-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix code signing issues on macOS with Xcode 12.2 #744
Conversation
It turned out that enabling Bitcode *project-wide* is a bad idea because for some reason it causes code signing issues when preparing macOS apps for distribution. Not only this glorious technology breaks iOS apps at times, the advent Apple Silicon seems to making macOS and iOS really comptaible. I'd say, bug-to-bug compatible! So... if Bitcode metastasises into macOS builds, the apps exhibit similar symptoms: everything seems to be fine, the app and its build lead their normal life, right until the developer attempts to prepare the app for distribution. Then it suddenly fails to code sign with the following errors hidden deeply in logs: Running /usr/bin/codesign '-vvv' '--force' '--sign' '3356BDE5BC1F1235571602E373E6BA16B748CDF3' [...] [...].app/Contents/Frameworks/themis.framework/Versions/A: replacing existing signature [...].app/Contents/Frameworks/themis.framework/Versions/A: code object is not signed at all /usr/bin/codesign exited with 1 Well, that's enligtening! Anyway. Once there is no mention of Bitcode whatsoever in the build settings of macOS target for Themis framework, the applications can be signed and everything seems to be okay. Remove ENABLE_BITCODE setting from all macOS targets, leave it only for iOS targets. The framework is built with YES (but of course!) and the tests are built with NO, because the tests are bundles and they are not compatible with Bitcode (and they are not capable of using it anyway). Of course, we learn about this only with Xcode 12.2 RC which supports Apple Silicon architecture. It's a long-standing Apple tradition to change something up in code signing every 18 months, just to keep the developers sharp.
This issue seems to have been introduced by #692 and is present since Themis 0.13.1. I guess it would be nice to make 0.13.5 with this fix, so I'm marking it with the backport label. |
Bitcode-related magic never cease to amaze me. @ilammy let's cheery-pick this into one of the |
Once it's certain that it helps—sure. Let the affected people know that they can try out the |
It turned out that enabling Bitcode *project-wide* is a bad idea because for some reason it causes code signing issues when preparing macOS apps for distribution. Not only this glorious technology breaks iOS apps at times, the advent Apple Silicon seems to making macOS and iOS really comptaible. I'd say, bug-to-bug compatible! So... if Bitcode metastasises into macOS builds, the apps exhibit similar symptoms: everything seems to be fine, the app and its build lead their normal life, right until the developer attempts to prepare the app for distribution. Then it suddenly fails to code sign with the following errors hidden deeply in logs: Running /usr/bin/codesign '-vvv' '--force' '--sign' '3356BDE5BC1F1235571602E373E6BA16B748CDF3' [...] [...].app/Contents/Frameworks/themis.framework/Versions/A: replacing existing signature [...].app/Contents/Frameworks/themis.framework/Versions/A: code object is not signed at all /usr/bin/codesign exited with 1 Well, that's enligtening! Anyway. Once there is no mention of Bitcode whatsoever in the build settings of macOS target for Themis framework, the applications can be signed and everything seems to be okay. Remove ENABLE_BITCODE setting from all macOS targets, leave it only for iOS targets. The framework is built with YES (but of course!) and the tests are built with NO, because the tests are bundles and they are not compatible with Bitcode (and they are not capable of using it anyway). Of course, we learn about this only with Xcode 12.2 RC which supports Apple Silicon architecture. It's a long-standing Apple tradition to change something up in code signing every 18 months, just to keep the developers sharp. (cherry picked from commit 71bdbb8) Signed-off-by: Alexei Lozovsky <me@ilammy.net>
It turned out that enabling Bitcode project-wide is a bad idea because for some reason it causes code signing issues when preparing macOS apps for distribution.
Not only this glorious technology breaks iOS apps at times, the advent of Apple Silicon seems to be making macOS and iOS really compatible. I'd say, bug-to-bug compatible!
So... if Bitcode metastasizes into macOS builds, the apps exhibit similar symptoms: everything seems to be fine, the app and its build lead their normal life, right until the developer attempts to prepare the app for distribution. Then it suddenly fails to code sign with the following informative dialog:
and the following errors hidden deeply in logs (Show Logs, then look at the end of IDEDistributionPipeline.log):
Well, that's enlightening!
Anyway. Once there is no mention of Bitcode whatsoever in the build settings of macOS target for Themis framework, the applications can be signed and everything seems to be okay.
Remove
ENABLE_BITCODE
setting from all macOS targets, leave it only for iOS targets. The framework is built with YES (but of course!) and the tests are built with NO, because the tests are bundles and they are not compatible with Bitcode (and they are not capable of using it anyway).Of course, we learn about this only with Xcode 12.2 RC which supports Apple Silicon architecture. After all, it's a long-standing Apple tradition to change something up in code signing every 18 months, just to keep the developers sharp.
Checklist