Changes resigned bundleID format to fix Keychain issues

Some apps (such as Cercube) can only access the Keychain if the app’s resigned bundle identifier is prefixed with the original bundle identifier.
2026-02-20 04:03:26 +01:00 · 2020-01-14 18:57:32 -08:00
parent c2d1b3628e
commit 8ba41a9c5b
1 changed files with 55 additions and 29 deletions
--- a/AltStore/Operations/ResignAppOperation.swift
+++ b/AltStore/Operations/ResignAppOperation.swift
@@ -145,7 +145,7 @@ private extension ResignAppOperation
        dispatchGroup.enter()
-        self.prepareProvisioningProfile(for: app, team: team, session: session) { (result) in
+        self.prepareProvisioningProfile(for: app, parentApp: nil, team: team, session: session) { (result) in
            switch result
            {
            case .failure(let e): error = e
@@ -163,7 +163,7 @@ private extension ResignAppOperation
                dispatchGroup.enter()
-                self.prepareProvisioningProfile(for: appExtension, team: team, session: session) { (result) in
+                self.prepareProvisioningProfile(for: appExtension, parentApp: app, team: team, session: session) { (result) in
                    switch result
                    {
                    case .failure(let e): error = e
@@ -187,10 +187,36 @@ private extension ResignAppOperation
        }
    }
-    func prepareProvisioningProfile(for app: ALTApplication, team: ALTTeam, session: ALTAppleAPISession, completionHandler: @escaping (Result<ALTProvisioningProfile, Error>) -> Void)
+    func prepareProvisioningProfile(for app: ALTApplication, parentApp: ALTApplication?, team: ALTTeam, session: ALTAppleAPISession, completionHandler: @escaping (Result<ALTProvisioningProfile, Error>) -> Void)
    {
        DatabaseManager.shared.persistentContainer.performBackgroundTask { (context) in
            let preferredBundleID: String
            // Check if we have already installed this app with this team before.
            let predicate = NSPredicate(format: "%K == %@ AND %K == %@",
                                        #keyPath(InstalledApp.bundleIdentifier), app.bundleIdentifier,
                                        #keyPath(InstalledApp.team.identifier), team.identifier)
            if let installedApp = InstalledApp.first(satisfying: predicate, in: context)
            {
                // This app is already installed, so use the same resigned bundle identifier as before.
                // This way, if we change the identifier format (again), AltStore will continue to use
                // the old bundle identifier to prevent it from installing as a new app.
                preferredBundleID = installedApp.resignedBundleIdentifier
            }
            else
            {
                // This app isn't already installed, so create the resigned bundle identifier ourselves.
                // Or, if the app _is_ installed but with a different team, we need to create a new
                // bundle identifier anyway to prevent collisions with the previous team.
                let parentBundleID = parentApp?.bundleIdentifier ?? app.bundleIdentifier
                let updatedParentBundleID = parentBundleID + "." + team.identifier // Append just team identifier to make it harder to track.
                preferredBundleID = app.bundleIdentifier.replacingOccurrences(of: parentBundleID, with: updatedParentBundleID)
            }
            // Register
-        self.register(app, team: team, session: session) { (result) in
+            self.register(app, bundleIdentifier: preferredBundleID, team: team, session: session) { (result) in
                switch result
                {
                case .failure(let error): completionHandler(.failure(error))
@@ -221,24 +247,24 @@ private extension ResignAppOperation
                }
            }
        }
    }
-    func register(_ app: ALTApplication, team: ALTTeam, session: ALTAppleAPISession, completionHandler: @escaping (Result<ALTAppID, Error>) -> Void)
+    func register(_ app: ALTApplication, bundleIdentifier: String, team: ALTTeam, session: ALTAppleAPISession, completionHandler: @escaping (Result<ALTAppID, Error>) -> Void)
    {
        let appName = app.name
        let bundleID = "com.\(team.identifier).\(app.bundleIdentifier)"
        ALTAppleAPI.shared.fetchAppIDs(for: team, session: session) { (appIDs, error) in
            do
            {
                let appIDs = try Result(appIDs, error).get()
-                if let appID = appIDs.first(where: { $0.bundleIdentifier == bundleID })
+                if let appID = appIDs.first(where: { $0.bundleIdentifier == bundleIdentifier })
                {
                    completionHandler(.success(appID))
                }
                else
                {
-                    ALTAppleAPI.shared.addAppID(withName: appName, bundleIdentifier: bundleID, team: team, session: session) { (appID, error) in
+                    ALTAppleAPI.shared.addAppID(withName: appName, bundleIdentifier: bundleIdentifier, team: team, session: session) { (appID, error) in
                        completionHandler(Result(appID, error))
                    }
                }