From cfdf59dce4c0a33b4d352ba5847a49b7255f8306 Mon Sep 17 00:00:00 2001
From: Jeffrey Stedfast <jestedfa@microsoft.com>
Date: Mon, 8 Jan 2018 14:32:00 -0500
Subject: [PATCH] [msbuild] Tweak the codesign logic for iOS Simulator builds
 (#3114)

Don't *always* codesign, especially for iOS8 which seems to break.

iOS Simulator builds should only be codesigned if they require
Entitlements (signified by RequireProvisionProfile).
---
 .../Tasks/DetectSigningIdentityTaskBase.cs    | 62 +++++++------------
 .../Xamarin.iOS.Common.targets                |  5 --
 .../ProjectsTests/CodesignAppBundle.cs        | 32 ++++++----
 tests/framework-test/framework-test.csproj    |  6 +-
 4 files changed, 45 insertions(+), 60 deletions(-)

diff --git a/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/DetectSigningIdentityTaskBase.cs b/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/DetectSigningIdentityTaskBase.cs
index d40ebedc2a1f..40a475aeb3bf 100644
--- a/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/DetectSigningIdentityTaskBase.cs
+++ b/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/DetectSigningIdentityTaskBase.cs
@@ -344,53 +344,35 @@ public override bool Execute ()
 				return false;
 			}
 
-			if (Framework == PlatformFramework.MacOS && !RequireCodeSigning) {
-				DetectedBundleId = identity.BundleId;
-				DetectedAppId = DetectedBundleId;
-
-				ReportDetectedCodesignInfo ();
+			if (Framework == PlatformFramework.MacOS) {
+				if (!RequireCodeSigning) {
+					DetectedBundleId = identity.BundleId;
+					DetectedAppId = DetectedBundleId;
 
-				return !Log.HasLoggedErrors;
-			}
+					ReportDetectedCodesignInfo ();
 
-			if (!RequireProvisioningProfile) {
-				if (SdkIsSimulator && AppleSdkSettings.XcodeVersion.Major >= 8) {
-					// Note: Starting with Xcode 8.0, we need to codesign iOS Simulator builds in order for them to run.
-					// The "-" key is a special value allowed by the codesign utility that allows us to get away with
-					// not having an actual codesign key. As far as we know, this only works with Xcode >= 8.
-					DetectedCodeSigningKey = "-";
-				} else {
-					// Try and get a valid codesigning certificate...
-					if (!TryGetSigningCertificates (out certs, SdkIsSimulator))
-						return false;
-
-					if (certs.Count > 0) {
-						if (certs.Count > 1) {
-							if (!string.IsNullOrEmpty (SigningKey))
-								Log.LogMessage (MessageImportance.Normal, "Multiple signing identities match '{0}'; using the first match.", SigningKey);
-							else
-								Log.LogMessage (MessageImportance.Normal, "Multiple signing identities found; using the first identity.");
-
-							for (int i = 0; i < certs.Count; i++) {
-								Log.LogMessage (MessageImportance.Normal, "{0,3}. Signing Identity: {1} ({2})", i + 1,
-												SecKeychain.GetCertificateCommonName (certs[i]), certs[i].Thumbprint);
-							}
-						}
-
-						codesignCommonName = SecKeychain.GetCertificateCommonName (certs[0]);
-						DetectedCodeSigningKey = certs[0].Thumbprint;
+					return !Log.HasLoggedErrors;
+				}
+			} else {
+				// Framework is either iOS, tvOS or watchOS
+				if (SdkIsSimulator) {
+					if (AppleSdkSettings.XcodeVersion.Major >= 8 && RequireProvisioningProfile) {
+						// Note: Starting with Xcode 8.0, we need to codesign iOS Simulator builds that enable Entitlements
+						// in order for them to run. The "-" key is a special value allowed by the codesign utility that
+						// allows us to get away with not having an actual codesign key.
+						DetectedCodeSigningKey = "-";
 					} else {
-						// Note: We don't have to codesign for iOS Simulator builds meant to run on Xcode iOS Simulators
-						// older than 8.0, so it's non-fatal if we don't find any...
+						// Note: Do not codesign. Codesigning seems to break the iOS Simulator in older versions of Xcode.
+						DetectedCodeSigningKey = null;
 					}
-				}
 
-				DetectedBundleId = identity.BundleId;
-				DetectedAppId = DetectedBundleId;
+					DetectedBundleId = identity.BundleId;
+					DetectedAppId = DetectedBundleId;
 
-				ReportDetectedCodesignInfo ();
+					ReportDetectedCodesignInfo ();
 
-				return !Log.HasLoggedErrors;
+					return !Log.HasLoggedErrors;
+				}
 			}
 
