search

dotnet / maui

.NET MAUI is the .NET Multi-platform App UI, a framework for building native device applications spanning mobile, tablet, and desktop.
https://dot.net/maui
MIT License
21.98k stars 1.71k forks source link

MAUI iOS app is signed, but the used frameworks are not resigned #10284

Closed janwiebe-jump closed 1 year ago

janwiebe-jump commented 1 year ago

Description

I am building my app with .NET MAUI. Installed the latest preview of VS2022 for Mac.

From inside my project directory, I execute the following command to publish the IPA. This process does succeed.

dotnet publish -f:net6.0-ios -c Release -property:IsPublishing=true

Relevant parts of my csproj file:

<PropertyGroup>
    <TargetFrameworks>net6.0-android;net6.0-ios</TargetFrameworks>
    <!-- Uncomment to also build the tizen app. You will need to install tizen by following this: https://github.com/Samsung/Tizen.NET -->
    <!-- <TargetFrameworks>$(TargetFrameworks);net6.0-tizen</TargetFrameworks> -->
    <OutputType>Exe</OutputType>
    <RootNamespace>test.app</RootNamespace>
    <UseMaui>true</UseMaui>
    <SingleProject>true</SingleProject>
    <ImplicitUsings>enable</ImplicitUsings>
    <!-- Display name -->
    <ApplicationTitle>Test App</ApplicationTitle>
    <!-- App Identifier -->
    <ApplicationId>com.test.app</ApplicationId>
    <ApplicationIdGuid>A5294064-442D-4B46-8746-333333300093</ApplicationIdGuid>
    <!-- Versions -->
    <ApplicationDisplayVersion>0.3.0</ApplicationDisplayVersion>
    <ApplicationVersion>5</ApplicationVersion>
    <SupportedOSPlatformVersion Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'ios'">14.2</SupportedOSPlatformVersion>
    <SupportedOSPlatformVersion Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android'">27</SupportedOSPlatformVersion>
    <Configurations>Release;Debug</Configurations>
</PropertyGroup>
<PropertyGroup Condition="'$(IsPublishing)'  == 'true' And '$(TargetFramework)' == 'net6.0-ios'">
    <RuntimeIdentifier>ios-arm64</RuntimeIdentifier>
    <CodesignKey>Apple Distribution: XX (XX)</CodesignKey>
    <CodesignProvision>XXDistribution</CodesignProvision>
    <ArchiveOnBuild>true</ArchiveOnBuild>
    <BuildIpa>true</BuildIpa>
    <MtouchLink>SdkOnly</MtouchLink>
    <MtouchExtraArgs>-v -v -v -v</MtouchExtraArgs>
</PropertyGroup>
<ItemGroup Condition="'$(TargetFramework)' == 'net6.0-ios'">
    <PackageReference Include="Xamarin.Firebase.iOS.Crashlytics" Version="8.10.0.1" />
    <BundleResource Include="GoogleService-Info.plist" />
</ItemGroup>
<ItemGroup>
    <PackageReference Include="CommunityToolkit.Mvvm" Version="8.0.0" />
    <PackageReference Include="CommunityToolkit.Maui" Version="1.3.0" />
    <PackageReference Include="ZXing.Net.Maui" Version="0.1.0-preview.7" />
    <PackageReference Include="Mopups" Version="1.0.3" />
</ItemGroup>

The transporter app gives this errors when verifying the app for upload.

