Differences

This shows you the differences between two versions of the page.

--- og:ipabuild:start [2019/01/13 09:34]
czokie
+++ og:ipabuild:start [2019/01/15 01:41] (current)
czokie [Main setup]
@@ Line 2: / Line 2: @@
 This document will explain how to systematically scriptable build IOS apps. For the document, I will start with a virtual server running Centos 7.x - with a "minimal" server template. (Almost nothing is installed).
-This is a two step install. The first stage sets some basic security parameters (like disabling selinux enforcing)... which is required in later stages... and creates a build user - so we don't install all of this crap as root. After this stage the server is rebooted.
+This is a two step install. The first stage sets some basic security parameters (like disabling selinux enforcing)... which is required in later stages... and creates a build user - so we don't install all of this crap as root. After this stage the server is rebooted, if selinux was running. (The reboot is skipped if selinux is not running).
-The second stage does the main build under our newly created user.
+The second stage does the main build under our newly created user, using sudo where required.
-===== Server Build =====
+This base server requirement is Centos 7 minimal operating system. The details are enclosed below - but essentially, just run the first few commands here on a clean install and it will be ready to go.
-This server build assumes Centos 7 minimal operating system. The details are enclosed below - but essentially, just run the first few commands here on a clean ISO install and it will be ready to go.
-==== Setup Process - Stage 1 ====
+===== Setup Process - Stage 1 =====
 Login as root to your newly created Centos 7 minimal server build, and execute the following command. This will pull the stage 1 script listed below and execute it.
@@ Line 15: / Line 14: @@
   bash <(curl -s https://dji.retroroms.info/_export/code/og/ipabuild/start?codeblock=0)
-==== Setup Process - Stage 2 ====
+===== Setup Process - Stage 2 =====
-The server will reboot - When it comes back, login as the user build and execute the next command
+If SeLinux is installed, the server will reboot. Login as the build user when it comes back and continue with this command. If selinux is not installed, the first script will automatically SU to this user.
   bash <(curl -s https://dji.retroroms.info/_export/code/og/ipabuild/start?codeblock=1)
-==== Setup Scripts ====
+===== Setup Scripts =====
+==== Bootstrap ====
 <code bash ipabuildsetup1.sh>
 #!/bin/bash
@@ Line 31: / Line 30: @@
 adduser ${USER}
 echo ${USER}:redherring | chpasswd
-yum -y install sudo
+yum -y install epel-release
+yum -y install sudo banner
 echo "${USER} ALL = NOPASSWD: ALL" > /etc/sudoers.d/build
 if [ -e /etc/sysconfig/selinux ]; then
-  sed -ie "s/enforcing$/permissive/g" /etc/sysconfig/selinux
+  sed -i "s/enforcing$/permissive/g" /etc/sysconfig/selinux
-  echo "Rebooting - Run the next step as username: ${USER}"
+  echo "Run the next step as username: ${USER}"
+  banner "Rebooting"
   reboot
 else
-  echo "Ready to run the next part of setup"
+  banner "Continue as ${USER}"
+  #su -c "bash <(curl -s https://dji.retroroms.info/_export/code/og/ipabuild/start?codeblock=1)" -s /bin/bash ${USER}
   su - ${USER}
 fi
 </code>
+==== Main setup ====
 <code bash ipabuildsetup2.sh>
@@ Line 52: / Line 56: @@
 # Get some basic RPM's aboard
 #
+banner "yum update"
 sudo yum -y update
-sudo yum -y install epel-release
+banner "yum install required packages"
 sudo yum -y install python-pip git ruby gem ruby-devel libimobiledevice libimobiledevice-utils gcc-c++ \
              make patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel openssl-devel \
              bzip2 autoconf automake libtool bison iconv-devel sqlite-devel which zip unzip openssl file
-#
+sudo pip freeze > /tmp/freeze0
-# Upgrade PIP
-#
+banner "Upgrade pip"
 sudo pip install --upgrade pip
-#
+sudo pip freeze > /tmp/freeze1
-# Install Construct (required for isign)
+if [ 1 -eq 0 ]; then
