Skip to content

Introduce a script to generate TestWebKitAPI entitlements#44141

Merged
webkit-commit-queue merged 1 commit intoWebKit:mainfrom
aestes:eng/Introduce-a-script-to-generate-TestWebKitAPI-entitlements
Apr 24, 2025
Merged

Introduce a script to generate TestWebKitAPI entitlements#44141
webkit-commit-queue merged 1 commit intoWebKit:mainfrom
aestes:eng/Introduce-a-script-to-generate-TestWebKitAPI-entitlements

Conversation

@aestes
Copy link
Contributor

@aestes aestes commented Apr 16, 2025
edited by webkit-early-warning-system
Loading

2177a49

Introduce a script to generate TestWebKitAPI entitlements
https://bugs.webkit.org/show_bug.cgi?id=291618
rdar://problem/149363565

Reviewed by Elliott Williams.

To make it easier to add unique entitlements to TestWebKitAPI.app without duplicating the
entitlements from TestWebKitAPI, introduced a process-entitlements.sh script to generate
entitlements for TestWebKitAPI and TestWebKitAPI.app. Ensured that non-base entitlements are added
to a __TEXT section in simulator binaries and to the code signature otherwise.

Verified that TestWebKitAPI and TestWebKitAPI.app have the same entitlements before and after this
change.

* Tools/TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements: Removed.
* Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements: Removed.
* Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS.entitlements: Removed.
* Tools/TestWebKitAPI/Configurations/TestWebKitAPIBase.xcconfig:
* Tools/TestWebKitAPI/Scripts/process-entitlements.sh: Added.
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:

Canonical link: https://commits.webkit.org/294089@main

f3e3098

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
🧪 style 🛠 ios 🛠 mac 🛠 wpe 🛠 win
🧪 bindings 🛠 ios-sim 🛠 mac-AS-debug 🧪 wpe-wk2 🧪 win-tests
🧪 webkitperl 🧪 ios-wk2 🧪 api-mac 🧪 api-wpe
🧪 ios-wk2-wpt 🧪 mac-wk1 🛠 wpe-cairo
🧪 api-ios 🧪 mac-wk2 🛠 gtk
🛠 vision 🧪 mac-AS-debug-wk2 🧪 gtk-wk2
🛠 vision-sim 🧪 mac-wk2-stress 🧪 api-gtk
✅ 🛠 🧪 merge ⏳ 🧪 vision-wk2 🧪 mac-intel-wk2 🛠 playstation
🛠 tv
🛠 tv-sim
🛠 watch
🛠 watch-sim

@aestes aestes requested a review from emw-apple as a code owner April 16, 2025 06:07
@aestes aestes self-assigned this Apr 16, 2025
@aestes aestes added the Tools / Tests Tools in the Tools directory, build issues, test infrastructure, and bugs in test cases label Apr 16, 2025
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Apr 16, 2025
edited
Loading

EWS run on previous version of this PR (hash b8cfb1d)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ❌ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 tv
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@aestes aestes requested a review from a team April 16, 2025 06:07
@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label Apr 16, 2025
@aestes
Copy link
Contributor Author

aestes commented Apr 16, 2025

I learned offline that this generates the incorrect entitlements for simulator binaries. Converting to a draft while I address that.

@aestes aestes marked this pull request as draft April 16, 2025 16:45
@aestes aestes removed the merging-blocked Applied to prevent a change from being merged label Apr 24, 2025
@aestes aestes force-pushed the eng/Introduce-a-script-to-generate-TestWebKitAPI-entitlements branch from b8cfb1d to ff3cdb9 Compare April 24, 2025 19:31
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Apr 24, 2025
edited
Loading

EWS run on previous version of this PR (hash ff3cdb9)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ❌ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 tv
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@aestes aestes marked this pull request as ready for review April 24, 2025 19:53
emw-apple
emw-apple approved these changes Apr 24, 2025
View reviewed changes
Tools/TestWebKitAPI/Scripts/process-entitlements.sh Outdated
Comment on lines 78 to 79
Copy link
Contributor

@emw-apple emw-apple Apr 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Do you really need to rm -f here? Seems like PlistBuddy Clear ... will reset the plist for you.

