Comments (11)
We pre-process a template entitlements file to set whatever values we need here, so that we just don't rely on the Xcode specific replacements anymore. So we just use a bazel rule to decide what values we should set, aka the AppIdentifierPrefix
and then provide that file to the ios_application etc rule
from rules_apple.
We hit this same case. Definitely using the keychain APIs requires application-identifier
which Xcode always sets for simulator builds. I was able to work around this by setting it manually in my entitlements files, but should this be something bazel adds instead?
from rules_apple.
Yeah this is still an issue on our side as well. Still using the same old hacky workaround. I set the value to .{bundle_id}
(effectively minus the prefix) and it seems to work ok. Maybe that's enough for the simulator?
from rules_apple.
Based on this logic
rules_apple/tools/plisttool/plisttool.py
Lines 1142 to 1151 in 0e593c7
application-identifier
to the entitlements files.
I'm personally just going to check in this key to our plists, even for use with Xcode. The value is just TEAM_ID.BUNDLE_ID
so I think it should be safe to include
from rules_apple.
The rules never auto add entitlements. Just like Xcode the default ones can be extracted form the provisioning profile and and be used, but that's it.
from rules_apple.
Ah interesting thanks for the context, would this be a reasonable addition? This can also be extracted from the profile
from rules_apple.
We only do the default extraction to match what Xcode does. In general you should manage your entitlements just like if you were using Xcode, adding exactly what you need.
For someone with multiple apps, it isn't uncommon for the default dev profile to list some common set of needs (keychain, etc.), and then each individual app opts into needing them via a local entitlements file. That way the default dev profile rarely needs tweaking, but the apps can call out what they need so they don't trigger OS requirements for things in the profile default that aren't actually used by the app.
from rules_apple.
In general you should manage your entitlements just like if you were using Xcode, adding exactly what you need.
I guess this statement conflicts a bit, we don't add this one, but we do need it, but to manage it the same way Xcode does with bazel, bazel would have to add it for us.
but the apps can call out what they need so they don't trigger OS requirements for things in the profile default that aren't actually used by the app.
Yea for us all of our apps need this entitlement, so it is in all the profiles, including the dev ones
from rules_apple.
Trying to remember all the details here…
I think one difference between Bazel and Xcode is Xcode ends up always having a provisioning profile via the default one created for every Apple Developer account (and then downloaded via Xcode). So the real "fix" might be to figure out a way to always have a provisioning profile, maybe some way to auto find it like Xcode does. I'm pretty sure for device it will fail the build before starting if it can't find a profile to use, not so sure about simulator though.
In the mean time, it might make sense to issue a warning (print()
when a build is done with entitlements but no provisioning profile to try and inform folks that part of their BUILD file is getting ignored. I'm not sure if this would end up being extremely chatty on folks and thus a negative vs. a positive change.
Given the simulator is already sloppy with validation of entitlements, it might be possible to just fake a team ID (99999.…) and capture the entitlements anyway. If the app/test is using api that need real entitlements; it likely means a real profile.
The last part in here that needs a revisit because Apple could have changed things since someone looked closely at this is get-task-allow
. With macOS getting more strict in general, the rules might need to ensure entitlements always happen under the simulator to ensure the things can be debugged. i.e. - if Xcode always does this for the Simulator the rules might need to start doing it also.
from rules_apple.
FWIW you don't have to have a provisioning profile for simulator builds since you don't have to log into any developer account in Xcode. Also even if you do if there's already a profile for the bundle ID you're trying to build I believe that will conflict and not create one for you.
from rules_apple.
Just ran into this, do either of you have more details on the workarounds you're using?
Essentially, when we run in Xcode via simulator it provides a the team id as the AppIdentifierPrefix
since its not signed. When running with Bazel, we need to provide the entitlements file and along with that the provisioning profile. This makes it so the AppIdentifierPrefix is the app id.
Which means, Xcode and Bazel behavior is different here which is leading to keychain access issues as our code uses the app id prefix for access.
from rules_apple.
Related Issues (20)
- `ios_build_test` and `ios_application ` cannot be directly used with default platform from apple_support HOT 4
- iOS app tutorial steps produce an app that crashes on launch HOT 1
- xctoolrunner failed: error executing in Downstream CI with Bazel@HEAD HOT 2
- How to build for multiple architectures HOT 10
- Support XCFramework Signatures HOT 5
- Failed xctoolrunner error executing AssetCatalogCompile command with Bazel@HEAD HOT 2
- Terminating app due to uncaught exception 'IBPlatformToolFailureException', reason: 'The tool closed the connection (AssetCatalogSimulatorAgent) HOT 1
- Bazel 7: Linking actions missing`-framework` flags for framework imports HOT 2
- iOSApp.ipa: code object is not signed at all HOT 1
- framework import by apple_static_framework_import crashed after update bazel from 5.4.1 to 6.5.0 HOT 3
- Duplicate symbols from apple_static_xcframework
- [Bazel 7] ios_application linking issue - "Could not find or use auto-linked framework" HOT 3
- [Bazel CI] Rule fails to build with error: 'struct' value has no field or method 'to_json' HOT 2
- `target_compatible_with` appears to be broken in Bazel 7.x
- `security` tool fails when codesigning with 3.5.0 HOT 2
- Support extension blocks in DocC rule
- Question: data attribute for macos_command_line_application or alternative
- Unable to nest app bundles within a macos_application
- How should I build a Network Extension about Xcode HOT 4
- Generated XCFramework fails on Xcode 15.3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rules_apple.