Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Tags: blokadaorg/blokada

Tags

26.2.22/six/ios

Toggle 26.2.22/six/ios's commit message
fix(ios): gate ITMS-91065 on signed=true, warn (not fail) on missing …

…timestamp

The 26.2.21 release build hit the verify gate, not Apple: the bundle-signing
from #1137 worked — every plugin xcframework's recorded origin signature is now
`signed=true` (was `signed=false` in 26.2.20) — but `isSecureTimestamp=false`,
and the gate required both, so it failed the build before upload.

`signed=true` is the documented ITMS-91065 requirement ("the SDK must include a
signature file"). A secure timestamp is best-practice (Apple's example signs
with --timestamp) but is NOT confirmed to be required, and Xcode's archive does
not reliably stamp `isSecureTimestamp=true` onto the recorded origin signature
even when the .xcframework was signed with --timestamp. Requiring it blocks a
build that already meets the documented requirement.

Gate hard on `signed=true`; downgrade a missing secure timestamp to a WARNING so
the build uploads and App Store Connect — the only authority on whether the
timestamp is mandatory — gives the verdict. If Apple still flags ITMS-91065,
we'll know the timestamp is required and can target it specifically.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

26.2.22/family/ios

Toggle 26.2.22/family/ios's commit message
fix(ios): gate ITMS-91065 on signed=true, warn (not fail) on missing …

…timestamp

The 26.2.21 release build hit the verify gate, not Apple: the bundle-signing
from #1137 worked — every plugin xcframework's recorded origin signature is now
`signed=true` (was `signed=false` in 26.2.20) — but `isSecureTimestamp=false`,
and the gate required both, so it failed the build before upload.

`signed=true` is the documented ITMS-91065 requirement ("the SDK must include a
signature file"). A secure timestamp is best-practice (Apple's example signs
with --timestamp) but is NOT confirmed to be required, and Xcode's archive does
not reliably stamp `isSecureTimestamp=true` onto the recorded origin signature
even when the .xcframework was signed with --timestamp. Requiring it blocks a
build that already meets the documented requirement.

Gate hard on `signed=true`; downgrade a missing secure timestamp to a WARNING so
the build uploads and App Store Connect — the only authority on whether the
timestamp is mandatory — gives the verdict. If Apple still flags ITMS-91065,
we'll know the timestamp is required and can target it specifically.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

26.2.21/family/ios

Toggle 26.2.21/family/ios's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix(ios): sign plugin xcframework bundles w/ timestamp (real ITMS-910…

…65 fix) (#1137)

ITMS-91065 ("Missing signature") kept rejecting sqflite_darwin across 26.2.18–
26.2.20 despite the embedded framework being validly code-signed. Root cause,
found by inspecting the rejected IPA: ITMS-91065 does NOT read the embedded
framework's code signature — it reads the xcframework's *origin* signature,
recorded by the archive into `Signatures/<name>.xcframework-ios.signature`. For
every plugin that file said `signed=false, isSecureTimestamp=false`, because we
signed the inner .framework while the .xcframework *bundle* stayed unsigned (and
the host export re-signs the embedded slice anyway, so the inner signing was a
no-op — it never affected the shipped binary).

Fix = Apple's canonical command, also the sqflite maintainer's accepted fix
(tekartik/sqflite#1129): sign the .xcframework BUNDLE with `--timestamp`, so the
recorded origin signature is signed=true AND isSecureTimestamp=true.

- sign-ios-frameworks.sh: sign the plugin .xcframework bundles with
  `--timestamp` (was: inner per-slice .framework, no timestamp). Keep excluding
  Flutter (already Google-signed; re-signing broke the archive in 26.2.18), App
  and FlutterPluginRegistrant (not third-party SDKs). Verify each carries a
  secure timestamp before the archive consumes it.
- verify-ios-ipa-signatures.sh: add the real ITMS-91065 gate — parse
  Signatures/*.xcframework-ios.signature and require signed=true +
  isSecureTimestamp=true for each non-excluded SDK xcframework. Keep the
  embedded code-signature check as a defensive secondary check.

Verified against the actual rejected 26.2.20 IPA: the new gate FAILS it on all
9 plugin origin signatures (signed=false) and PASSES once corrected. Confirmed
locally that `codesign --timestamp --sign` on an .xcframework yields a secure
Timestamp. Supersedes the inner-framework signing from #1135 (#1136 unaffected).

Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

26.2.20/six/ios

Toggle 26.2.20/six/ios's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix(ios): make IPA signature verifier SIGPIPE-safe (fixes make Error …

…141) (#1136)

verify-ios-ipa-signatures.sh died with exit 141 on the real release archive:
`make[1]: *** [build-ios-six] Error 141`. The archive itself now succeeds
(Flutter/App exclusion works — `sign-ios-frameworks: signed & verified 18
framework(s)`), but the verifier piped `codesign -dvv | awk '…exit'`. awk's
early exit closes the pipe, codesign dies with SIGPIPE, and `set -o pipefail`
+ `set -e` propagate 141 and abort the script. Local test frameworks were too
small to keep codesign writing past awk's exit, so it only triggered on the
large real frameworks in CI.

Parse captured strings via here-strings / bash builtins instead of piping into
early-exiting consumers (awk exit, grep -q, head): capture `codesign -dvv` into
a var first, match the authority with `case`, take the first verify line with
`${verr%%$'\n'*}`, and feed the required-framework grep from a here-string.

Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

26.2.20/family/ios

Toggle 26.2.20/family/ios's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix(ios): make IPA signature verifier SIGPIPE-safe (fixes make Error …

…141) (#1136)

verify-ios-ipa-signatures.sh died with exit 141 on the real release archive:
`make[1]: *** [build-ios-six] Error 141`. The archive itself now succeeds
(Flutter/App exclusion works — `sign-ios-frameworks: signed & verified 18
framework(s)`), but the verifier piped `codesign -dvv | awk '…exit'`. awk's
early exit closes the pipe, codesign dies with SIGPIPE, and `set -o pipefail`
+ `set -e` propagate 141 and abort the script. Local test frameworks were too
small to keep codesign writing past awk's exit, so it only triggered on the
large real frameworks in CI.

Parse captured strings via here-strings / bash builtins instead of piping into
early-exiting consumers (awk exit, grep -q, head): capture `codesign -dvv` into
a var first, match the authority with `case`, take the first verify line with
`${verr%%$'\n'*}`, and feed the required-framework grep from a here-string.

Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

26.2.19/six/ios

Toggle 26.2.19/six/ios's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix(ios): don't re-sign Flutter/App xcframeworks (fixes release archi…

…ve) (#1135)

The ITMS-91065 signing fix (#1133) signed every *.framework under the
ios-framework output, including Flutter's own pre-signed Flutter.framework
and App.framework. Re-signing those breaks the host archive: Xcode's
ProcessXCFramework -> SignatureCollection on Flutter.xcframework fails with
`SWBUtil.CodeSignatureInfo.Error error 0` -> ** ARCHIVE FAILED **, which
broke the 26.2.18 release build (the PR "CI" workflow is build+lint only and
never runs the gym Release archive, so #1133 merged green).

- sign-ios-frameworks.sh: exclude Flutter, App and the static link-only
  FlutterPluginRegistrant xcframeworks; keep signing the unsigned third-party
  plugins (sqflite_darwin, path_provider, shared_preferences, Adapty*) that
  ITMS-91065 actually flags.
- verify-ios-ipa-signatures.sh (new): post-archive gate that cracks the .ipa
  and asserts every embedded framework (Flutter/App included) is signed by the
  Apple Distribution identity, so a missing/wrong signature fails the build
  before upload instead of at App Store Connect.
- Makefile: run the verifier after the host archive in build-ios{,-family,-six}.

Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

26.2.18/six/ios

Toggle 26.2.18/six/ios's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix(ios): sign add-to-app plugin xcframeworks to fix ITMS-91065 (#1133)

* fix(ios): sign add-to-app plugin xcframeworks to fix ITMS-91065

`flutter build ios-framework` (common/Makefile `build-ios`) emits every
plugin as an UNSIGNED .xcframework. The host embeds them with Code-Sign-
On-Copy, but that runtime re-sign is unreliable for the device slice of a
pre-built xcframework (flutter/flutter#148300, #179634), so commonly-used
SDKs ship unsigned and App Store Connect rejects the upload with
ITMS-91065 ("Missing signature") for sqflite (sqflite_darwin.framework),
path_provider, shared_preferences and Flutter.

