MacOS builds getting rejected by Apple

[borjandev]

Is there an existing issue for this?

• I have searched the existing issues
• I have read the guide to filing a bug

Steps to reproduce

1. Switch to master branch at commit 3d25049 or later
2. flutter create --org com.yourdomain example (change to a real bundle identifier)
3. Ensure that there there is an app on App Store Connect which matches that identifier
4. flutter build macos --release
5. Use Xcode Version 14.3 (14E222b) and click "Product --> Archive"
6. Click "Validate App" once the archive completes and perform the signing process which is a part of the same flow
7. Click "Distribute App" and keep the "App Store Connect" selected, and perform the re-sign process for App Store Connect distribution which is part of the same flow

Expected results

App appears in TestFlight without issues.

Last known good commit on master is 4fb146e where the app appears in TestFlight without issues.

Actual results

App doesn't appear in TestFlight on master branch at commit 3d25049 or later

Instead, I get an email from Apple :

Dear Developer,We identified one or more issues with a recent delivery for your app, "Example" 1.0.0 (1). Please correct the following issues, then upload again.

ITMS-90238: Invalid Signature - The main app bundle alpha at path alpha.app has following signing error(s): --

prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCoreImage.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCoreImage.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftAppKit.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftAppKit.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftObjectiveC.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftObjectiveC.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftXPC.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftXPC.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCore.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCore.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftMetal.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftMetal.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftos.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftos.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCoreGraphics.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCoreGraphics.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCoreFoundation.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCoreFoundation.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCoreData.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftCoreData.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftDispatch.dylib --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/libswiftDispatch.dylib --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/FlutterMacOS.framework/Versions/Current/. --prepared:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/App.framework/Versions/Current/. --validated:/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/App.framework/Versions/Current/. 

/Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app: unsealed contents present in the root directory of an embedded framework In subcomponent: /Volumes/workspace/app_data/SWValidationService/mz_16570556546293624248dir/mz_9478577434763482248dir/com.yourdomain.example.pkg/Payload/example.app/Contents/Frameworks/FlutterMacOS.framework . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple.com/library/mac/technotes/tn2206/_index.html for more information.

Best regards,

The App Store Team 

Code sample

Code sample

Any code, even the default flutter app

Screenshots or Video

Screenshots / Video demonstration

[Upload media here]

Logs

Logs

[Paste your logs here]

Flutter Doctor output

Doctor output

[✓] Flutter (Channel master, 3.11.0-5.0.pre.54, on macOS 13.4 22F62 darwin-arm64, locale en-MK)
    • Flutter version 3.11.0-5.0.pre.54 on channel master at /Users/devdemo/fvm/versions/6e9c0db20640629c66f23be89e80f3b487141a96
    • Upstream repository https://github.com/flutter/flutter.git
    • Framework revision 6e9c0db206 (3 hours ago), 2023-05-12 10:41:54 -0700
    • Engine revision c784d6d413
    • Dart version 3.1.0 (build 3.1.0-102.0.dev)
    • DevTools version 2.23.1

[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.2)
    • Android SDK at /Users/devdemo/Library/Android/sdk
    • Platform android-33, build-tools 33.0.2
    • ANDROID_HOME = /Users/devdemo/Library/Android/sdk
    • Java binary at: /Applications/Android Studio.app/Contents/jbr/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build 11.0.15+0-b2043.56-8887301)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS (Xcode 14.3)
    • Xcode at /Applications/Xcode.app/Contents/Developer
    • Build 14E222b
    • CocoaPods version 1.12.0

[✓] Chrome - develop for the web
    • Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[✓] Android Studio (version 2022.1)
    • Android Studio at /Applications/Android Studio.app/Contents
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 11.0.15+0-b2043.56-8887301)

[✓] VS Code (version 1.77.1)
    • VS Code at /Applications/Visual Studio Code.app/Contents
    • Flutter extension can be installed from:
      🔨 https://marketplace.visualstudio.com/items?itemName=Dart-Code.flutter

[✓] VS Code (version 1.79.0-insider)
    • VS Code at /Applications/Visual Studio Code - Insiders.app/Contents
    • Flutter extension version 3.64.0

[✓] Connected device (4 available)
    • Redmi Note 7 (mobile) • e960747            • android-arm64  • Android 10 (API 29)
    • Pixel 3 (mobile)      • 100.13.180.15:5555 • android-arm64  • Android 12 (API 31)
    • macOS (desktop)       • macos              • darwin-arm64   • macOS 13.4 22F62 darwin-arm64
    • Chrome (web)          • chrome             • web-javascript • Google Chrome 113.0.5672.92

[✓] Network resources
    • All expected network resources are available.

