Fix code signing issues on macOS with Xcode 12.2 #744
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It turned out that enabling Bitcode *project-wide* is a bad idea because
for some reason it causes code signing issues when preparing macOS apps
for distribution.
Not only this glorious technology breaks iOS apps at times, the advent
Apple Silicon seems to making macOS and iOS really comptaible. I'd say,
bug-to-bug compatible!
So... if Bitcode metastasises into macOS builds, the apps exhibit
similar symptoms: everything seems to be fine, the app and its build
lead their normal life, right until the developer attempts to prepare
the app for distribution. Then it suddenly fails to code sign with
the following errors hidden deeply in logs:
Running /usr/bin/codesign '-vvv' '--force' '--sign' '3356BDE5BC1F1235571602E373E6BA16B748CDF3' [...]
[...].app/Contents/Frameworks/themis.framework/Versions/A: replacing existing signature
[...].app/Contents/Frameworks/themis.framework/Versions/A: code object is not signed at all
/usr/bin/codesign exited with 1
Well, that's enligtening!
Anyway. Once there is no mention of Bitcode whatsoever in the build
settings of macOS target for Themis framework, the applications can be
signed and everything seems to be okay.
Remove ENABLE_BITCODE setting from all macOS targets, leave it only for
iOS targets. The framework is built with YES (but of course!) and the
tests are built with NO, because the tests are bundles and they are not
compatible with Bitcode (and they are not capable of using it anyway).
Of course, we learn about this only with Xcode 12.2 RC which supports
Apple Silicon architecture. It's a long-standing Apple tradition to
change something up in code signing every 18 months, just to keep the
developers sharp.
ilammy
added
O-macOS 💻
|
This issue seems to have been introduced by #692 and is present since Themis 0.13.1. I guess it would be nice to make 0.13.5 with this fix, so I'm marking it with the backport label. |
vixentael
approved these changes
Nov 11, 2020
|
Bitcode-related magic never cease to amaze me. @ilammy let's cheery-pick this into one of the |
Once it's certain that it helps—sure. Let the affected people know that they can try out the |
ilammy
added a commit
to ilammy/themis
that referenced
this pull request
Nov 11, 2020
It turned out that enabling Bitcode *project-wide* is a bad idea because
for some reason it causes code signing issues when preparing macOS apps
for distribution.
Not only this glorious technology breaks iOS apps at times, the advent
Apple Silicon seems to making macOS and iOS really comptaible. I'd say,
bug-to-bug compatible!
So... if Bitcode metastasises into macOS builds, the apps exhibit
similar symptoms: everything seems to be fine, the app and its build
lead their normal life, right until the developer attempts to prepare
the app for distribution. Then it suddenly fails to code sign with
the following errors hidden deeply in logs:
Running /usr/bin/codesign '-vvv' '--force' '--sign' '3356BDE5BC1F1235571602E373E6BA16B748CDF3' [...]
[...].app/Contents/Frameworks/themis.framework/Versions/A: replacing existing signature
[...].app/Contents/Frameworks/themis.framework/Versions/A: code object is not signed at all
/usr/bin/codesign exited with 1
Well, that's enligtening!
Anyway. Once there is no mention of Bitcode whatsoever in the build
settings of macOS target for Themis framework, the applications can be
signed and everything seems to be okay.
Remove ENABLE_BITCODE setting from all macOS targets, leave it only for
iOS targets. The framework is built with YES (but of course!) and the
tests are built with NO, because the tests are bundles and they are not
compatible with Bitcode (and they are not capable of using it anyway).
Of course, we learn about this only with Xcode 12.2 RC which supports
Apple Silicon architecture. It's a long-standing Apple tradition to
change something up in code signing every 18 months, just to keep the
developers sharp.
(cherry picked from commit 71bdbb8)
Signed-off-by: Alexei Lozovsky <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It turned out that enabling Bitcode project-wide is a bad idea because for some reason it causes code signing issues when preparing macOS apps for distribution.
Not only this glorious technology breaks iOS apps at times, the advent of Apple Silicon seems to be making macOS and iOS really compatible. I'd say, bug-to-bug compatible!
So... if Bitcode metastasizes into macOS builds, the apps exhibit similar symptoms: everything seems to be fine, the app and its build lead their normal life, right until the developer attempts to prepare the app for distribution. Then it suddenly fails to code sign with the following informative dialog:
and the following errors hidden deeply in logs (Show Logs, then look at the end of IDEDistributionPipeline.log):
Well, that's enlightening!
Anyway. Once there is no mention of Bitcode whatsoever in the build settings of macOS target for Themis framework, the applications can be signed and everything seems to be okay.
Remove
ENABLE_BITCODEsetting from all macOS targets, leave it only for iOS targets. The framework is built with YES (but of course!) and the tests are built with NO, because the tests are bundles and they are not compatible with Bitcode (and they are not capable of using it anyway).Of course, we learn about this only with Xcode 12.2 RC which supports Apple Silicon architecture. After all, it's a long-standing Apple tradition to change something up in code signing every 18 months, just to keep the developers sharp.
Checklist