This surfaced with the CocoaPods->add-to-app migration (f4f78dd): pods
compiled/signed plugins inline, so there was never a standalone
sqflite_darwin.framework for Apple to flag; now each plugin is a discrete
embedded framework.

Add scripts/sign-ios-frameworks.sh, which codesigns the inner per-slice
.framework of every produced xcframework with the Apple Distribution
identity, and run it between `make -C common build-ios` and the host
archive in the release targets (build-ios / -family / -six). Signing the
.xcframework wrapper is NOT enough -- it does not propagate to the inner
frameworks that land in the app bundle, so the inner frameworks are signed
directly. Idempotent with Code-Sign-On-Copy; debug/simulator builds are
untouched. Self-signing with our own distribution cert satisfies
ITMS-91065 (Apple allows it).

SPM deps (Firebase, Factory, CodeScanner) are statically linked, not
embedded, so they are not affected.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

* fix(ios): route default `make build` through build-ios so it signs too

The top-level `build` target ran `make -C ios build` (Fastlane archive)
directly after `make -C common build`, which builds the Android aar, not
the iOS plugin xcframeworks. So `build` never built the iOS frameworks
(broken on a clean checkout) and, with leftover output present, embedded
stale UNSIGNED frameworks — bypassing the new signing step and still
hitting ITMS-91065.

Route its iOS step through the root `build-ios` target, which builds the
frameworks, signs them, then archives. Closes the unsigned bypass path
flagged in review.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

26.2.18/family/ios

Toggle 26.2.18/family/ios's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix(ios): sign add-to-app plugin xcframeworks to fix ITMS-91065 (#1133)

* fix(ios): sign add-to-app plugin xcframeworks to fix ITMS-91065

`flutter build ios-framework` (common/Makefile `build-ios`) emits every
plugin as an UNSIGNED .xcframework. The host embeds them with Code-Sign-
On-Copy, but that runtime re-sign is unreliable for the device slice of a
pre-built xcframework (flutter/flutter#148300, #179634), so commonly-used
SDKs ship unsigned and App Store Connect rejects the upload with
ITMS-91065 ("Missing signature") for sqflite (sqflite_darwin.framework),
path_provider, shared_preferences and Flutter.

This surfaced with the CocoaPods->add-to-app migration (f4f78dd): pods
compiled/signed plugins inline, so there was never a standalone
sqflite_darwin.framework for Apple to flag; now each plugin is a discrete
embedded framework.

Add scripts/sign-ios-frameworks.sh, which codesigns the inner per-slice
.framework of every produced xcframework with the Apple Distribution
identity, and run it between `make -C common build-ios` and the host
archive in the release targets (build-ios / -family / -six). Signing the
.xcframework wrapper is NOT enough -- it does not propagate to the inner
frameworks that land in the app bundle, so the inner frameworks are signed
directly. Idempotent with Code-Sign-On-Copy; debug/simulator builds are
untouched. Self-signing with our own distribution cert satisfies
ITMS-91065 (Apple allows it).

SPM deps (Firebase, Factory, CodeScanner) are statically linked, not
embedded, so they are not affected.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

* fix(ios): route default `make build` through build-ios so it signs too

The top-level `build` target ran `make -C ios build` (Fastlane archive)
directly after `make -C common build`, which builds the Android aar, not
the iOS plugin xcframeworks. So `build` never built the iOS frameworks
(broken on a clean checkout) and, with leftover output present, embedded
stale UNSIGNED frameworks — bypassing the new signing step and still
hitting ITMS-91065.

Route its iOS step through the root `build-ios` target, which builds the
frameworks, signs them, then archives. Closes the unsigned bypass path
flagged in review.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

26.2.17/six

Toggle 26.2.17/six's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
sync: update translate strings to: 35ecb (#1132)

Co-authored-by: blokada-ci[bot] <276300274+blokada-ci[bot]@users.noreply.github.com>

26.2.17/family

Toggle 26.2.17/family's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
sync: update translate strings to: 35ecb (#1132)

Co-authored-by: blokada-ci[bot] <276300274+blokada-ci[bot]@users.noreply.github.com>