 			// Note: if we make it this far, we absolutely need a codesigning certificate
diff --git a/msbuild/Xamarin.iOS.Tasks.Core/Xamarin.iOS.Common.targets b/msbuild/Xamarin.iOS.Tasks.Core/Xamarin.iOS.Common.targets
index 08f790b7b8c6..93adbdab89b9 100644
--- a/msbuild/Xamarin.iOS.Tasks.Core/Xamarin.iOS.Common.targets
+++ b/msbuild/Xamarin.iOS.Tasks.Core/Xamarin.iOS.Common.targets
@@ -664,11 +664,6 @@ Copyright (C) 2013-2016 Xamarin. All rights reserved.
 			<Output TaskParameter="DetectedDistributionType" PropertyName="_DistributionType" />
 			<Output TaskParameter="DetectedProvisioningProfile" PropertyName="_ProvisioningProfile" />
 		</DetectSigningIdentity>
-
-		<PropertyGroup>
-			<!-- Always use '-' as the signing key for iOS Simulator builds -->
-			<_CodeSigningKey Condition="'$(_SdkIsSimulator)' == 'true'">-</_CodeSigningKey>
-		</PropertyGroup>
 	</Target>
 	
 	<Target Name="_GenerateBundleName" Condition="'$(_CanOutputAppBundle)' == 'true'" DependsOnTargets="_ComputeTargetArchitectures">
diff --git a/msbuild/tests/Xamarin.iOS.Tasks.Tests/ProjectsTests/CodesignAppBundle.cs b/msbuild/tests/Xamarin.iOS.Tasks.Tests/ProjectsTests/CodesignAppBundle.cs
index d941fa916526..3fb107e67118 100644
--- a/msbuild/tests/Xamarin.iOS.Tasks.Tests/ProjectsTests/CodesignAppBundle.cs
+++ b/msbuild/tests/Xamarin.iOS.Tasks.Tests/ProjectsTests/CodesignAppBundle.cs
@@ -40,27 +40,29 @@ static bool IsCodesigned (string path)
 			return process.ExitCode == 0;
 		}
 
-		void AssertProperlyCodesigned ()
+		void AssertProperlyCodesigned (bool expected)
 		{
 			foreach (var dylib in Directory.EnumerateFiles (AppBundlePath, "*.dylib", SearchOption.AllDirectories))
-				Assert.IsTrue (IsCodesigned (dylib), "{0} is not properly codesigned.", dylib);
+				Assert.AreEqual (expected, IsCodesigned (dylib), "{0} is not properly codesigned.", dylib);
 
 			foreach (var appex in Directory.EnumerateDirectories (AppBundlePath, "*.appex", SearchOption.AllDirectories))
-				Assert.IsTrue (IsCodesigned (appex), "{0} is not properly codesigned.", appex);
+				Assert.AreEqual (expected, IsCodesigned (appex), "{0} is not properly codesigned.", appex);
 
 			var watchDir = Path.Combine (AppBundlePath, "Watch");
 			if (Directory.Exists (watchDir)) {
 				foreach (var watchApp in Directory.EnumerateDirectories (watchDir, "*.app", SearchOption.TopDirectoryOnly))
-					Assert.IsTrue (IsCodesigned (watchApp), "{0} is not properly codesigned.", watchApp);
+					Assert.AreEqual (expected, IsCodesigned (watchApp), "{0} is not properly codesigned.", watchApp);
 			}
 		}
 
 		[Test]
 		public void RebuildNoChanges ()
 		{
+			bool expectedCodesignResults = Platform != "iPhoneSimulator";
+
 			BuildProject ("MyTabbedApplication", Platform, config, clean: true);
 
-			AssertProperlyCodesigned ();
+			AssertProperlyCodesigned (expectedCodesignResults);
 
 			var dsymDir = Path.GetFullPath (Path.Combine (AppBundlePath, "..", "MyTabbedApplication.app.dSYM"));
 			var appexDsymDir = Path.GetFullPath (Path.Combine (AppBundlePath, "..", "MyActionExtension.appex.dSYM"));
@@ -78,7 +80,7 @@ public void RebuildNoChanges ()
 			// Rebuild w/ no changes
 			BuildProject ("MyTabbedApplication", Platform, config, clean: false);
 
-			AssertProperlyCodesigned ();
+			AssertProperlyCodesigned (expectedCodesignResults);
 
 			var newTimestamps = Directory.EnumerateFiles (AppBundlePath, "*.*", SearchOption.TopDirectoryOnly).ToDictionary (file => file, file => GetLastModified (file));
 
@@ -121,10 +123,11 @@ public void CodesignAfterModifyingAppExtensionTest ()
 			var appexProjectDir = Path.Combine (testsDir, "MyActionExtension");
 			var viewController = Path.Combine (appexProjectDir, "ActionViewController.cs");
 			var mainExecutable = Path.Combine (AppBundlePath, "MyTabbedApplication");
+			bool expectedCodesignResults = Platform != "iPhoneSimulator";
 			var timestamp = File.GetLastWriteTimeUtc (mainExecutable);
 			var text = File.ReadAllText (viewController);
 
-			AssertProperlyCodesigned ();
+			AssertProperlyCodesigned (expectedCodesignResults);
 
 			Thread.Sleep (1000);
 
@@ -137,9 +140,9 @@ public void CodesignAfterModifyingAppExtensionTest ()
 				var newTimestamp = File.GetLastWriteTimeUtc (mainExecutable);
 
 				// make sure that the main app bundle was codesigned due to the changes in the appex
-				Assert.IsTrue (newTimestamp > timestamp, "The main app bundle does not seem to have been re-codesigned");
+				Assert.AreEqual (expectedCodesignResults, newTimestamp > timestamp, "The main app bundle does not seem to have been re-codesigned");
 
-				AssertProperlyCodesigned ();
+				AssertProperlyCodesigned (expectedCodesignResults);
 			} finally {
 				// restore the original ActionViewController.cs code...
 				text = text.Replace ("bool imageFound = true;", "bool imageFound = false;");
@@ -150,9 +153,11 @@ public void CodesignAfterModifyingAppExtensionTest ()
 		[Test]
 		public void RebuildWatchAppNoChanges ()
 		{
+			bool expectedCodesignResults = Platform != "iPhoneSimulator";
+
 			BuildProject ("MyWatch2Container", Platform, config, clean: true);
 
-			AssertProperlyCodesigned ();
+			AssertProperlyCodesigned (expectedCodesignResults);
 
 			Thread.Sleep (1000);
 
@@ -160,7 +165,7 @@ public void RebuildWatchAppNoChanges ()
 			BuildProject ("MyWatch2Container", Platform, config, clean: false);
 
 			// make sure everything is still codesigned properly
-			AssertProperlyCodesigned ();
+			AssertProperlyCodesigned (expectedCodesignResults);
 		}
 
 		[Test]
@@ -171,10 +176,11 @@ public void CodesignAfterModifyingWatchApp2Test ()
 			var appexProjectDir = Path.Combine (testsDir, "MyWatchKit2Extension");
 			var viewController = Path.Combine (appexProjectDir, "InterfaceController.cs");
 			var mainExecutable = Path.Combine (AppBundlePath, "MyWatch2Container");
+			bool expectedCodesignResults = Platform != "iPhoneSimulator";
 			var timestamp = File.GetLastWriteTimeUtc (mainExecutable);
 			var text = File.ReadAllText (viewController);
 
-			AssertProperlyCodesigned ();
+			AssertProperlyCodesigned (expectedCodesignResults);
 
 			Thread.Sleep (1000);
 
@@ -185,7 +191,7 @@ public void CodesignAfterModifyingWatchApp2Test ()
 			try {
 				BuildProject ("MyWatch2Container", Platform, config, clean: false);
 
-				AssertProperlyCodesigned ();
+				AssertProperlyCodesigned (expectedCodesignResults);
 
 				var newTimestamp = File.GetLastWriteTimeUtc (mainExecutable);
 
diff --git a/tests/framework-test/framework-test.csproj b/tests/framework-test/framework-test.csproj
index 52cfe2a1600e..ad06d82d9c9b 100644
--- a/tests/framework-test/framework-test.csproj
+++ b/tests/framework-test/framework-test.csproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -29,6 +29,7 @@
     <MtouchDebug>true</MtouchDebug>
     <CodesignKey>iPhone Developer</CodesignKey>
     <MtouchProfiling>true</MtouchProfiling>
+    <CodesignEntitlements>Entitlements.plist</CodesignEntitlements>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|iPhone' ">
     <DebugType>full</DebugType>
@@ -85,6 +86,7 @@
     <MtouchArch>i386, x86_64</MtouchArch>
     <MtouchLink>None</MtouchLink>
     <CodesignKey>iPhone Developer</CodesignKey>
+    <CodesignEntitlements>Entitlements.plist</CodesignEntitlements>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|iPhone' ">
     <DebugSymbols>true</DebugSymbols>
@@ -163,4 +165,4 @@
       <Name>bindings-framework-test</Name>
     </ProjectReference>
   </ItemGroup>
-</Project>
\ No newline at end of file
+</Project>