• No issues found!

[godofredoc]

@borjandev Are you trying to re-sign already signed FlutterMacOS.framework?

[godofredoc]

Can you please try using a newer commit from master that exist only on master?

[godofredoc]

@XilaiZhang @christopherfujino FYI

[borjandev]

@borjandev Are you trying to re-sign already signed FlutterMacOS.framework?

I am following the official Xcode MacOS app submission flows, same issue from the GUI and even from fastlane flows, the only variable is the commit change, once 3d25049 landed, every newer commit submission has resulted in the same rejection

Can you specify a commit hash that you want me to test specifically?

[godofredoc]

Let's try with 9c72f5a7e62e63c199739267f3feeee0559caf11

[borjandev]

@godofredoc same issue with 9c72f5a

• Flutter version 3.11.0-5.0.pre.57 on channel master at /Users/devdemo/fvm/versions/9c72f5a7e62e63c199739267f3feeee0559caf11

[XilaiZhang]

Umm my understanding is that we only sign binaries tied to a release, umm should we also sign artifacts associated with a random hash?

[godofredoc]

3d25049 was included in a release candidate branch which caused the binaries to be signed. My first thought was something related to signing but if 9c72f5a is failing in the same way then the error may be related to the file structure.

[godofredoc]

@borjandev are these files in your app tree: entitlements.txt and without_entitlements.txt?

If they are can you please delete them and try to sign again?

[borjandev]

@godofredoc

1. Checking

find . | grep entitlements.txt

./macos/Runner/DebugProfile.entitlements ./macos/Runner/Release.entitlements ./macos/example.app/Contents/Frameworks/FlutterMacOS.framework/entitlements.txt ./macos/example.app/Contents/Frameworks/FlutterMacOS.framework/without_entitlements.txt ./ios/Runner/Runner.entitlements ./build/macos/Build/Products/Release/FlutterMacOS.framework/entitlements.txt ./build/macos/Build/Products/Release/FlutterMacOS.framework/without_entitlements.txt ./build/macos/Build/Products/Release/example.app/Contents/Frameworks/FlutterMacOS.framework/entitlements.txt ./build/macos/Build/Products/Release/example.app/Contents/Frameworks/FlutterMacOS.framework/without_entitlements.txt

2. Deleting
   find . | grep entitlements.txt | xargs -I{} rm {}

3. Checking again
   find . | grep entitlements.txt (none found)

Used the Xcode GUI and default flows to upload, same issue, same email from Apple

[XilaiZhang]

thanks for explaining!

As a side note, the engine revision of 3d25049 points to 689eb6ee904772cf1ffa458ac7fa16b903215c8f as the hash of the engine binary. I visited google cloud buckets of the engine binary and it looks like the FlutterMacOS binary in FlutterMacOS.framework wasn't signed. Not sure if this is the expected behavior. entitlements.txt and without_entitlements.txt are present in the zip. the libswiftCoreImage.dylib files listed here are not on the list of files we would code sign.

umm if we are expecting 3d25049 to be signed, does this mean we published a release with unsigned binaries?

[christopherfujino]

3d25049 was included in a release candidate branch which caused the binaries to be signed. My first thought was something related to signing but if 9c72f5a is failing in the same way then the error may be related to the file structure.

When I look at the first release branch AFTER 3d25049, it looks like it had a different engine hash: 55c988f

Thus I don't think flutter/engine@689eb6e was ever included in a RC branch, and I don't think it was ever codesigned.

I'm not sure the issue, but I don't think it's related to the desktop release codesigning process.

[borjandev]

@XilaiZhang @christopherfujino @godofredoc

The flutter master commit that started causing this MacOS rejection 3d25049 has the following PR linked to it #125598

This #125598 PR contains 2 commits :

reland "Migrate mac_host_engine to engine v2 builds." (flutter/engine#41531) - acc49d3

Roll buildroot to 5708f2051772fd02c949e5dc9397e54f8c7a4478 (flutter/engine#41540) - deef282

So one of these 2 commits above caused the issue (unless I am missing something?)

