[msbuild] Always codesign the framework directory, not what's inside (x…

…amarin#10309) **Example #1.** Signing a framework binary is the **same** thing as signing the framework directory. ``` $ codesign -v --force --timestamp=none --sign - bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework/lame bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework/lame: replacing existing signature bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework/lame: signed bundle with Mach-O thin (arm64) [io.sourceforge.lame] $ codesign -v --force --timestamp=none --sign - bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework: replacing existing signature bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework: signed bundle with Mach-O thin (arm64) [io.sourceforge.lame] ``` Nice right ? Pretty much until... **Example #2.** Signing a framework binary is **NOT** the **same** thing as signing the framework directory. ``` $ codesign -v --force --timestamp=none --sign - bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework/flac bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework/flac: replacing existing signature bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework/flac: signed Mach-O thin (arm64) [flac-55554944583d2f02282c33d8bfed082daa857e30] $ codesign -v --force --timestamp=none --sign - bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework: replacing existing signature bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework: signed bundle with Mach-O thin (arm64) [org.xiph.flac] ``` In this case signing the binary `flac` does not produce the `_CodeSignature` directory and fails our msbuild Codesign task The fix is to detect if we're signing a framework like `A.framework/A` and change this to sign `A.framework` as this will always work.
rolfbjarne · Jan 11, 2021 · 0709c88 · 0709c88
1 parent 28791b6
commit 0709c88
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/CodesignTaskBase.cs b/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/CodesignTaskBase.cs
@@ -140,7 +140,16 @@ IList<string> GenerateCommandLineArguments (ITaskItem item)
 			if (!string.IsNullOrEmpty (ExtraArgs))
 				args.Add (ExtraArgs);
 
-			args.Add (Path.GetFullPath (item.ItemSpec));
+			// signing a framework and a file inside a framework is not *always* identical
+			// on macOS apps {item.ItemSpec} can be a symlink to `Versions/Current/{item.ItemSpec}`
+			// and `Current` also a symlink to `A`... and `_CodeSignature` will be found there
+			var path = PathUtils.ResolveSymbolicLinks (item.ItemSpec);
+			var parent = Path.GetDirectoryName (path);
+
+			// so do not don't sign `A.framework/A`, sign `A.framework` which will always sign the *bundle*
+			if ((Path.GetExtension (parent) == ".framework") && (Path.GetFileName (path) == Path.GetFileNameWithoutExtension (parent)))
+				path = parent;
+			args.Add (Path.GetFullPath (path));
 
 			return args;
 		}
@@ -230,14 +239,6 @@ IEnumerable<ITaskItem> GetCodesignedFiles (ITaskItem item)
 				}
 			} else if (File.Exists (item.ItemSpec)) {
 				codesignedFiles.Add (item);
-
-				// on macOS apps {item.ItemSpec} can be a symlink to `Versions/Current/{item.ItemSpec}`
-				// and `Current` also a symlink to `A`... and `_CodeSignature` will be found there
-				var path = PathUtils.ResolveSymbolicLinks (item.ItemSpec);
-				var dirName = Path.GetDirectoryName (path);
-
-				if (Path.GetExtension (dirName) == ".framework")
-					codesignedFiles.AddRange (Directory.EnumerateFiles (Path.Combine (dirName, CodeSignatureDirName)).Select (x => new TaskItem (x)));
 			}
 
 			return codesignedFiles;