Skip to content

Commit 72415e3

Browse files
datlechindatlechin
committed
fix: strip iCloud entitlements during archive, restore for final codesign
1 parent a80e8ba commit 72415e3

1 file changed

Lines changed: 19 additions & 1 deletion

File tree

scripts/build-release.sh

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -352,12 +352,26 @@ build_for_arch() {
352352
SPM_CACHE_DIR="${HOME}/.spm-cache"
353353
mkdir -p "$SPM_CACHE_DIR"
354354

355+
# Create archive entitlements without iCloud (Developer ID profiles don't
356+
# include iCloud capability). Full entitlements are used for final codesign.
357+
local archive_entitlements="build/archive-entitlements.plist"
358+
if [ -f "$ENTITLEMENTS" ]; then
359+
echo "🔑 Preparing CI entitlements (stripping iCloud for archive)..."
360+
cp "$ENTITLEMENTS" "$archive_entitlements"
361+
/usr/libexec/PlistBuddy -c "Delete :com.apple.developer.icloud-container-identifiers" "$archive_entitlements" 2>/dev/null || true
362+
/usr/libexec/PlistBuddy -c "Delete :com.apple.developer.icloud-services" "$archive_entitlements" 2>/dev/null || true
363+
fi
364+
355365
# Generate ExportOptions.plist
356366
local export_options="build/ExportOptions-${arch}.plist"
357367
mkdir -p build
358368
generate_export_options "$export_options"
359369

360370
# ── Step 1: Archive ──
371+
# Swap entitlements: use stripped version for archive, restore original after
372+
cp "$ENTITLEMENTS" "${ENTITLEMENTS}.bak"
373+
cp "$archive_entitlements" "$ENTITLEMENTS"
374+
361375
local archive_path="build/TablePro-${arch}.xcarchive"
362376
echo "📦 Archiving..."
363377
if ! xcodebuild archive \
@@ -367,7 +381,8 @@ build_for_arch() {
367381
-arch "$arch" \
368382
-archivePath "$archive_path" \
369383
ONLY_ACTIVE_ARCH=YES \
370-
CODE_SIGN_STYLE=Automatic \
384+
CODE_SIGN_IDENTITY="$SIGN_IDENTITY" \
385+
CODE_SIGN_STYLE=Manual \
371386
DEVELOPMENT_TEAM="$TEAM_ID" \
372387
${ANALYTICS_HMAC_SECRET:+ANALYTICS_HMAC_SECRET="$ANALYTICS_HMAC_SECRET"} \
373388
-skipPackagePluginValidation \
@@ -379,6 +394,9 @@ build_for_arch() {
379394
fi
380395
echo "✅ Archive succeeded for $arch"
381396

397+
# Restore original entitlements (with iCloud) for final codesign
398+
mv "${ENTITLEMENTS}.bak" "$ENTITLEMENTS"
399+
382400
# Verify archive was created
383401
if [ ! -d "$archive_path" ]; then
384402
echo "❌ FATAL: Archive not found at $archive_path"

0 commit comments

Comments
 (0)