If it's not connected to the engine v2 builds, maybe it's related to the buildroot change? With the PR flutter/engine#41540

deps = {
  - 'src': 'https://github.com/flutter/buildroot.git' + '@' + '37fa2f05f6b009a1a92879c03b0871d97100aa2d',
  + 'src': 'https://github.com/flutter/buildroot.git' + '@' + '5708f2051772fd02c949e5dc9397e54f8c7a4478',

Which is linked to flutter/buildroot#722 which has a ton of files removed as noted here https://github.com/flutter/buildroot/pull/722/files

Glancing through the removals, the obvious ones removed in reference to 'mac' are shown on the screenshot below, so I am not sure if they are relevant?

[christopherfujino]

Here is the diff in a github view: https://github.com/flutter/engine/compare/19045bb99c..689eb6ee

I suspect the root cause is some subtle directory structure change (as speculated in #126705 (comment)). Note, a google search on the error message "unsealed contents present in root directory" results in https://developer.apple.com/forums/thread/93914, where a new QT release no longer had an accepted Mac framework directory structure.

[XilaiZhang]

Umm for the potential branches that could have contained 3d2504, here is the list from git branch -r --contains 3d2504951c0bc794f186da29d35eabec0343e62d:

  fujino/add-version-json
  fujino/preview-device-in-tool-from-scratch
  upstream/beta
  upstream/dependabot/github_actions/actions/labeler-b6f708799c1101ee9adc1388b397da244f9dec1c
  upstream/dependabot/github_actions/google/mirror-branch-action-2.0
  upstream/fix_devtools_start_paused
  upstream/flutter-3.10-candidate.16
  upstream/flutter-3.10-candidate.17
  upstream/flutter-3.10-candidate.18
  upstream/flutter-3.11-candidate.0
  upstream/flutter-3.11-candidate.1
  upstream/flutter-3.11-candidate.2
  upstream/flutter-3.11-candidate.3
  upstream/flutter-3.11-candidate.4
  upstream/flutter-3.11-candidate.5
  upstream/main
  upstream/master

among this list of branches, my understanding is that only flutter-3.11-candidate.0 is a recent release branch?

switching into this branch and grep the first release after 3d2504, using git log --pretty=format:"%ad - %an: %s" --after="2023-04-26" | grep release:
we find a release that was completed by Casey on Wednesday:
Wed May 10 07:08:22 2023 -0700 - Casey Hillers: [flutter_releases] Flutter beta 3.11.0-0.0.pre Framework Cherrypicks (#126385)
Umm but Casey's release used 992cdb6 as the engine hash.

[godofredoc]

Let me replicate the build locally. Seems like a symlink may be the culprit. Will use 3d25049 for the replication and engine hash 689eb6ee904772cf1ffa458ac7fa16b903215c8f

[christopherfujino]

Umm for the potential branches that could have contained 3d2504, here is the list from git branch -r --contains 3d2504951c0bc794f186da29d35eabec0343e62d:

  fujino/add-version-json
  fujino/preview-device-in-tool-from-scratch
  upstream/beta
  upstream/dependabot/github_actions/actions/labeler-b6f708799c1101ee9adc1388b397da244f9dec1c
  upstream/dependabot/github_actions/google/mirror-branch-action-2.0
  upstream/fix_devtools_start_paused
  upstream/flutter-3.10-candidate.16
  upstream/flutter-3.10-candidate.17
  upstream/flutter-3.10-candidate.18
  upstream/flutter-3.11-candidate.0
  upstream/flutter-3.11-candidate.1
  upstream/flutter-3.11-candidate.2
  upstream/flutter-3.11-candidate.3
  upstream/flutter-3.11-candidate.4
  upstream/flutter-3.11-candidate.5
  upstream/main
  upstream/master

among this list of branches, my understanding is that only flutter-3.11-candidate.0 is a recent release branch?

switching into this branch and grep the first release after 3d2504, using git log --pretty=format:"%ad - %an: %s" --after="2023-04-26" | grep release: we find a release that was completed by Casey on Wednesday: Wed May 10 07:08:22 2023 -0700 - Casey Hillers: [flutter_releases] Flutter beta 3.11.0-0.0.pre Framework Cherrypicks (#126385) Umm but Casey's release used 992cdb6 as the engine hash.

