[msbuild] Unify and improve code to validate entitlements. #22794

rolfbjarne · 2025-05-13T11:34:30Z

Collect data on all entitlements Apple has documented + a few more Apple didn't document.
Add extensive validation for all of them. Some of the more complex ones (where entitlements are arrays or dictionaries of arrays or arrays of dictionaries, just some basic validation was added).
The validation logic will only raise warnings by default for now, because we don't want to break people if we get the validation logic wrong (it's quite complex and Apple also adds new entitlements all the time). It's also trivial to disable the validation if so desired (or report warnings instead of errors). However, starting in .NET 11 we'll report errors instead by default.
The validation logic will also log a lot of information about the entitlements it finds in the provisioning profile, and the entitlements the app requests/demands.

Added numerous tests. Apparently plenty, because when I asked Copilot to add more tests, it refused:

  The file CompileEntitlementsTaskTests.cs already contains comprehensive unit tests for validating entitlements in the `CompileEntitlements` class, including:

  - Validation of entitlements present or missing in the provisioning profile.
  - Handling of custom entitlements (string, boolean, string array, removal).
  - Validation of platform-specific entitlements.
  - Tests for different validation modes (`error`, `warn`, `disable`).
  - Tests for matching and mismatched entitlement values.
  - Tests for entitlements in both file and custom item group modes.

  These tests cover the main scenarios for entitlement validation, including error and warning reporting, and platform restrictions.

  If you want to add a specific new test case or scenario not already covered, please specify the case. Otherwise, the current suite already exercises the entitlement validation logic thoroughly.

vs-mobiletools-engineering-service2 · 2025-05-16T17:16:43Z

✅ [PR Build #cb553b8] Build passed (Detect API changes) ✅

Pipeline on Agent
Hash: cb553b8e0b685787c617fead239def893d40717a [PR build]

vs-mobiletools-engineering-service2 · 2025-05-16T18:04:57Z

✅ API diff for current PR / commit

.NET ( No breaking changes )

iOS: vsdrops gist ( No breaking changes )
tvOS: vsdrops gist ( No breaking changes )
MacCatalyst: vsdrops gist ( No breaking changes )
macOS: vsdrops gist ( No breaking changes )

✅ API diff vs stable

.NET ( No breaking changes )

iOS: vsdrops gist ( No breaking changes )
tvOS: vsdrops gist ( No breaking changes )
MacCatalyst: vsdrops gist ( No breaking changes )
macOS: vsdrops gist ( No breaking changes )

ℹ️ Generator diff

Generator Diff: vsdrops (html) vsdrops (raw diff) gist (raw diff) - Please review changes)

Pipeline on Agent
Hash: cb553b8e0b685787c617fead239def893d40717a [PR build]

vs-mobiletools-engineering-service2 · 2025-05-16T19:52:36Z

✅ [CI Build #cb553b8] Build passed (Build packages) ✅

Pipeline on Agent
Hash: cb553b8e0b685787c617fead239def893d40717a [PR build]

vs-mobiletools-engineering-service2 · 2025-05-16T20:50:00Z

✅ [CI Build #cb553b8] Build passed (Build macOS tests) ✅

Pipeline on Agent
Hash: cb553b8e0b685787c617fead239def893d40717a [PR build]

vs-mobiletools-engineering-service2 · 2025-05-16T21:00:37Z

💻 [CI Build #cb553b8] Tests on macOS X64 - Mac Sonoma (14) passed 💻

✅ All tests on macOS X64 - Mac Sonoma (14) passed.

Pipeline on Agent
Hash: cb553b8e0b685787c617fead239def893d40717a [PR build]

vs-mobiletools-engineering-service2 · 2025-05-16T21:03:04Z

💻 [CI Build #cb553b8] Tests on macOS M1 - Mac Monterey (12) passed 💻

✅ All tests on macOS M1 - Mac Monterey (12) passed.

Pipeline on Agent
Hash: cb553b8e0b685787c617fead239def893d40717a [PR build]

vs-mobiletools-engineering-service2 · 2025-05-16T21:03:42Z

💻 [CI Build #cb553b8] Tests on macOS arm64 - Mac Sequoia (15) passed 💻

✅ All tests on macOS arm64 - Mac Sequoia (15) passed.

Pipeline on Agent
Hash: cb553b8e0b685787c617fead239def893d40717a [PR build]

vs-mobiletools-engineering-service2 · 2025-05-16T21:04:59Z

💻 [CI Build #cb553b8] Tests on macOS M1 - Mac Ventura (13) passed 💻

✅ All tests on macOS M1 - Mac Ventura (13) passed.

