Deleting expired provisioning profiles

Question

Using exclusively terminal, how can one identify and delete the expired provisioning profiles from ~/Library/MobileDevice/Provisioning Profiles

Is there a way to do that just from terminal?

Answer 1

You can write a shell script that will loop through the files, grab the date from the mobileprovision file, and check it against the current date.

#!/bin/sh

for provisioning_profile in ~/Library/MobileDevice/Provisioning\ Profiles/*.mobileprovision;
do
    printf "Checking ${provisioning_profile}... "

    # pull the expiration date from the plist
    expirationDate=`/usr/libexec/PlistBuddy -c 'Print :ExpirationDate' /dev/stdin <<< $(security cms -D -i "${provisioning_profile}")`

    # convert expirationDate and current date to epoch (Unix Timestamps) then compare both.
    timestamp_expiration=`date -jf"%a %b %d %T %Z %Y" "${expirationDate}" +%s`
    timestamp_now=`date +%s`

    if [ ${timestamp_now} -ge ${timestamp_expiration} ];
    then
        echo "EXPIRED"
        # rm -f "${provisioning_profile}"
    else
        echo "not expired"
    fi

done

You can use the security command and plist buddy to extract the ExpirationDate from the file. Then for simplicity I just convert that date to a easily comparable format (YYYMMDD unix time stamps or seconds since 1970) and compare it to today's date in the same format. I print out the status of each. Note: I do not do the delete, because I want you to verify the script results before you uncomment the removal line. I ran it on mine, and threw in an old profile. It correctly identified the expired profile in my tests.