Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/SignTools/SignTools-Builder

Sign iOS apps on demand using your own Mac. Part of: https://github.com/SignTools/SignTools
https://github.com/SignTools/SignTools-Builder

app ios ipad iphone macos sideload sign

Last synced: about 2 months ago
JSON representation

Sign iOS apps on demand using your own Mac. Part of: https://github.com/SignTools/SignTools

Awesome Lists containing this project

README 

        
# SignTools Builder



This project is a free and simple builder server for [SignTools](https://github.com/SignTools/SignTools). It is the self-hosted alternative of [SignTools-CI](https://github.com/SignTools/SignTools-CI) - instead of using a Continuous Integration (CI) provider, you turn one of your own Macs into a builder used to pull, sign, and upload any iOS apps to your `SignTools` service.



You only need to configure one builder. If you already configured a CI provider as your builder, you don't need to do anything here. This project is aimed at people who want to have a self-hosted builder.



## Important



### Security



This server requires the use of an authentication key so that only the web service can control your builder. However, there is no built-in support for HTTPS or any other form of encryption. Therefore:



> :warning: **Anybody with access to the builder's network can potentially manipulate the builder to execute any code that they want on your machine.**



To prevent this, only deploy this server in a trusted environment, or even better, wrap the server in HTTPS yourself using a reverse proxy like nginx.



### Side effects on your Mac



While this server is not expected to interfere with the normal operation of your system, it does perform a substantial amount of work to get your apps signed, including making changes to the keychain.



> :warning: **It is highly recommended that you dedicate this Mac exclusively as a builder. Using it for other purposes, especially at the same time as a sign job is running, could lead to undefined issues.**



## Setup



All the steps should be performed on your builder Mac.



1. Install the following dependencies:

   - [fastlane](https://github.com/fastlane/fastlane)

   - curl

   - node

   - python3

2. Download the correct [binary release](https://github.com/SignTools/SignTools-Builder/releases)

3. Make the binary executable by running: `chmod +x SignTools-Builder`. Replace the name with the file that you just downloaded

4. Download the archive of `SignTools-CI` and extract it in the same folder as the binary from the previous step. These will be your **signing files**. The whole step can be accomplished with the following commands:

   ```bash

   curl -sL https://github.com/SignTools/SignTools-CI/archive/master.zip -o master.zip

   unzip master.zip

   rm master.zip

   ```



> :warning: **Remember to update the signing files from above every time that you update the signing service. Otherwise you may experience random issues.**



## Running



You need to make up an authentication key. It has to be at least 8 characters long. Note it down - you will need to put it in your `SignTools` service's configuration file later on.



To start the server, use the auth key and signing files from before and pass them as arguments:



```bash

./SignTools-Builder -key "SOME_SECRET_KEY" -files "SignTools-CI-master"

```



The first time you run the server, you will have to [allow](https://www.macworld.co.uk/how-to/mac-app-unidentified-developer-3669596/) the unrecognized binary to run on your machine. After that it will run with no interruptions.



For reference, these all of the arguments that will be used:



```bash

  -files string

    	Path to directory whose files will be included in each sign job. Should at least contain a signer script 'sign.py'

  -host string

    	Listen host, empty for all

  -key string

    	Auth key the web service must use to talk to this server

  -port uint

    	Listen port (default 8090)

  -timeout uint

    	Job timeout in minutes (default 15)

```



You can always print them by running with `-help`.