Updated Templates for Blazor apps for MacCatalyst #14196
Conversation
ed comments in csproj for publishing to Mac App store. Modified Info.plist to add necessary keys for publishing.
dustin-wojciechowski
added
platform/macOS 🍏
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
There was a problem hiding this comment.
We also need this for the regular templates, at least the Entitlements.Debug.plist so that we can also inspect WebViews there. In that case also add this one to the "fixes" list: #7706
And some failing tests...
| <!-- Notes for Publishing on the Mac App Store: | ||
| 1. For macOS it's possible to sign both the app bundle (EnableCodesigning=true) and the package (*.pkg) (EnablePackageSigning=true), | ||
| and these are signed separately and with different certificates. | ||
| CodesignKey: this is the signing key used for the app bundle | ||
| PackageSigningKey: this is the signing key used for the package | ||
| 2. Publishing to the App Store requires signing both the app bundle and the package. | ||
| Must be 'Apple Distribution: ...' for the app bundle. Note that apps signed like this will not execute locally. | ||
| They have to be published to the App Store and then downloaded (Apple will resign the app with a different signing identity that allows for local execution). | ||
| Must be '3rd Party Mac Developer Installer: ...' for the pkg | ||
| 3. Publishing outside of the App Store (i.e. only notarizing) requires: | ||
| Must be 'Developer ID Application: ...' for the app bundle | ||
| Must be 'Developer ID Installer: ...' for the pkg | ||
| 4. During development, use the 'Apple Development: ...' signing key (typically to verify that the app works when is signed and entitlements are enforced). | ||
| 5. Depending on the entitlements the app needs, a specific provisioning profile (CodesignProvision) might be needed. | ||
| 6. UseHardenedRuntime must be set to true when app sandbox is enabled in Info.plist. | ||
| --> |
There was a problem hiding this comment.
While this is pretty epic!!!!
Should we consider moving this to a more lively document with an aka.ms link maybe? That will give us the ability to update it needed without publishing an update. And also I'm not sure if people would be really happy with paragraphs of comments in their csproj?
There was a problem hiding this comment.
Ah, I'll remove it and perhaps make a link to some documentation. Would this be the right section for it? https://learn.microsoft.com/en-us/dotnet/maui/mac-catalyst/deployment/?view=net-maui-7.0
| <!-- | ||
| <CodesignProvision>YOUR PROFILE NAME</CodesignProvision> | ||
| <CodesignKey>Apple Development: YOURNAME (*******)</CodesignKey> | ||
| --> |
There was a problem hiding this comment.
Is this intentional? Should it have some instructions as well?
| <!-- | ||
| <CodesignKey>Apple Development: YOURNAME (*******)</CodesignKey> | ||
| <CodesignProvision>YOUR PROFILE NAME</CodesignProvision> | ||
| <PackageSigningKey>3rd Party Mac Developer Installer: YOURNAME (*******)</PackageSigningKey> | ||
| --> |
There was a problem hiding this comment.
Same as above. We have docs about this now, maybe also aka.ms link those?
| <EnableCodeSigning>True</EnableCodeSigning> | ||
| <ProvisionType>Manual</ProvisionType> | ||
| <CreatePackage>true</CreatePackage> | ||
| <EnablePackageSigning>true</EnablePackageSigning> | ||
| <CodesignEntitlements>Platforms/MacCatalyst/Entitlements.Release.plist</CodesignEntitlements> | ||
| <UseHardenedRuntime>true</UseHardenedRuntime> |
There was a problem hiding this comment.
This is probably why the test is failing. Should we enable this or just add some instructions?
First, this will complicate our pipeline and we need to manually add valid certs each year etc.
Second, this is not something people have today and I think the tooling will now already help get some of this in there? Or at the very least the documentation is there... But not sure what the best option is to do this.
… relocate those to docs.
|
Per @jfversluis, I've removed the content from the csproj and will update it with a link to the documentation when it's been updated. Also working on getting as much in here without breaking any tests. |
| @@ -60,6 +60,9 @@ | |||
| <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="MS_EXT_VERSION" /> | |||
| </ItemGroup> | |||
|
|
|||
| <!-- Build Properties must be defined within these property groups to ensure successful publishing | |||
| to the App Store. See "Define build properties in your project file" here: | |||
| https://learn.microsoft.com/en-us/dotnet/maui/mac-catalyst/deployment/publish-app-store --> | |||
There was a problem hiding this comment.
- This needs to be an aka.ms link
- Make sure you remove the
en-usfrom the URL so that people don't always go to the English-US docs. If you omit theen-usthen it will auto-redirect to the docs in the user's preferred locale
There was a problem hiding this comment.
