Differences

This shows you the differences between two versions of the page.

--- og:ipabuild:start [2019/01/13 09:48]
czokie
+++ og:ipabuild:start [2019/01/15 01:41] (current)
czokie [Main setup]
@@ Line 2: / Line 2: @@
 This document will explain how to systematically scriptable build IOS apps. For the document, I will start with a virtual server running Centos 7.x - with a "minimal" server template. (Almost nothing is installed).
-This is a two step install. The first stage sets some basic security parameters (like disabling selinux enforcing)... which is required in later stages... and creates a build user - so we don't install all of this crap as root. After this stage the server is rebooted.
+This is a two step install. The first stage sets some basic security parameters (like disabling selinux enforcing)... which is required in later stages... and creates a build user - so we don't install all of this crap as root. After this stage the server is rebooted, if selinux was running. (The reboot is skipped if selinux is not running).
-The second stage does the main build under our newly created user.
+The second stage does the main build under our newly created user, using sudo where required.
-===== Server Build =====
+This base server requirement is Centos 7 minimal operating system. The details are enclosed below - but essentially, just run the first few commands here on a clean install and it will be ready to go.
-This server build assumes Centos 7 minimal operating system. The details are enclosed below - but essentially, just run the first few commands here on a clean ISO install and it will be ready to go.
-==== Setup Process - Stage 1 ====
+===== Setup Process - Stage 1 =====
 Login as root to your newly created Centos 7 minimal server build, and execute the following command. This will pull the stage 1 script listed below and execute it.
@@ Line 15: / Line 14: @@
   bash <(curl -s https://dji.retroroms.info/_export/code/og/ipabuild/start?codeblock=0)
-==== Setup Process - Stage 2 ====
+===== Setup Process - Stage 2 =====
-The server will reboot - When it comes back, login as the user build and execute the next command
+If SeLinux is installed, the server will reboot. Login as the build user when it comes back and continue with this command. If selinux is not installed, the first script will automatically SU to this user.
   bash <(curl -s https://dji.retroroms.info/_export/code/og/ipabuild/start?codeblock=1)
-==== Setup Scripts ====
+===== Setup Scripts =====
+==== Bootstrap ====
 <code bash ipabuildsetup1.sh>
 #!/bin/bash
@@ Line 35: / Line 34: @@
 echo "${USER} ALL = NOPASSWD: ALL" > /etc/sudoers.d/build
 if [ -e /etc/sysconfig/selinux ]; then
-  sed -ie "s/enforcing$/permissive/g" /etc/sysconfig/selinux
+  sed -i "s/enforcing$/permissive/g" /etc/sysconfig/selinux
   echo "Run the next step as username: ${USER}"
   banner "Rebooting"
@@ Line 41: / Line 40: @@
 else
   banner "Continue as ${USER}"
+  #su -c "bash <(curl -s https://dji.retroroms.info/_export/code/og/ipabuild/start?codeblock=1)" -s /bin/bash ${USER}
   su - ${USER}
 fi
 </code>
+==== Main setup ====
 <code bash ipabuildsetup2.sh>
@@ Line 60: / Line 62: @@
              make patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel openssl-devel \
              bzip2 autoconf automake libtool bison iconv-devel sqlite-devel which zip unzip openssl file
+sudo pip freeze > /tmp/freeze0
 banner "Upgrade pip"
@@ Line 65: / Line 69: @@
 sudo pip install --upgrade pip
+sudo pip freeze > /tmp/freeze1
+if [ 1 -eq 0 ]; then
 banner "Install construct"
 # The latest construct that is known to work with iSign won't install with pip - We need to get the URL and fetch manually
@@ Line 72: / Line 78: @@
 sudo pip install "${CONURL}"
-banner "Install isign"
