What iOS entitlements does Sauce automatic resigning support?

Question

What iOS entitlements does Sauce automatic resigning support?

Closed this issue 3 years ago · 3 comments

Have you read the Contributing Guidelines on issues?

Yes

Description

Need to define the entitlements used in the iOS resigning process. This only impacts Real Device iOS tests. This way users can build their apps with this target in mind, or know if iOS resigning will work for them.

Suggested Fix

Waiting on developer feedback.

Documentation Checklist

Typos
Grammar
Incorrect information
Missing information

Answer 1 · 2021-11-02T12:46:24.000Z

Hi @mdsauce -- Just checking in on this issue. You mention that you are waiting for developer input -- should we tag anyone here, or are you collecting that feedback externally? Please let me know how I can help to get this clarified in the docs.

Answer 2 · 2021-11-12T22:31:41.000Z

We should have an answer here @sweeneyskirt-sl https://saucedev.atlassian.net/browse/MOBA-5902

Private devices

Customers can resign themselves. If they do, they can use all mentioned entitlements using their provisioning profile.

Public devices

Our resigner includes keychain-access-groups but not the other two:
❌ com.apple.developer.associated-domains
❌ com.apple.security.application-groups
✅ keychain-access-groups (MOBA-5212 is only this one)

Entitlements we resign with

<dict>
	<key>application-identifier</key>
	<string>XXXXXXXXXX.*</string>
	<key>keychain-access-groups</key>
	<array>
		<string>XXXXXXXXXX.*</string>
		<string>com.apple.token</string>
	</array>
	<key>get-task-allow</key>
	<true/>
	<key>com.apple.developer.team-identifier</key>
	<string>XXXXXXXX</string>
	<key>com.apple.developer.ubiquity-kvstore-identifier</key>
	<string>XXXXXXXX.*</string>
	<key>com.apple.developer.ubiquity-container-identifiers</key>
	<array>
		<string>XXXXXXXXXX.*</string>
	</array>
	<key>inter-app-audio</key>
	<true/>
	<key>com.apple.developer.networking.networkextension</key>
	<array>
		<string>app-proxy-provider</string>
		<string>content-filter-provider</string>
		<string>packet-tunnel-provider</string>
		<string>dns-proxy</string>
		<string>dns-settings</string>
	</array>
	<key>com.apple.developer.siri</key>
	<true/>
	<key>com.apple.developer.pass-type-identifiers</key>
        <array>
            <string>XXXXX.*</string>
        </array>
 </dict>

Answer 3 · 2021-11-17T21:24:24.000Z

Hi @mdsauce -- I have included this information in the doc page about creating .ipa files and linked to it from the test configuration options page. Please review the PR and let me know if the changes resolve this issue. Thanks!