(Same applies to all other links.)
|
Per @jfversluis 's comment, the same changes need to be present in the maui-mobile template as well (they can also use WebViews, or people can add a BlazorWebView to them). |
| <!-- Note for MacCatalyst: | ||
| The default runtime is maccatalyst-x64, except in Release config, in which case the default is maccatalyst-x64;maccatalyst-arm64. | ||
| When specifying both architectures, use the plural <RuntimeIdentifiers> instead of the singular <RuntimeIdentifer>. | ||
| The App Store will NOT accept apps with ONLY maccatalyst-arm64 indicated; |
There was a problem hiding this comment.
| The App Store will NOT accept apps with ONLY maccatalyst-arm64 indicated; | |
| The Mac App Store will NOT accept apps with ONLY maccatalyst-arm64 indicated; |
In case any reader is unfamiliar with the generic sounding term "App Store," I suggest adding "Mac" to the name.
The Apple App Store guidelines specifically mention that either form is acceptable, but I think the more specific one could be more helpful.
Guidelines: https://developer.apple.com/app-store/marketing/guidelines/
App Store
Always typeset App Store with an uppercase A and an uppercase S followed by lowercase letters.Refer to just the App Store unless you need to be more specific; in that case, you can use App Store for iPhone, App Store for iPad, Mac App Store, App Store for Apple TV, App Store for Apple Watch, or App Store for iMessage. To refer to all the versions, use this order: App Store for iPhone, iPad, Mac, Apple Watch, Apple TV, and iMessage. Don’t use terms such as Apple Watch App Store or App Store for watchOS.
| @@ -2,6 +2,15 @@ | |||
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |||
| <plist version="1.0"> | |||
| <dict> | |||
| <!-- The App store requires you specify if the app uses encryption. --> | |||
There was a problem hiding this comment.
| <!-- The App store requires you specify if the app uses encryption. --> | |
| <!-- The Mac App Store requires you specify if the app uses encryption. --> |
(At a minimum the S needs to be capitalized, but I suggest also prefixing Mac.)
| @@ -48,7 +56,23 @@ | |||
| </ItemGroup> | |||
|
|
|||
| <ItemGroup> | |||
| <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="MS_EXT_VERSION" /> | |||
| <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(MicrosoftExtensionsPackageVersion)" /> | |||
There was a problem hiding this comment.
Hmm is this change deliberate? These templates have some funky pre-processing that is applied as part of the build to substitute a specific version that ends up baked into the shipped template.
There was a problem hiding this comment.
Oof, accidentally got modified, thanks!
| <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|DOTNET_TFM-ios|AnyCPU'"> | ||
| <CreatePackage>false</CreatePackage> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|DOTNET_TFM-ios|AnyCPU'"> | ||
| <CreatePackage>false</CreatePackage> | ||
| </PropertyGroup> |
There was a problem hiding this comment.
These 6 lines (72-77) appear here, but not in the maui-blazor template. Is that deliberate? If so, why?
There was a problem hiding this comment.
Sorry, I'm not sure how this got in there, I'm not quite sure if that was generated by VS for Mac or if I mistakenly included it somehow :(
|
@dustin-wojciechowski I appreciate all your effort and patience in this issue. Updating templates is both the easiest thing in the world, and the most difficult thing in the world 😁 |
samhouts
added
the
backport/suggested
hartez
added
the
backport/NO
|
Linking this for more context: #16355 We talked about cleaning up the templates so that we can remove the entitlements files from the template, as well as the csproj entries. We can instead have some of the basic entitlements set by default in the macios SDK so that this is all unnecessary to be included in our MAUI templates, and users are still able to disable the default entitlements included in these scenarios. |
|
Here's the macios PR: xamarin/xamarin-macios#18669 |
Description of Change
I updated the Maui templates to address issues brought up in #12293. I set this to draft because I am unsure of some of the approaches I've taken. I created a PR in Xamarin-macios to address the maccatalyst templates we have there: xamarin/xamarin-macios#17830
<key>com.apple.security.get-task-allow<key>is necessary to be able to use Dev tools while debugging Blazor apps, whilecom.apple.security.app-sandboxis required by the App Store for publishing andcom.apple.security.network.clientis necessary for Blazor apps when sandbox is enabled.<ITSAppUsesNonExemptEncryption>and<LSApplicationCategoryType>Also, if these are transferrable to other macios/iOS templates, I could also add them to their respective templates in future PR's.
Fixes #5561
Fixes #14219
Fixes #13080
Fixes #7706