I think you're mixing two different ideas:

1. releases that have the exact engine commit 689eb6ee904772cf1ffa458ac7fa16b903215c8f
2. releases that have an engine AT or AFTER 689eb6ee904772cf1ffa458ac7fa16b903215c8f

For number 1, I don't think there are any releases that have that exact commit. However, since most likely the issue isn't with our codesigning process, I don't think this matters. Thus, I think we actually care about number 2, in which case you're right that our 3.11.0-0.0.pre beta release WOULD be affected.

[borjandev]

Let me replicate the build locally. Seems like a symlink may be the culprit. Will use 3d25049 for the replication.

An important note, which makes this even more painstaking to debug, is that the actual MacOS build is accepted by App Store Connect when this issue happens, which means that the upload succeeds and everything is "looking good" until Apple sends this email after they are done with their processing, which also "burns" the version number, and the app needs to be re-compiled with an increased version number, and re-submitted again, and to wait for apple to process it again, and waiting at least 5 or more minutes for Apple to send the email detailing the rejection reason.

[XilaiZhang]

umm right I was trying to eliminate/verify that codesigning wasn't the culprit.
my understanding is that an engine commit has to match the exact commit in the release, for it to be code signed in a release? (i.e., I thought only the tip of the commits is code signed in a release)
I was thinking if there isn't a release that exactly matches 689eb6, then code signing shouldn't be the culprit?

Umm for the potential branches that could have contained 3d2504, here is the list from git branch -r --contains 3d2504951c0bc794f186da29d35eabec0343e62d:

  fujino/add-version-json
  fujino/preview-device-in-tool-from-scratch
  upstream/beta
  upstream/dependabot/github_actions/actions/labeler-b6f708799c1101ee9adc1388b397da244f9dec1c
  upstream/dependabot/github_actions/google/mirror-branch-action-2.0
  upstream/fix_devtools_start_paused
  upstream/flutter-3.10-candidate.16
  upstream/flutter-3.10-candidate.17
  upstream/flutter-3.10-candidate.18
  upstream/flutter-3.11-candidate.0
  upstream/flutter-3.11-candidate.1
  upstream/flutter-3.11-candidate.2
  upstream/flutter-3.11-candidate.3
  upstream/flutter-3.11-candidate.4
  upstream/flutter-3.11-candidate.5
  upstream/main
  upstream/master

among this list of branches, my understanding is that only flutter-3.11-candidate.0 is a recent release branch?
switching into this branch and grep the first release after 3d2504, using git log --pretty=format:"%ad - %an: %s" --after="2023-04-26" | grep release: we find a release that was completed by Casey on Wednesday: Wed May 10 07:08:22 2023 -0700 - Casey Hillers: [flutter_releases] Flutter beta 3.11.0-0.0.pre Framework Cherrypicks (#126385) Umm but Casey's release used 992cdb6 as the engine hash.

I think you're mixing two different ideas:

1. releases that have the exact engine commit 689eb6ee904772cf1ffa458ac7fa16b903215c8f
2. releases that have an engine AT or AFTER 689eb6ee904772cf1ffa458ac7fa16b903215c8f

For number 1, I don't think there are any releases that have that exact commit. However, since most likely the issue isn't with our codesigning process, I don't think this matters. Thus, I think we actually care about number 2, in which case you're right that our 3.11.0-0.0.pre beta release WOULD be affected.

[borjandev]

Umm for the potential branches that could have contained 3d2504, here is the list from git branch -r --contains 3d2504951c0bc794f186da29d35eabec0343e62d:

  fujino/add-version-json
  fujino/preview-device-in-tool-from-scratch
  upstream/beta
  upstream/dependabot/github_actions/actions/labeler-b6f708799c1101ee9adc1388b397da244f9dec1c
  upstream/dependabot/github_actions/google/mirror-branch-action-2.0
  upstream/fix_devtools_start_paused
  upstream/flutter-3.10-candidate.16
  upstream/flutter-3.10-candidate.17
  upstream/flutter-3.10-candidate.18
  upstream/flutter-3.11-candidate.0
  upstream/flutter-3.11-candidate.1
  upstream/flutter-3.11-candidate.2
  upstream/flutter-3.11-candidate.3
  upstream/flutter-3.11-candidate.4
  upstream/flutter-3.11-candidate.5
  upstream/main
  upstream/master

among this list of branches, my understanding is that only flutter-3.11-candidate.0 is a recent release branch?
switching into this branch and grep the first release after 3d2504, using git log --pretty=format:"%ad - %an: %s" --after="2023-04-26" | grep release: we find a release that was completed by Casey on Wednesday: Wed May 10 07:08:22 2023 -0700 - Casey Hillers: [flutter_releases] Flutter beta 3.11.0-0.0.pre Framework Cherrypicks (#126385) Umm but Casey's release used 992cdb6 as the engine hash.

