Improve the entitlements debug/release experience #18344
Comments
|
You can add custom entitlements without a plist using the CustomEntitlements item group. So this: could be replaced with: <ItemGroup Condition="$(TargetFramework.Contains('-maccatalyst')) and '$(Configuration)' == 'Debug'">
<CustomEntitlements Include="com.apple.security.get-task-allow" Type="boolean" Value="true" />
</ItemGroup>
If the app is published through other means than the App Store, then those entitlements aren't needed (and maybe even just plain wrong). One idea could be to introduce a helper property to indicate the app developer's intentions: <PropertyGroup>
<AppPublishingIntention>AppStore</AppPublishingIntention> <!-- we set defaults to make release work for the app store -->
<AppPublishingIntention>AdHoc</AppPublishingIntention> <!-- we set defaults to make release work for adhoc publishing -->
<!-- if not set, we'll guess something (which may or may not change in the future) -->
</PropertyGroup>There's also the question of identifying a debug or a release or a publish build: it's been a point of friction for customers that we pivot on the Configuration, but nobody has come up with a better solution (dotnet/sdk#31918). |
…8669) Added default entitlements for MacCatalyst templates. For Debug, the com.apple.security.get-task-allow entitlement that allows for using developer tools when developing MAUI Blazor apps. For release, com.apple.security.app-sandbox is required to publish MacCatalyst apps to the Mac App Store. Also added unit test to check for entitlements when project is created. Fixes #18344 --------- Co-authored-by: GitHub Actions Autoformatter <github-actions-autoformatter@xamarin.com> Co-authored-by: Rolf Bjarne Kvinge <rolf@xamarin.com>
|
@rolfbjarne Is this CustomEntitlements node documented anywhere? How do I set multiple values like the StringArray? |
|
@aritchie no, it's not documented yet, but you can set a string array like this: <ItemGroup>
<CustomEntitlements Include="com.apple.security.get-task-allow" Type="stringarray" Value="a;b;c" />
</ItemGroup>More details can be found here: |
|
@rolfbjarne Much appreciated! This works better than docs anyhow |
@rolfbjarne Thank you. This helped me work through an issue where I had to use multiple entitlement files to support push notifications on iOS. Now I'm using the ItemGroup version here, and it works within my Github Action to build the maui app. @aritchie There does seem to be some documentation of this feature here for maui blazor, though I'm using traditional maui. Add domain association entitlements to the app: https://learn.microsoft.com/en-us/aspnet/core/blazor/hybrid/routing?view=aspnetcore-8.0&pivots=maui#add-domain-association-entitlements-to-the-app |
|
@rolfbjarne one last issue I'm seeing - <CustomEntitlements Include="keychain-access-groups" Type="StringArray" Value="$(AppIdentifierPrefix)com.mydomain" />Obviously, $(AppIdentifierPrefix) is replaced to "" by msbuild. I tried an escape of %24(AppIdentifierPrefix) which did set the entitlement, but the teamID is never set. Manually entering the teamID here does work obviously, but isn't ideal. Thoughts? Also - this customentitlement doesn't seem to be put on the simulator and causes crashes for MSAL based setups. |
Looking at recent changes to our MAUI templates:
https://github.com/dotnet/maui/blob/main/src/Templates/src/templates/maui-mobile/MauiApp.1.csproj#L64-L73
This is a bit verbose and would be preferable to not include in the templates by default.
How can we improve the implicit behaviour here?
Entitlements.Debug.plist
I'm not sure exactly why this one was added... perhaps for debugging the webview, or maybe for secure storage API's in debug mode
Entitlements.Release.plist
These are required for publishing catalyst apps to the store.
Proposal
PartialEntitlementsPlistthat allows multiple entitlements files to be added to the build to be merged together.The text was updated successfully, but these errors were encountered: