createdump is not being signed

[steveisok]

Moved from https://github.com/dotnet/runtime/issues/89285

Description

I have upgraded a Xam.Mac app to .Net for Mac. In the process, I also upgraded to .Net 7 and C# 11. I’m trying to upload it to the app store. This worked under Xam.Mac, but does not work now.

The problem is that there is a new application automatically added to the Application bundle - createdump - which does not get signed properly.

I see that this has been raised before (e.g. https://github.com/dotnet/runtime/issues/83613), but those are all closed without actually saying how to work around the issue.

Steps to Reproduce

1. Select “Archive For Publishing”.
2. The select “Sign and Distribute”.
3. Select “App Store”, then the signing identity, provisioning profile and installer signing identity.
4. This seems to work, and I can save the build.
5. I then switch to the Transporter app and attempt to upload (by dragging and dropping the package). I get the following error:

Invalid Code Signing. The executable MYAPP.pkg/Payload/MYAPP.app/Contents/MonoBundle/createdump' must be signed with the certificate that is contained in the provisioning profile.

Expected Behavior

Either:

• VSMac will automatically sign createdump (since VS is adding it to my app), OR
• Instructions will be provided as to HOW to sign createdump manually so that the app can be delivered to the app store.

Right now, my app cannot be uploaded to the app store.

Actual Behavior

createdump is not being signed.

Environment

Version information

``` VSMac Version: 17.6 (build 1575) MacOS Version: 13.4.1 (latest) ```

Build Logs

Example Project (If Possible)

[tussock]

Thanks for copying this over @steveisok.

Here is some extra data on the environment:

<TargetFramework>net7.0-macos</TargetFramework>
<SupportedOSPlatformVersion>10.14</SupportedOSPlatformVersion>
<RuntimeIdentifiers>osx-x64</RuntimeIdentifiers>

And here is the workaround I mention in the bug report that does not work:

    <!-- Workaround for https://github.com/xamarin/xamarin-macios/issues/13417 -->
  <PropertyGroup>
    <CodesignDependsOn>CodeSignCreateDump;$(CodesignDependsOn)</CodesignDependsOn>
  </PropertyGroup>
  <Target Name="CodeSignCreateDump" Condition="'$(_CodeSigningKey)' != ''">
    <Codesign Condition="'$(IsMacEnabled)' == 'true'" SessionId="$(BuildSessionId)" ToolExe="$(CodesignExe)" ToolPath="$(CodesignPath)" CodesignAllocate="$(_CodesignAllocate)" DisableTimestamp="$(_CodesignDisableTimestamp)" Keychain="$(CodesignKeychain)" Resources="$(AppBundleDir)\Contents\MonoBundle\createdump" SigningKey="$(_CodeSigningKey)" ExtraArgs="$(CodesignExtraArgs)" UseHardenedRuntime="$(UseHardenedRuntime)" StampFile="" UseSecureTimestamp="$(UseHardenedRuntime)" />
  </Target>
    <!-- Workaround for https://github.com/xamarin/xamarin-macios/issues/13417 -->

[tussock]

I just want to report on a solution presented elsewhere.

The option presented here https://github.com/xamarin/xamarin-macios/issues/13417 which is to change codesign to add Resources="$(AppBundleDir)\Contents\MonoBundle\createdump" fails with:

The "Codesign" task was not given a value for the required parameter "StampFile", nor was there a "CodesignStampFile" metadata on the resource <APP>/Contents/MonoBundle/createdump.

Apparently this issue was fixed and the issue is set to resolved. Looking at the delta - it seems they have added the same Resources items.

[tussock]

Is there a workaround that can be used for this issue in the short term? Thanks.

[rolfbjarne]

Is there a workaround that can be used for this issue in the short term? Thanks.

Adding this to the csproj should remove createdump from the app bundle:

<Target Name="RemoveCreateDump" BeforeTargets="_ComputePublishLocation" AfterTargets="ComputeFilesToPublish">
  <ItemGroup>
    <ResolvedFileToPublish Remove="@(ResolvedFileToPublish)" Condition="'%(ResolvedFileToPublish.Filename)' == 'createdump'" />
  </ItemGroup>
</Target>

[tussock]

I can confirm that this works. Thank you!