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/nanopb.framework/nanopb' must be signed with the certificate that is contained in the provisioning profile. (ID: 5a01900f-e334-4fe2-923b-aec40fd62c43)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/GoogleDataTransport.framework/GoogleDataTransport' must be signed with the certificate that is contained in the provisioning profile. (ID: fd8e4362-ba17-4380-b898-e8b13b4a97ef)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/GTMSessionFetcher.framework/GTMSessionFetcher' must be signed with the certificate that is contained in the provisioning profile. (ID: ee87e70a-3404-4c60-a9e1-f45e3f9b6435)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/FirebaseCoreDiagnostics.framework/FirebaseCoreDiagnostics' must be signed with the certificate that is contained in the provisioning profile. (ID: 0847daf7-bb0d-4763-992b-7a11d7b6a10b)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/FBLPromises.framework/FBLPromises' must be signed with the certificate that is contained in the provisioning profile. (ID: 5dc022a3-828c-4bd4-a58b-52b634b3c787)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/leveldb.framework/leveldb' must be signed with the certificate that is contained in the provisioning profile. (ID: 9805a8b8-33c9-4d41-babf-b91fb9b449aa)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/GoogleToolboxForMac.framework/GoogleToolboxForMac' must be signed with the certificate that is contained in the provisioning profile. (ID: ee9275cc-3d2e-4d7b-b235-d1b83e2bc726)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/FirebaseCore.framework/FirebaseCore' must be signed with the certificate that is contained in the provisioning profile. (ID: 2b2666df-0921-4b72-8bd9-d7871aadbd21)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/GoogleAPIClientForREST.framework/GoogleAPIClientForREST' must be signed with the certificate that is contained in the provisioning profile. (ID: 8e85224b-545e-49d7-ab31-26f86b219b09)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/FirebaseCrashlytics.framework/FirebaseCrashlytics' must be signed with the certificate that is contained in the provisioning profile. (ID: ba4fca7e-dd47-4207-bfed-81462102621b)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/FirebaseInstallations.framework/FirebaseInstallations' must be signed with the certificate that is contained in the provisioning profile. (ID: fdd632dd-df9e-4de9-a091-b3c2247a8c1e)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/Protobuf.framework/Protobuf' must be signed with the certificate that is contained in the provisioning profile. (ID: 4b9263c4-dac1-42da-a762-9555cfd289db)

Asset validation failed (90179)
Invalid Code Signing. The executable 'Payload/TestApp.app/Frameworks/GoogleUtilities.framework/GoogleUtilities' must be signed with the certificate that is contained in the provisioning profile. (ID: 1cb9547d-8a00-45d9-952e-2a2635911a81)

Any ideas?

Steps to Reproduce

Add this dependencies, and try to sign the ipa using dotnet publish.

I expect that my IPA can be uploaded to the App Store

Link to public reproduction project repository

-

Version with bug

Unknown/Other (please specify)

Last version that worked well

Unknown/Other

Affected platforms

iOS

Affected platform versions

iOS

Did you find any workaround?

No response

Relevant log output

No response

rachelkang commented 1 year ago

@rolfbjarne, what do you think about this one?

rolfbjarne commented 1 year ago

@janwiebe-jump can you build like this (I added -bl:msbuild.binlog at the end):

dotnet publish -f:net6.0-ios -c Release -property:IsPublishing=true -bl:msbuild.binlog

and then upload the resulting msbuild.binlog file?

janwiebe-jump commented 1 year ago

Thanks @rolfbjarne , I created the binlog. What is the best way to share it, since it might contain sensitive info?

rolfbjarne commented 1 year ago

@janwiebe-jump the best way is to file a report here: https://developercommunity.visualstudio.com/report?space=41&q=whatever&entry=problem. Once you've filed the report, you can add private attachments. In the report, say that you're just providing private information for this issue (add the link to this issue), and once it's all done, add a link to the report here.

janwiebe-jump commented 1 year ago

Thanks! I added the binlog to the report: https://developercommunity.visualstudio.com/t/A-private-attachment-for-https:github/10157218

rolfbjarne commented 1 year ago

@janwiebe-jump I see this from the binlog:

The stamp file 'obj/Release/net6.0-ios/ios-arm64/codesign/bin/Release/net6.0-ios/ios-arm64/Electrading.Mobile.app/Frameworks/nanopb.framework/.stampfile' for the item '/Users/janwiebe/projects/Electrading/mobile-app/Electrading-Mobile/Electrading.Mobile/bin/Release/net6.0-ios/ios-arm64/Electrading.Mobile.app/Frameworks/nanopb.framework' is up-to-date, so the item does not need to be codesigned.

So it seems the build thought the framework didn't need to be codesigned, because it had already been codesigned in a previous build.

Can you try cleaning your project first (by removing the obj and bin directories at the very least), rebuild, and see if you can produce a properly signed app bundle that way? Hopefully that works as a workaround until we can fix the bug.

rolfbjarne commented 1 year ago

This issue was moved to xamarin/xamarin-macios#16124