Tools/TestWebKitAPI/Configurations/TestWebKitAPIBase.xcconfig Outdated
Comment on lines 153 to 154
Copy link
Contributor

@emw-apple emw-apple Apr 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

naming nit: I wonder if it would be clearer to give this a simulator-specific name, since its purpose is to hold entitlements that apply to the code signature of simulated binaries only. how about WK_SIMULATED_XCENT_FILE?

Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj Outdated
Copy link
Contributor

@emw-apple emw-apple Apr 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity, do we need to run the script this early, before compilation? I would have expected it to run post-compiling, pre-linking, i.e. between the Sources and Frameworks build phases.

No big deal either way.

Copy link
Contributor Author

@aestes aestes Apr 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I totally understand why, but a cycle is introduced when this phase comes after Compile Sources.

@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label Apr 24, 2025
@aestes aestes removed the merging-blocked Applied to prevent a change from being merged label Apr 24, 2025
@aestes aestes force-pushed the eng/Introduce-a-script-to-generate-TestWebKitAPI-entitlements branch from ff3cdb9 to f3e3098 Compare April 24, 2025 22:26
@aestes aestes added the skip-ews Applied to prevent a change from being run on EWS label Apr 24, 2025
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Apr 24, 2025
edited
Loading

EWS run on current version of this PR (hash f3e3098)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
🧪 style 🛠 ios 🛠 mac 🛠 wpe 🛠 win
🧪 bindings 🛠 ios-sim 🛠 mac-AS-debug 🧪 wpe-wk2 🧪 win-tests
🧪 webkitperl 🧪 ios-wk2 🧪 api-mac 🧪 api-wpe
🧪 ios-wk2-wpt 🧪 mac-wk1 🛠 wpe-cairo
🧪 api-ios 🧪 mac-wk2 🛠 gtk
🛠 vision 🧪 mac-AS-debug-wk2 🧪 gtk-wk2
🛠 vision-sim 🧪 mac-wk2-stress 🧪 api-gtk
✅ 🛠 🧪 merge ⏳ 🧪 vision-wk2 🧪 mac-intel-wk2 🛠 playstation
🛠 tv
🛠 tv-sim
🛠 watch
🛠 watch-sim

@aestes aestes added the merge-queue Applied to send a pull request to merge-queue label Apr 24, 2025
@aestes
Introduce a script to generate TestWebKitAPI entitlements
2177a49 
https://bugs.webkit.org/show_bug.cgi?id=291618
rdar://problem/149363565

Reviewed by Elliott Williams.

To make it easier to add unique entitlements to TestWebKitAPI.app without duplicating the
entitlements from TestWebKitAPI, introduced a process-entitlements.sh script to generate
entitlements for TestWebKitAPI and TestWebKitAPI.app. Ensured that non-base entitlements are added
to a __TEXT section in simulator binaries and to the code signature otherwise.

Verified that TestWebKitAPI and TestWebKitAPI.app have the same entitlements before and after this
change.

* Tools/TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements: Removed.
* Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements: Removed.
* Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS.entitlements: Removed.
* Tools/TestWebKitAPI/Configurations/TestWebKitAPIBase.xcconfig:
* Tools/TestWebKitAPI/Scripts/process-entitlements.sh: Added.
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:

Canonical link: https://commits.webkit.org/294089@main
@webkit-commit-queue webkit-commit-queue force-pushed the eng/Introduce-a-script-to-generate-TestWebKitAPI-entitlements branch from f3e3098 to 2177a49 Compare April 24, 2025 23:24
@webkit-commit-queue
Copy link
Collaborator

webkit-commit-queue commented Apr 24, 2025

Committed 294089@main (2177a49): https://commits.webkit.org/294089@main

Reviewed commits have been landed. Closing PR #44141 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit 2177a49 into WebKit:main Apr 24, 2025
@webkit-commit-queue webkit-commit-queue removed the merge-queue Applied to send a pull request to merge-queue label Apr 24, 2025
@aestes aestes deleted the eng/Introduce-a-script-to-generate-TestWebKitAPI-entitlements branch August 25, 2025 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@emw-apple emw-apple emw-apple approved these changes

Assignees

@aestes aestes

Labels

skip-ews Applied to prevent a change from being run on EWS Tools / Tests Tools in the Tools directory, build issues, test infrastructure, and bugs in test cases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@aestes @webkit-early-warning-system @webkit-commit-queue @emw-apple @webkit-ews-buildbot