Bug 34704 - Work around an Apple codesign bug that breaks the CodesignVerify build task
Summary: Work around an Apple codesign bug that breaks the CodesignVerify build task
Status: RESOLVED FIXED
Alias: None
Product: iOS
Classification: Xamarin
Component: MSBuild ()
Version: XI 9.4 (iOS 9.2)
Hardware: All All
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
: 34845 ()
Depends on:
Blocks:
 
Reported: 2015-10-08 18:49 UTC by Evan Howarth
Modified: 2015-11-17 14:23 UTC (History)
4 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Evan Howarth 2015-10-08 18:49:49 UTC
Apple introduced a bug with the codesign tool in OS X 10.9.5 that is mentioned in: http://stackoverflow.com/questions/26008449/xcodebuild-codesign-vvvv-saysresource-envelope-is-obsolete

Codesign fails for some configurations with the message: "resource envelope is obsolete (custom omit rules)."

There is a workaround: "The command line tool “codesign” has changed in 10.9.5 and 10.10, you need to pass “--no-strict” option to the command, (the problem has been reported and will be fixed)."

Xamarin could work around the Apple bug with the following code change to Xamarin.iOS.Tasks.Core.dll:

namespace Xamarin.iOS.Tasks
{
	public abstract class CodesignVerifyTaskBase : Xamarin.MacDev.Tasks.CodesignVerifyTaskBase
	{
		protected override string GenerateCommandLineCommands()
		{
			ProcessArgumentBuilder processArgumentBuilder = new ProcessArgumentBuilder();
			processArgumentBuilder.Add( "--verify" );
new -->			processArgumentBuilder.Add( "--no-strict" );
			processArgumentBuilder.Add( "-vvvv" );
			processArgumentBuilder.Add( "-R='anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)'" );
			processArgumentBuilder.AddQuoted( this.Resource );
			return processArgumentBuilder.ToString();
		}
	}
}

Note the addition of the no-strict parameter. I tested this parameter and found it to work around the Apple bug for my projects.
Comment 1 Rolf Bjarne Kvinge [MSFT] 2015-10-09 04:19:30 UTC
From what I can see Apple's bug is already fixed in the latest versions of OS X 10.10, and our next version of Xamarin.iOS will require Xcode 7, which requires OS X 10.10, so as far as I can tell we don't need to work around Apple's bug (since the next version of Xamarin.iOS won't work on 10.9 anyway).
Comment 2 Evan Howarth 2015-10-09 08:00:46 UTC
This codesign misbehavior is occurring with OS X 10.10 and XCode 7. I discovered the problem yesterday after upgrading both. I also tested the work around and found that it resolves the failure.
Comment 3 Evan Howarth 2015-10-09 08:02:38 UTC
Correction: I upgraded to OS X El Capitan which is 10.11 -- not 10.10.
Comment 4 Jeffrey Stedfast 2015-10-12 18:05:45 UTC
Check your Info.plist for a CFResourceRules (I think?) key. If it exists, then that is the problem.

I recently made a fix related to this.
Comment 5 Jeffrey Stedfast 2015-10-12 18:06:41 UTC
Oops, the Info.plist key is CFBundleResourceSpecification
Comment 6 Jeffrey Stedfast 2015-10-14 16:42:16 UTC
*** Bug 34845 has been marked as a duplicate of this bug. ***
Comment 7 Hitesh Hotlani 2015-10-14 21:34:21 UTC
The problem is that the iOS SDK you're using uses custom resource rules when signing, which are no longer supported on OS X 10.9.5 and later.

Removing the custom resource rules should fix the codesign issue.
Comment 8 Jeffrey Stedfast 2015-11-17 14:23:09 UTC
With the cycle6 release published today, this should no longer be a problem since we no longer specify ResourceRules.