+banner "Install ak-construct"
-#
+sudo pip install ak-construct==2.5.2
-# Install isign
-#
-PYOPENSSLVERSION=18.0.0
+banner "Install pyOpenSSL"
+sudo pip install PyOpenSSL==18.0.0
+sudo pip freeze > /tmp/freeze2
+banner "Install isign"
 git clone https://github.com/apperian/isign.git
 cd isign
-/usr/bin/perl -pi -e "if (/pyOpenSSL/) { s/=.*[0-9]/==${PYOPENSSLVERSION}/ }" setup.py
+/usr/bin/perl -pi -e "if (/pyOpenSSL/) { s/=.*[0-9]/==`pip freeze | grep ^pyOpenSSL | cut -d "=" -f 3`/ }" setup.py
-/usr/bin/perl -pi -e "if (/construct/) { s/=.*[0-9]/==${CONVERSION}/ }" setup.py
+/usr/bin/perl -pi -e "if (/construct/) { s/=.*[0-9]/==`pip freeze | grep ^construct | cut -d "=" -f 3`/ }" setup.py
-sed -ie "s/apt-get/echo apt-get/" INSTALL.sh
+/usr/bin/perl -pi -e "if (/ak-construct/) { s/=.*[0-9]/==`pip freeze | grep ^ak-construct | cut -d "=" -f 3`/ }" setup.py
-# temporarily disabled ... # sudo ./INSTALL.sh
+sed -i "s/apt-get/echo apt-get/" INSTALL.sh
+if [ ! -e ~/.isign ]; then mkdir ~/.isign; fi
+#sudo ./INSTALL.sh
+read more
 sudo rm -rf build dist isign.egg-info
 cd
+fi
+# Install newer non-standard GCC package required for insert_dylib
-#
+banner "install centos-release-scl"
-# Install newer non-standard GCC package and build insert_dylib
-#
 sudo yum -y install centos-release-scl
+banner "install devtoolset-4-gcc"
 sudo yum -y install devtoolset-4-gcc*
+banner "install insert_dylib"
 git clone https://github.com/LeanVel/insert_dylib
 cd ~/insert_dylib
@@ Line 99: / Line 114: @@
 sudo mv ~/insert_dylib/insert_dylib/insert_dylib /usr/local/bin/
 rm -rf ~/insert_dylib
-##
-## Get iInject
-##
-#
-if [ ! -e ~/.isign ]; then mkdir ~/.isign; fi
-# TODO: Add wget here for our custom iinject.sh file
-#cd ~
-#git clone https://github.com/LeanVel/iInject
-#sed -ie "s/^checkProvisioning$/checkProvisioning/" iInject/iInject.sh
-#sed -ie  "s/#Installing/cd \"\$currPath\"\ncleanup\nexit 0\n#Installing/" iInject/iInject.sh
-#curl https://build.frida.re/frida/ios/lib/FridaGadget.dylib --output iInject/FridaGadget.dylib
 #
@@ Line 117: / Line 120: @@
 #
+banner install rbenv
 cd
 git clone git://github.com/sstephenson/rbenv.git .rbenv
@@ Line 124: / Line 128: @@
 eval "$(rbenv init -)"
+banner install ruby-build
 git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
 echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bash_profile
 export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"
+banner "install ruby"
+#
+# Install a newer ruby version and set it as our global version for now
 #
 # Prevent generation of local documentation for each gem installed (It's slow!)
-#
 echo "gem: --no-document" > ~/.gemrc
-#
-# Install a newer ruby version and set it as our global version for now
-#
 VERSION=`curl -s https://www.ruby-lang.org/en/downloads/ | grep pub | grep -v rc | sed -e "s/.tar.gz.*//" -e "s/.*ruby-//" | grep ^[0-9] | sort -nr | head -1`
 rbenv install -v $VERSION
 rbenv global $VERSION
-#
+banner install fastlane
-# Install fastlane and pry
-#
 gem install fastlane
+banner install pry
 gem install pry
+banner install son
 gem install json
-#
+banner install genProvisioningProfile.rb
-# Get our ruby script down
-#
 wget -O genProvisioningProfile.rb https://dji.retroroms.info/_export/code/og/ipabuild/start?codeblock=2
-sed -ie "s/sensepost/`whoami`/" genProvisioningProfile.rb
+sed -i "s/sensepost/`whoami`/" genProvisioningProfile.rb
+# TODO: Add wget here for our custom iinject.sh file
+#cd ~
+#git clone https://github.com/LeanVel/iInject
+#sed -i "s/^checkProvisioning$/checkProvisioning/" iInject/iInject.sh
+#sed -i  "s/#Installing/cd \"\$currPath\"\ncleanup\nexit 0\n#Installing/" iInject/iInject.sh
+#curl https://build.frida.re/frida/ios/lib/FridaGadget.dylib --output iInject/FridaGadget.dylib
 ##

User Tools

Site Tools

Differences

Page Tools