Skip to content

johntmcintosh/xcunsign

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits

bin

bin

 
 

lib

lib

 
 

resources

resources

 
 

.gitignore

.gitignore

 
 

10.12

10.12

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

xcrestore

xcrestore

 
 

xcunsign

xcunsign

 
 

Repository files navigation

xcunsign/xcrestore

About

xcunsign and xcrestore are two scripts that allow for easy swapping between signed and unsigned copies of Xcode.

Why?

Xcode 8 disables the ability to run 3rd party plugins (such as [Alcatraz]), in favor of providing an official extensions API (WWDC: Using and Extending the Xcode Source Editor). This is a great thing for security and preventing the next XcodeGhost 👻, and it sounds like the Xcode engineers want to provide the extension points that the community is asking for. However, only the source editor extension is available right now, which means that some of our favorite plugins are disabled until official support becomes available.

Security

In light of the security benefits of using a signed Xcode, I would recommend swapping back to the signed version before any deployment builds are generated. These scripts can be integrated with fastlane to ensure that all deployment builds are generated from the signed Xcode, while you continue to use the unsigned version for access to plugins during development.

Fastlane has an action called verify_xcode which can be run as part of your Fastfile to ensure that the Xcode being used for the build is properly signed.

Installation

To install the scripts, clone or download the repo, and then you can choose one of the following:

  1. Call the scripts directly

  2. Add the repo directory to your PATH

  3. Symlink the scripts into a directory in your path

    ln -s <repo_directory>/xcunsign /usr/local/bin/xcunsign
ln -s <repo_directory>/xcrestore /usr/local/bin/xcrestore

Usage

To unsign, call the script, passing in the version of Xcode that you want to unsign. The script will find the copy of Xcode in the /Applications directory with that version, run unsign on it, and keep a copy of the original signed binary that can be used to restore later. It also modifies Xcode's icon to indicate whether the app is currently signed or not.

xcunsign 8.0

To restore the signed binary, Xcode will be restored to the original binary that was present before the unsigned copy was created.

xcrestore 8.0

Benefits of xcunsign

The reason I created this as an alternative to other approaches I have seen is that this allows me to swap quickly between signed and unsigned installations without needing to maintain two full copies of Xcode.app. The only thing that gets swapped out when the scripts are run is the Xcode binary within the Xcode.app container.

Roadmap

  • If there is only one version of Xcode installed, it shouldn't be necessary to pass in the version.
  • Implement a fastlane plugin to xcrestore before the build

Credits

Special thanks to steakknife's unsign and mklement0's fileicon.

License

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

34 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages