Code Signing Not Working for AdditionalAppExtensions #15598
Description
Steps to Reproduce
- Download solution attached NativeExtensionEmbedding.zip
- Unzip solution file
- Update Native and Managed apps with valid provisioning profiles
- Run dotnet tool restore in the NativeExtensionEmbedding directory
- Run dotnet cake --target=PublishIPA
- In the IPA that's now in AppPackages/ManagedContainer.ipa, unzip it and look at Payload/ManagedContainer.app/PlugIns/NativeTodayExtension.appex, and see there's no _CodeSignature at all
Expected Behavior
There is a code signature for NativeTodayExtension.appex inside the IPA
Actual Behavior
The IPA itself is signed, but NativeTodayExtension.appex is not signed. This worked correctly with Xamarin.iOS 15.8.0.5. It is broken with Xamarin.iOS 15.10.0.5 (unless I'm doing something wrong)
Environment
Version information
Visual Studio Community 2022 for Mac
Version 17.0.7 (build 7)
Installation UUID: e414baf3-158a-4f60-baf1-f1796b783205
Runtime
.NET 6.0.5 (64-bit)
Architecture: Arm64
Roslyn (Language Service)
4.1.0-3.22075.3+592501cbb9c9394072a245c15b3458ff88155d85
NuGet
Version: 6.0.0.262
.NET SDK (Arm64)
SDK: /usr/local/share/dotnet/sdk/6.0.302/Sdks
SDK Versions:
6.0.302
6.0.301
6.0.300
6.0.203
6.0.202
6.0.201
6.0.200
MSBuild SDKs: /Applications/Visual Studio.app/Contents/MonoBundle/MSBuild/Current/bin/Sdks
.NET SDK (x64)
SDK Versions:
3.1.421
3.1.420
3.1.419
.NET Runtime (Arm64)
Runtime: /usr/local/share/dotnet/dotnet
Runtime Versions:
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
.NET Runtime (x64)
Runtime: /usr/local/share/dotnet/x64/dotnet
Runtime Versions:
3.1.27
3.1.26
3.1.25
Xamarin.Profiler
Version: 1.8.0.19
Location: /Applications/Xamarin Profiler.app/Contents/MacOS/Xamarin Profiler
Updater
Version: 11
Apple Developer Tools
Xcode 13.4.1 (20504)
Build 13F100
Xamarin.Mac
Version: 8.10.0.5 (Visual Studio Community)
Hash: 96b3edb6d
Branch: d17-2
Build date: 2022-05-18 07:32:06-0400
Xamarin.iOS
Version: 15.10.0.5 (Visual Studio Community)
Hash: 96b3edb6d
Branch: d17-2
Build date: 2022-05-18 07:32:07-0400
Xamarin Designer
Version: 17.1.5.90
Hash: 53f47efde
Branch: remotes/origin/d17-0-vsmac
Build date: 2022-07-20 22:42:03 UTC
Xamarin.Android
Version: 12.3.3.3 (Visual Studio Community)
Commit: xamarin-android/d17-2/4e061b7
Android SDK: /Users/adamrussell/Library/Developer/Xamarin/android-sdk-macosx
Supported Android versions:
12.0 (API level 31)
8.1 (API level 27)
11.0 (API level 30)
10.0 (API level 29)
9.0 (API level 28)
SDK Command-line Tools Version: 5.0
SDK Platform Tools Version: 31.0.3
SDK Build Tools Version: 30.0.3
Build Information:
Mono: dffa5ab
Java.Interop: xamarin/java.interop/d17-2@9760f0a9
ProGuard: Guardsquare/proguard/v7.0.1@912d149
SQLite: xamarin/sqlite/3.38.2@7b1e016
Xamarin.Android Tools: xamarin/xamarin-android-tools/d17-2@fc3c2ac
Microsoft Build of OpenJDK
Java SDK: /Library/Java/JavaVirtualMachines/microsoft-11.jdk
11.0.12
Android Designer EPL code available here:
https://github.com/xamarin/AndroidDesigner.EPL
Eclipse Temurin JDK
Java SDK: /Library/Java/JavaVirtualMachines/temurin-8.jdk
1.8.0.302
Android Designer EPL code available here:
https://github.com/xamarin/AndroidDesigner.EPL
Android SDK Manager
Version: 17.2.0.37
Hash: 7f5a6ef
Branch: remotes/origin/d17-2
Build date: 2022-07-20 22:42:07 UTC
Android Device Manager
Version: 0.0.0.1116
Hash: e47e6c8
Branch: remotes/origin/d17-2
Build date: 2022-07-20 22:42:07 UTC
Build Information
Release ID: 1700070007
Git revision: 5a924af5432fc0ed4adc294eb2edb6a95c97cf2e
Build date: 2022-07-20 22:39:54+00
Build branch: release-17.0
Build lane: release-17.0
Operating System
Mac OS X 12.5.0
Darwin 21.6.0 Darwin Kernel Version 21.6.0
Sat Jun 18 17:05:47 PDT 2022
root:xnu-8020.140.41~1/RELEASE_ARM64_T8101 arm64
Build Logs
I ran the same Cake script with Xamarin.iOS 15.8.0.5, then immediately after with 15.10.0.5. 15.8.0.5 produces the correct results, 15.10.0.5 does not.
I've included build logs in this zip for both.
GOOD_Xamarin_iOS_15.8.0.5.binlog
and
BAD_Xamarin_IOS_15.10.0.5.binlog
Example Project (If Possible)
Additional Details
I ran into this a few days ago when I updated a production build to use Xamarin.iOS 15.10.0.5 without any other major changes, and was initially confused when it started getting rejected by TestFlight/AppStoreConnect.
I tried to make this example as close to possible to the test app that's in this repo:
https://github.com/xamarin/xamarin-macios/tree/main/tests/common/TestProjects/NativeExtensionEmbedding
The only changes were to use distribution provisioning profiles (changing the bundle identifiers slightly so I could use some with real provisioning profiles), changing the managed app to use a release build, and adding the build.cake script at the top level so you can see my build.
I used a distribution cert to make sure it's closer to a real example (sorry, that probably means you need to change the associations on your own machine to actually build the sample).
Hopefully I'm just missing something in the way code signing works now, as it looks to have been rewritten. It looks like a bug to me, though.
(I'm not very familiary with MSBuild, but maybe in Target -> _CollectCodeSigningData, the paths should resolve as those within the IPA folders after the appex has ben copied rather than the original build outputs? I could be completely off, though, since I don't quite follow how the new codesigning flow works.)