-#
+banner "Install construct"
 # The latest construct that is known to work with iSign won't install with pip - We need to get the URL and fetch manually
@@ Line 74: / Line 78: @@
 sudo pip install "${CONURL}"
-#
+banner "Install ak-construct"
-# Install isign
+sudo pip install ak-construct==2.5.2
-#
-PYOPENSSLVERSION=18.0.0
+banner "Install pyOpenSSL"
+sudo pip install PyOpenSSL==18.0.0
+sudo pip freeze > /tmp/freeze2
+banner "Install isign"
 git clone https://github.com/apperian/isign.git
 cd isign
-/usr/bin/perl -pi -e "if (/pyOpenSSL/) { s/=.*[0-9]/==${PYOPENSSLVERSION}/ }" setup.py
+/usr/bin/perl -pi -e "if (/pyOpenSSL/) { s/=.*[0-9]/==`pip freeze | grep ^pyOpenSSL | cut -d "=" -f 3`/ }" setup.py
-/usr/bin/perl -pi -e "if (/construct/) { s/=.*[0-9]/==${CONVERSION}/ }" setup.py
+/usr/bin/perl -pi -e "if (/construct/) { s/=.*[0-9]/==`pip freeze | grep ^construct | cut -d "=" -f 3`/ }" setup.py
-sed -ie "s/apt-get/echo apt-get/" INSTALL.sh
+/usr/bin/perl -pi -e "if (/ak-construct/) { s/=.*[0-9]/==`pip freeze | grep ^ak-construct | cut -d "=" -f 3`/ }" setup.py
-# temporarily disabled ... # sudo ./INSTALL.sh
+sed -i "s/apt-get/echo apt-get/" INSTALL.sh
+if [ ! -e ~/.isign ]; then mkdir ~/.isign; fi
+#sudo ./INSTALL.sh
+read more
 sudo rm -rf build dist isign.egg-info
 cd
+fi
+# Install newer non-standard GCC package required for insert_dylib
-#
+banner "install centos-release-scl"
-# Install newer non-standard GCC package and build insert_dylib
+sudo yum -y install centos-release-scl
-#
-sudo yum -y install centos-release-scl
+banner "install devtoolset-4-gcc"
 sudo yum -y install devtoolset-4-gcc*
+banner "install insert_dylib"
 git clone https://github.com/LeanVel/insert_dylib
 cd ~/insert_dylib
@@ Line 100: / Line 114: @@
 sudo mv ~/insert_dylib/insert_dylib/insert_dylib /usr/local/bin/
 rm -rf ~/insert_dylib
-##
-## Get iInject
-##
-#
-if [ ! -e ~/.isign ]; then mkdir ~/.isign; fi
-# TODO: Add wget here for our custom iinject.sh file
-#cd ~
-#git clone https://github.com/LeanVel/iInject
-#sed -ie "s/^checkProvisioning$/checkProvisioning/" iInject/iInject.sh
-#sed -ie  "s/#Installing/cd \"\$currPath\"\ncleanup\nexit 0\n#Installing/" iInject/iInject.sh
-#curl https://build.frida.re/frida/ios/lib/FridaGadget.dylib --output iInject/FridaGadget.dylib
 #
@@ Line 118: / Line 120: @@
 #
+banner install rbenv
 cd
 git clone git://github.com/sstephenson/rbenv.git .rbenv
@@ Line 125: / Line 128: @@
 eval "$(rbenv init -)"
+banner install ruby-build
 git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
 echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bash_profile
 export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"
+banner "install ruby"
+#
+# Install a newer ruby version and set it as our global version for now
 #
 # Prevent generation of local documentation for each gem installed (It's slow!)
-#
 echo "gem: --no-document" > ~/.gemrc
-#
-# Install a newer ruby version and set it as our global version for now
-#
 VERSION=`curl -s https://www.ruby-lang.org/en/downloads/ | grep pub | grep -v rc | sed -e "s/.tar.gz.*//" -e "s/.*ruby-//" | grep ^[0-9] | sort -nr | head -1`
 rbenv install -v $VERSION
 rbenv global $VERSION
-#
+banner install fastlane
-# Install fastlane and pry
-#
 gem install fastlane
+banner install pry
 gem install pry
+banner install son
 gem install json
-#
+banner install genProvisioningProfile.rb
-# Get our ruby script down
-#
 wget -O genProvisioningProfile.rb https://dji.retroroms.info/_export/code/og/ipabuild/start?codeblock=2
-sed -ie "s/sensepost/`whoami`/" genProvisioningProfile.rb
+sed -i "s/sensepost/`whoami`/" genProvisioningProfile.rb
+# TODO: Add wget here for our custom iinject.sh file
+#cd ~
+#git clone https://github.com/LeanVel/iInject
+#sed -i "s/^checkProvisioning$/checkProvisioning/" iInject/iInject.sh
+#sed -i  "s/#Installing/cd \"\$currPath\"\ncleanup\nexit 0\n#Installing/" iInject/iInject.sh
+#curl https://build.frida.re/frida/ios/lib/FridaGadget.dylib --output iInject/FridaGadget.dylib
 ##

User Tools

Site Tools

Differences

Page Tools