I think you're mixing two different ideas:

1. releases that have the exact engine commit 689eb6ee904772cf1ffa458ac7fa16b903215c8f
2. releases that have an engine AT or AFTER 689eb6ee904772cf1ffa458ac7fa16b903215c8f

For number 1, I don't think there are any releases that have that exact commit. However, since most likely the issue isn't with our codesigning process, I don't think this matters. Thus, I think we actually care about number 2, in which case you're right that our 3.11.0-0.0.pre beta release WOULD be affected.

@XilaiZhang @christopherfujino @godofredoc as suspected, I can confirm that the issue is reproducible as well on the beta channel 3.11.0-0.0.pre

[!] Flutter (Channel beta, 3.11.0-0.0.pre, on macOS 13.4 22F5059b darwin-arm64, locale en-MK)

Which we can see here also contains 3d25049

[christopherfujino]

@borjandev thanks so much for verifying and for all of your thorough research.

[godofredoc]

@borjandev can you please give it another try using 3d25049 and deleting and regenerating the app?

[borjandev]

@godofredoc I have already tried that prior to opening the issue,

1. I created a fresh new app using one of the master commits after 3d25049

2. I changed the signing keys / version number so that TestFlight would accept it

3. I compiled the fresh, default app, created by flutter create --org com.yourdomain example and submitted it to TestFlight and it gave me the same error (this is what gave me the certainty that it's a flutter issue and not a code / app issue or a pod / package issue, as the fresh app doesn't have external dependencies)

Do you want me to try the same test one more time exactly with 3d25049 ?

Or do you want me to try some variation?

[godofredoc]

That's correct, it will be great if you can re-rerun with 3d2504951c0bc794f186da29d35eabec0343e62d. I just re-generated the debug, profile and release artifacts for that commit and re-upload them to GCS.

[borjandev]

@godofredoc oh wow that seem to have worked, the issue is gone for the example app (i will confirm for the real app)

[XilaiZhang]

Congratulations!

[godofredoc]

This is great news, if that works we'll send a fix on Monday and cherry pick it to Beta.

For context the issue is caused by the new signing metadata files being extracted in a folder expected to contain only the files to be signed.

[christopherfujino]

This should be fixed on master and there is a cherry-pick request to get this fixed on beta: #127350

[borjandev]

@godofredoc @christopherfujino did you guys verify that the rejection issue has been solved? I tried the TOT on master branch, which is c313083 at the moment, and still the same rejection happens. (unless I am missing some extra step?)

[christopherfujino]

@godofredoc @christopherfujino did you guys verify that the rejection issue has been solved? I tried the TOT on master branch, which is c313083 at the moment, and still the same rejection happens. (unless I am missing some extra step?)

hmm, no I didn't verify (I don't have neither a developer account nor an app to publish). I'll have to investigate this more tomorrow.

[godofredoc]

I can replicate the issue running the following commands:

cd <flutter_checkout>
git reset --hard c313083
mkdir <tmp_folder> && cd <tmp_folder>
flutter create --org com.yourdomain example
flutter build macos --release
find . -name 'entitlements.txt'

Finds the following files:

./build/macos/Build/Products/Release/FlutterMacOS.framework/entitlements.txt
./build/macos/Build/Products/Release/example.app/Contents/Frameworks/FlutterMacOS.framework/entitlements.txt

[godofredoc]

I think I know what the problem is. Do we need to duplicate the delete logic where we extract the second zip of FlutterMacOS.framework?

[XilaiZhang]

I think I know what the problem is. Do we need to duplicate the delete logic where we extract the second zip of FlutterMacOS.framework?

Sure, i can do this tomorrow

[XilaiZhang]

Thanks for the catch!

[christopherfujino]

@vashworth it looks like I ALSO need my previous change, where I deleted it at the time we copied from the cache to the build dir

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v and a minimal reproduction of the issue.