applesign - npm Package Compare versions

Comparing version 1.9.4 to 1.9.9

bin/applesign.js

@@ -14,3 +14,4 @@ #!/usr/bin/env node
     'E', 'entry-entitlement',
-    'f', 'without-fairplay',
+    'f', 'force-family',
+    'z', 'ignore-zip-errors',
     'p', 'parallel',
@@ -42,2 +43,3 @@ 'w', 'without-watchapp',
   cloneEntitlements: conf.c || conf['clone-entitlements'],
+  ignoreZipErrors: conf.z || conf['ignore-zip-errors'],
   replaceipa: conf.replace || conf.r,
@@ -112,2 +114,3 @@ lipoArch: conf.lipo || conf.l,
       --version                 Show applesign version
+  -z, --ignore-zip-errors       Ignore unzip/7z uncompressing errors
   [input-ipafile]               Path to the IPA file to resign
@@ -114,0 +117,0 @@

depsolver.js

@@ -122,3 +122,3 @@ 'use strict';
       for (let dep of deps) {
-        const depLayer = state[dep].layer;
+        const depLayer = state[dep]? state[dep].layer: 0;
         if (depLayer === -1 || depLayer === currentLayer) {
@@ -125,0 +125,0 @@ allDepsSolved = false;

index.js

@@ -26,2 +26,3 @@ 'use strict';
       ignoreCodesignErrors: true,
+      ignoreZipErrors: opt.ignoreZipErrors || false,
       insertLibrary: opt.insertLibrary || undefined,
@@ -28,0 +29,0 @@ entitlement: opt.entitlement || undefined,

package.json

@@ -13,21 +13,21 @@ {
   "devDependencies": {
-    "semistandard": "9.1.0"
+    "semistandard": "11.0.0"
   },
   "dependencies": {
-    "simple-plist": "0.2.1",
-    "rimraf": "2.5.4",
-    "fs-walk": "trufae/fs-walk.git#patch-1",
-    "fs-extra": "1.0.0",
+    "colors": "1.1.2",
+    "fatmacho": "0.1.1",
+    "fs-extra": "4.0.0",
+    "fs-walk": "github:trufae/fs-walk#patch-1",
     "is-array": "1.0.1",
+    "macho": "1.2.1",
+    "macho-entitlements": "0.2.2",
+    "macho-is-encrypted": "0.1.2",
     "minimist": "1.2.0",
-    "plist": "2.0.1",
+    "mocha": "3.4.2",
+    "plist": "2.1.0",
+    "rimraf": "2.6.1",
+    "simple-plist": "0.2.1",
     "uniq": "1.0.1",
-    "colors": "1.1.2",
-    "mocha": "3.1.2",
-    "macho": "1.2.1",
-    "fatmacho": "0.1.1",
-    "macho-is-encrypted": "0.1.2",
-    "macho-entitlements": "0.2.2",
-    "which": "1.2.12",
-    "uuid": "2.0.3"
+    "uuid": "3.1.0",
+    "which": "1.2.14"
   },
@@ -68,3 +68,3 @@ "description": "API to resign IPA files",
   "name": "applesign",
-  "version": "1.9.4"
+  "version": "1.9.9"
 }

README.md

@@ -59,11 +59,11 @@ node-applesign
 
-	$ bin/ipa-resign -I
+	$ bin/applesign -I
 
 Resign an IPA with a specific identity:
 
-	$ bin/ipa-resign -i 1C4D1A442A623A91E6656F74D170A711CB1D257A foo.ipa
+	$ bin/applesign -i 1C4D1A442A623A91E6656F74D170A711CB1D257A foo.ipa
 
 Change bundleid:
 
-	$ bin/ipa-resign -b org.nowsecure.testapp path/to/ipa
+	$ bin/applesign -b org.nowsecure.testapp path/to/ipa
 