Pipeline on Agent
Hash: cb553b8e0b685787c617fead239def893d40717a [PR build]

vs-mobiletools-engineering-service2 · 2025-05-19T06:32:47Z

🚀 [CI Build #cb553b8] Test results 🚀

Test results

✅ All tests passed on VSTS: test results.

🎉 All 115 tests passed 🎉

Tests counts

✅ cecil: All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (iOS): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (MacCatalyst): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (macOS): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (Multiple platforms): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (tvOS): All 1 tests passed. Html Report (VSDrops) Download
✅ framework: All 2 tests passed. Html Report (VSDrops) Download
✅ fsharp: All 4 tests passed. Html Report (VSDrops) Download
✅ generator: All 5 tests passed. Html Report (VSDrops) Download
✅ interdependent-binding-projects: All 4 tests passed. Html Report (VSDrops) Download
✅ introspection: All 4 tests passed. Html Report (VSDrops) Download
✅ linker: All 44 tests passed. Html Report (VSDrops) Download
✅ monotouch (iOS): All 8 tests passed. Html Report (VSDrops) Download
✅ monotouch (MacCatalyst): All 11 tests passed. Html Report (VSDrops) Download
✅ monotouch (macOS): All 9 tests passed. Html Report (VSDrops) Download
✅ monotouch (tvOS): All 8 tests passed. Html Report (VSDrops) Download
✅ msbuild: All 2 tests passed. Html Report (VSDrops) Download
✅ windows: All 3 tests passed. Html Report (VSDrops) Download
✅ xcframework: All 4 tests passed. [attempt 2] Html Report (VSDrops) Download
✅ xtro: All 1 tests passed. Html Report (VSDrops) Download

Pipeline on Agent
Hash: cb553b8e0b685787c617fead239def893d40717a [PR build]

rolfbjarne · 2025-05-20T06:32:58Z

Waiting until after Xcode 16.4 support has been released.

This comment has been minimized.

Sign in to view

rolfbjarne marked this pull request as ready for review May 16, 2025 16:28

rolfbjarne requested review from emaf and mauroa as code owners May 16, 2025 16:28

This comment has been minimized.

Sign in to view

dalexsoto approved these changes May 16, 2025

View reviewed changes

This comment has been minimized.

Sign in to view

emaf approved these changes May 19, 2025

View reviewed changes

rolfbjarne added the do-not-merge Do not merge this pull request label May 20, 2025

rolfbjarne removed the do-not-merge Do not merge this pull request label May 30, 2025

rolfbjarne merged commit d1efcd2 into main May 30, 2025
40 checks passed

rolfbjarne deleted the dev/rolf/validate-entitlements-improvements branch May 30, 2025 11:26

rolfbjarne mentioned this pull request Oct 7, 2025

Improve diagnostics when provisioning profile doesn't include requested entitlements #17438

Closed

[msbuild] Unify and improve code to validate entitlements. #22794

[msbuild] Unify and improve code to validate entitlements. #22794

Uh oh!

Conversation

rolfbjarne commented May 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

vs-mobiletools-engineering-service2 commented May 16, 2025

✅ [PR Build #cb553b8] Build passed (Detect API changes) ✅

Uh oh!

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

vs-mobiletools-engineering-service2 commented May 16, 2025

✅ API diff for current PR / commit

✅ API diff vs stable

ℹ️ Generator diff

Uh oh!

vs-mobiletools-engineering-service2 commented May 16, 2025

✅ [CI Build #cb553b8] Build passed (Build packages) ✅

Uh oh!

vs-mobiletools-engineering-service2 commented May 16, 2025

✅ [CI Build #cb553b8] Build passed (Build macOS tests) ✅

Uh oh!

vs-mobiletools-engineering-service2 commented May 16, 2025

💻 [CI Build #cb553b8] Tests on macOS X64 - Mac Sonoma (14) passed 💻

Uh oh!

vs-mobiletools-engineering-service2 commented May 16, 2025

💻 [CI Build #cb553b8] Tests on macOS M1 - Mac Monterey (12) passed 💻

Uh oh!

vs-mobiletools-engineering-service2 commented May 16, 2025

💻 [CI Build #cb553b8] Tests on macOS arm64 - Mac Sequoia (15) passed 💻

Uh oh!

vs-mobiletools-engineering-service2 commented May 16, 2025

💻 [CI Build #cb553b8] Tests on macOS M1 - Mac Ventura (13) passed 💻

Uh oh!

This comment has been minimized.

This comment has been minimized.

vs-mobiletools-engineering-service2 commented May 19, 2025

🚀 [CI Build #cb553b8] Test results 🚀

Test results

Tests counts

Uh oh!

rolfbjarne commented May 20, 2025

Uh oh!

rolfbjarne commented May 13, 2025 •

edited

Loading