证书是对电脑开发资格的认证,每个开发者帐号有一套,分为两种:
1)、Developer Certification(开发证书)
安装在电脑上提供权限:开发人员通过设备进行真机测试。
2)、Distribution Certification(发布证书)
安装在电脑上提供发布iOS程序的权限:开发人员可以制做Ad-hoc版和App Store版的程序。
2、Provisioning Profile(授权文件)
一个苹果特色的东西,该文件将appID,开发者证书,硬件Device绑定到一块儿。授权文件是对设备如iPod Touch、iPad、iPhone的授权,文件内记录的是设备的UDID和程序的App Id,即:使被授权的设备可以安装或调试Bundle identifier与授权文件中记录的App Id对应的程序。
开发者帐号在创建授权文件时候会选择App Id,(开发者帐号下App Id中添加,单选)和UDID(开发者帐号下Devices中添加最多100个,多选)。
授权文件分为两种,对应相应的证书使用:
1)、Developer Provisioning Profile(开发授权文件)
在装有开发证书或副本的电脑上使用,开发人员选择该授权文件通过电脑将程序安装到授权文件记录的设备中,即可进行真机测试。
注意:确保电脑有权限真机调试,即安装了开发证书或副本;在开发工具中程序的Bundle identifier和选中使用的授权文件的App Id要一致;连接调试的设备的UDID在选中的授权文件中有记录。
2)、Distribution Provisioning Profile(发布授权文件)
在装有发布证书的电脑上制做测试版和发布版的程序。
发布版就是发布到App Store上的程序文件,开发者帐号创建授权文件时选择store选项,选择App Id,无需选择UDID;
测试版就是在发布之前交给测试人员可同步到设备上的程序文件,开发者帐号创建授权文件时选择AdHoc,选择App Id和UDID;只有选中的UDID对应的设备才可能安装上通过该授权文件制做的程序。
3. Keychain(开发密钥)
安装证书成功的情况下证书下都会生成Keychain,可通过配置证书的电脑导出Keychain(就是.p12文件)安装到其他机子上,让其他机子得到证书对应的权限
.p12证书的必要性
一个bundle ID最多包含了3个发布证书,2个开发证书,如果有3台以上的设备最好的方式是共用.p12文件,或者revoke别人的证书。
team方式管理证书:
![]()
21_10556_9af05237761197a.png
fastlane证书管理:
Match
match is the implementation of the https://codesigning.guide concept. match creates all required certificates & provisioning profiles and stores them in a separate git repository. Every team member with access to the repo can use those credentials for code signing. match also automatically repairs broken and expired credentials. It's the easiest way to share signing credentials across teams
Match所提供的功能:
| match | |
|---|---|
| 🔄 | Automatically sync your iOS keys and profiles across all your team members using git |
| 📦 | Handle all the heavy lifting of creating and storing your certificates and profiles |
| 💻 | Setup codesigning on a new machine in under a minute |
| 🎯 | Designed to work with apps with multiple targets and bundle identifiers |
| 🔒 | You have full control over your files and Git repo, no third party service involved |
| ✨ | Provisioning profile will always match the correct certificate |
| 💥 | Easily reset your existing profiles and certificates if your current account has expired or invalid profiles |
| ♻️ | Automatically renew your provisioning profiles to include all your devices using the --force option |
| 👥 | Support for multiple Apple accounts and multiple teams |
| ✨ | Tightly integrated with fastlane to work seamlessly with gym and other build tools |
Match使用步骤:
1、创建一个私有管理证书的私有仓库,并且开始使用match:
fastlane match init
输入仓库地址:
URL of the Git Repo: http://192.168.1.33:9090/Certificates/VivaVideo.git
[15:13:13]: Successfully created './fastlane/Matchfile'. You can open the file using a code editor.
