業(yè)賬號(hào))
fastlane match enterprise
使用方式:

match(type: "appstore")

match(git_url: "https://github.com/fastlane/certificates",
      type: "development")

match(git_url: "https://github.com/fastlane/certificates",
      type: "adhoc",
      app_identifier: "tools.fastlane.app")

match(git_url: "https://github.com/fastlane/certificates",
      type: "enterprise",
      app_identifier: "tools.fastlane.app")

3、多個(gè)team證書管理,可通過(guò)不同branch來(lái)存儲(chǔ)

match(git_branch: "team1", username: "user@team1.com")
match(git_branch: "team2", username: "user@team2.com")

4、查看match輸出的更詳細(xì)信息
fastlane match --verbose
all available options:
fastlane action match

5、多target執(zhí)行(bundle identifiers,以逗號(hào)分離)
fastlane match appstore -a tools.fastlane.app,tools.fastlane.app.watchkitapp
like this:

lane :certificates do
  match(app_identifier: ["com.krausefx.app1", "com.krausefx.app2", "com.krausefx.app3"], readonly: true)
end

Look:Then all your team has to do is fastlane certificates and keys, certs and profiles for all targets will be synced.

match源碼分析

Sign:

注:Xcode描述文件管理路徑:
~/Library/MobileDevice/Provisioning Profiles

提供功能:

創(chuàng)建 描述文件
更新 描述文件
下載 描述文件
修復(fù) 描述文件

支持App Store, Ad Hoc, Development, Enterprise profiles 以及支持自動(dòng)添加設(shè)備等功能.
支持多蘋果賬號(hào)管理、在 Keychain存儲(chǔ) credentials
支持多 Teams管理
支持Enterprise Profiles

使用方式:
fastlane sigh
fastlane sigh -a com.krausefx.app -u username

生成Ad Hoc profile
fastlane sigh --adhoc

生成Development profile
fastlane sigh --development

在制定路徑下生成profiles
fastlane sigh -o "~/Certificates/"

下載所有描述文件
fastlane sigh download_all

sign命令詳情查看:
fastlane action sigh

Key Description
adhoc Setting this flag will generate AdHoc profiles instead of App Store Profiles
development Renew the development certificate instead of the production one
skip_install By default, the certificate will be added to your local machine. Setting this flag will skip this action
force Renew provisioning profiles regardless of its state - to automatically add all devices for ad hoc profiles
app_identifier The bundle identifier of your app
username Your Apple ID Username
team_id The ID of your Developer Portal team if you're in multiple teams
team_name The name of your Developer Portal team if you're in multiple teams
provisioning_name The name of the profile that is used on the Apple Developer Portal
ignore_profiles_with_different_name Use in combination with :provisioning_name - when true only profiles matching this exact name will be downloaded
output_path Directory in which the profile should be stored
cert_id The ID of the code signing certificate to use (e.g. 78ADL6LVAA)
cert_owner_name The certificate name to use for new profiles, or to renew with. (e.g. "Felix Krause")
filename Filename to use for the generated provisioning profile (must include .mobileprovision)
skip_fetch_profiles Skips the verification of existing profiles which is useful if you have thousands of profiles
skip_certificate_verification Skips the verification of the certificates for every existing profiles. This will make sure the provisioning profile can be used on the local machine
platform Set the provisioning profile's platform (i.e. ios, tvos)
readonly Only fetch existing profile, don't generate new ones
template_name The name of provisioning profile template. If the developer account has provisioning profile templates, template name can be found by inspecting the Entitlements drop-down while creating/editing a provisioning profile

源碼分析

自動(dòng)簽名認(rèn)證:

enable automatic code signing

enable_automatic_code_signing

enable_automatic_code_signing(
  path: "demo-project/demo/demo.xcodeproj"
)

disable automatic code signing

disable_automatic_code_signing

disable_automatic_code_signing(
  path: "demo-project/demo/demo.xcodeproj"
)

also set team id

disable_automatic_code_signing(
  path: "demo-project/demo/demo.xcodeproj",
  team_id: "XXXX"
)

Only specific targets

  disable_automatic_code_signing(
    path: "demo-project/demo/demo.xcodeproj",
    use_automatic_signing: false,
    targets: ["demo"]
  )

via generic action

automatic_code_signing(
  path: "demo-project/demo/demo.xcodeproj",
  use_automatic_signing: false
)

automatic_code_signing(
  path: "demo-project/demo/demo.xcodeproj",
  use_automatic_signing: true
)

Parameters

Key Description
path Path to your Xcode project
use_automatic_signing Defines if project should use automatic signing
team_id Team ID, is used when upgrading project
targets Specify targets you want to toggle the signing mech. (default to all targets)
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容