@@ -70,0 +70,0 @@ Signing methods

session.js

@@ -200,30 +200,40 @@ 'use strict';
     this.config.appbin = path.join(this.config.appdir, binname);
-    if (fs.lstatSync(this.config.appbin).isFile()) {
-      if (isEncryptedSync.path(this.config.appbin)) {
-        if (!this.config.unfairPlay) {
-          return next(new Error('This IPA is encrypted'));
-        }
-        this.emit('message', 'Main IPA executable is encrypted');
-      } else {
-        this.emit('message', 'Main IPA executable is not encrypted');
+    try {
+      if (!fs.lstatSync(this.config.appbin).isFile()) {
+        throw new Error('This was suposed to be a file');
       }
-      if (this.config.insertLibrary !== undefined) {
-        insertLibrary(this.config, (err) => {
-          if (err) {
-            return this.emit('error', err, next);
-          }
-        });
+    } catch (e) {
+      const folders = this.config.appdir.split(path.sep);
+      const binName = folders[folders.length - 1].replace('.app', '');
+      this.config.appbin = path.join(this.config.appdir, binName);
+      if (!fs.lstatSync(this.config.appbin).isFile()) {
+        throw new Error('This was suposed to be a file');
       }
-      this.removeWatchApp(() => {
-        const infoPlist = path.join(this.config.appdir, 'Info.plist');
-        this.fixPlist(infoPlist, this.config.bundleid, (err) => {
-          if (err) return this.events.emit('error', err, next);
-          this.checkProvision(this.config.appdir, this.config.mobileprovision, (err) => {
+    }
+    if (isEncryptedSync.path(this.config.appbin)) {
+      if (!this.config.unfairPlay) {
+        return next(new Error('This IPA is encrypted'));
+      }
+      this.emit('message', 'Main IPA executable is encrypted');
+    } else {
+      this.emit('message', 'Main IPA executable is not encrypted');
+    }
+    if (this.config.insertLibrary !== undefined) {
+      insertLibrary(this.config, (err) => {
+        if (err) {
+          return this.emit('error', err, next);
+        }
+      });
+    }
+    this.removeWatchApp(() => {
+      const infoPlist = path.join(this.config.appdir, 'Info.plist');
+      this.fixPlist(infoPlist, this.config.bundleid, (err) => {
+        if (err) return this.events.emit('error', err, next);
+        this.checkProvision(this.config.appdir, this.config.mobileprovision, (err) => {
+          if (err) return this.emit('error', err, next);
+          this.fixEntitlements(this.config.appbin, (err) => {
             if (err) return this.emit('error', err, next);
-            this.fixEntitlements(this.config.appbin, (err) => {
+            this.signLibraries(this.config.appbin, this.config.appdir, (err) => {
               if (err) return this.emit('error', err, next);
-              this.signLibraries(this.config.appbin, this.config.appdir, (err) => {
-                if (err) return this.emit('error', err, next);
-                next(null, next);
-              });
+              next(null, next);
             });
@@ -233,5 +243,3 @@ });
       });
-    } else {
-      next(new Error('Invalid path'));
-    }
+    });
   }
@@ -250,8 +258,10 @@
       let tests = [];
-      try {
-        tests = fs.readdirSync(plugdir).filter((x) => {
-          return x.indexOf('.xctest') !== -1;
-        });
-      } catch (err) {
-        console.error(err);
+      if (fs.existsSync(plugdir)) {
+        try {
+          tests = fs.readdirSync(plugdir).filter((x) => {
+            return x.indexOf('.xctest') !== -1;
+          });
+        } catch (err) {
+          console.error(err);
+        }
       }
@@ -565,2 +575,4 @@ if (keepTests) {
     const exe = path.sep + getExecutable(this.config.appdir);
+    const folders = this.config.appbin.split(path.sep);
+    const exe2 = path.sep + folders[folders.length - 1];
 
@@ -574,3 +586,3 @@ let found = false;
       }
-      if (file.endsWith(exe)) {
+      if (file.endsWith(exe) || file.endsWith(exe2)) {
         this.emit('message', 'Executable found at ' + file);
@@ -753,3 +765,3 @@ libraries.push(file);
       tools.unzip(file, outdir, (error, stdout) => {
-        if (error) {
+        if (error && !this.config.ignoreZipErrors) {
           this.cleanup(() => { cb(error); });
@@ -756,0 +768,0 @@ } else {

tools.js

@@ -132,8 +132,7 @@ 'use strict';
   if (use7zip) {
-    const args = [ 'x', '-o' + odir, ifile ];
-    execProgram(cmd.sevenZip, args, null, cb);
-  } else {
-    const args = [ '-o', ifile, '-d', odir ];
-    execProgram(cmd.unzip, args, null, cb);
+    const args = [ 'x', '-y', '-o' + odir, ifile ];
+    return execProgram(cmd.sevenZip, args, null, cb);
   }
+  const args = [ '-o', ifile, '-d', odir ];
+  execProgram(cmd.unzip, args, null, cb);
 }
@@ -140,0 +139,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

57748

increased by1.31%

Lines of code

1499

increased by1.01%

Number of medium supply chain risk alerts

2

decreased by-33.33%

Dependency changes

• + Addedbase64-js@1.2.0(transitive)

• + Addeddebug@2.6.0(transitive)

• + Addeddiff@3.2.0(transitive)

• + Addedfs-extra@4.0.0(transitive)

• + Addedglob@7.1.1(transitive)

• + Addedisexe@2.0.0(transitive)

• + Addedjsonfile@3.0.1(transitive)

• + Addedmocha@3.4.2(transitive)

• + Addedms@0.7.2(transitive)

• + Addedplist@2.1.0(transitive)

• + Addedrimraf@2.6.1(transitive)

• + Addeduniversalify@0.1.2(transitive)

• + Addeduuid@3.1.0(transitive)

• + Addedwhich@1.2.14(transitive)

• - Removeddebug@2.2.0(transitive)

• - Removeddiff@1.4.0(transitive)

• - Removedfs-extra@1.0.0(transitive)

• - Removedglob@7.0.5(transitive)

• - Removedisexe@1.1.2(transitive)

• - Removedjsonfile@2.4.0(transitive)

• - Removedklaw@1.3.1(transitive)

• - Removedmocha@3.1.2(transitive)

• - Removedms@0.7.1(transitive)

• - Removedrimraf@2.5.4(transitive)

• - Removeduuid@2.0.3(transitive)

• - Removedwhich@1.2.12(transitive)

• Updatedfs-extra@4.0.0

• Updatedfs-walk@github:trufae/fs-walk#patch-1

• Updatedmocha@3.4.2

• Updatedplist@2.1.0

• Updatedrimraf@2.6.1

• Updateduuid@3.1.0

• Updatedwhich@1.2.14