[15:13:13]: You can now run `fastlane match development`, `fastlane match adhoc`, `fastlane match enterprise` and `fastlane match appstore`
2、更新证书及描述文件:
1)、development
fastlane match development
2)、adhoc
fastlane match adhoc
3)、appstore
fastlane match appstore
4)、enterprise (企业账号)
fastlane match enterprise
使用方式:
match(type: "appstore")
match(git_url: "https://github.com/fastlane/certificates",
type: "development")
match(git_url: "https://github.com/fastlane/certificates",
type: "adhoc",
app_identifier: "tools.fastlane.app")
match(git_url: "https://github.com/fastlane/certificates",
type: "enterprise",
app_identifier: "tools.fastlane.app")
3、多个team证书管理,可通过不同branch来存储
match(git_branch: "team1", username: "user@team1.com")
match(git_branch: "team2", username: "user@team2.com")
4、查看match输出的更详细信息
fastlane match --verbose
all available options:
fastlane action match
5、多target执行(bundle identifiers,以逗号分离)
fastlane match appstore -a tools.fastlane.app,tools.fastlane.app.watchkitapp
like this:
lane :certificates do
match(app_identifier: ["com.krausefx.app1", "com.krausefx.app2", "com.krausefx.app3"], readonly: true)
end
Look:Then all your team has to do is fastlane certificates and keys, certs and profiles for all targets will be synced.
Sign:
注:Xcode描述文件管理路径:
~/Library/MobileDevice/Provisioning Profiles
提供功能:
创建 描述文件
更新 描述文件
下载 描述文件
修复 描述文件
支持App Store, Ad Hoc, Development, Enterprise profiles 以及支持自动添加设备等功能.
支持多苹果账号管理、在 Keychain存储 credentials
支持多 Teams管理
支持Enterprise Profiles
使用方式:
fastlane sigh
fastlane sigh -a com.krausefx.app -u username
生成Ad Hoc profile
fastlane sigh --adhoc
生成Development profile
fastlane sigh --development
在制定路径下生成profiles
fastlane sigh -o "~/Certificates/"
下载所有描述文件
fastlane sigh download_all
sign命令详情查看:
fastlane action sigh
| Key | Description |
|---|---|
| adhoc | Setting this flag will generate AdHoc profiles instead of App Store Profiles |
| development | Renew the development certificate instead of the production one |
| skip_install | By default, the certificate will be added to your local machine. Setting this flag will skip this action |
| force | Renew provisioning profiles regardless of its state - to automatically add all devices for ad hoc profiles |
| app_identifier | The bundle identifier of your app |
| username | Your Apple ID Username |
| team_id | The ID of your Developer Portal team if you're in multiple teams |
| team_name | The name of your Developer Portal team if you're in multiple teams |
| provisioning_name | The name of the profile that is used on the Apple Developer Portal |
| ignore_profiles_with_different_name | Use in combination with :provisioning_name - when true only profiles matching this exact name will be downloaded |
| output_path | Directory in which the profile should be stored |
| cert_id | The ID of the code signing certificate to use (e.g. 78ADL6LVAA) |
| cert_owner_name | The certificate name to use for new profiles, or to renew with. (e.g. "Felix Krause") |
| filename | Filename to use for the generated provisioning profile (must include .mobileprovision) |
| skip_fetch_profiles | Skips the verification of existing profiles which is useful if you have thousands of profiles |
| skip_certificate_verification | Skips the verification of the certificates for every existing profiles. This will make sure the provisioning profile can be used on the local machine |
| platform | Set the provisioning profile's platform (i.e. ios, tvos) |
| readonly | Only fetch existing profile, don't generate new ones |
| template_name | The name of provisioning profile template. If the developer account has provisioning profile templates, template name can be found by inspecting the Entitlements drop-down while creating/editing a provisioning profile |
自动签名认证:
enable automatic code signing
enable_automatic_code_signing
enable_automatic_code_signing(
path: "demo-project/demo/demo.xcodeproj"
)
disable automatic code signing
disable_automatic_code_signing
disable_automatic_code_signing(
path: "demo-project/demo/demo.xcodeproj"
)
also set team id
disable_automatic_code_signing(
path: "demo-project/demo/demo.xcodeproj",
team_id: "XXXX"
)
Only specific targets
disable_automatic_code_signing(
path: "demo-project/demo/demo.xcodeproj",
use_automatic_signing: false,
targets: ["demo"]
)
via generic action
automatic_code_signing(
path: "demo-project/demo/demo.xcodeproj",
use_automatic_signing: false
)
automatic_code_signing(
path: "demo-project/demo/demo.xcodeproj",
use_automatic_signing: true
)
Parameters
| Key | Description |
|---|---|
| path | Path to your Xcode project |
| use_automatic_signing | Defines if project should use automatic signing |
| team_id | Team ID, is used when upgrading project |
| targets | Specify targets you want to toggle the signing mech. (default to all targets) |
