Skip to content

Improved allowProvisioningUpdates & auth key support  #139212

New issue
New issue
Open
Open
Improved allowProvisioningUpdates & auth key support #139212
Labels
P2Important issues not at the top of the work listc: new featureNothing broken; request for a new capabilityc: proposalA detailed proposal for a change to Flutterplatform-iosiOS applications specificallyt: xcode"xcodebuild" on iOS and general Xcode project managementteam-iosOwned by iOS platform teamtoolAffects the "flutter" command-line tool. See also t: labels.triaged-iosTriaged by iOS platform team
@samdeane

Description

@samdeane
samdeane
opened on Nov 29, 2023

Is there an existing issue for this?

Use case

When running flutter build ipa, the -allowProvisioningUpdates flag is applied at the export stage, but I think that it isn't being applied when building the initial archive.

I have a project set up for automatic signing, which fails a flutter build ipa because there's no signing certificate: ```
Error (Xcode): No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID
"23Z8894VWP" with a private key was found.
/Users/sam/Developer/Projects/mono/client/club/ios/Runner.xcodeproj


It does not appear to attempt to repair/create the keys, which is what I would expect if the `-allowProvisioningUpdates` flag was supplied to xcode during the archiving phase.

If I perform a manual xcodebuild and supply that flag (and also an app store api key), it works: ```
    xcodebuild archive \
      -workspace "client/$APP_NAME/ios/Runner.xcworkspace" \
      -scheme Runner \
      -destination generic/platform=iOS \
      -archivePath "$ARCHIVE_NAME" \
      -allowProvisioningUpdates \
      -authenticationKeyID $AUTH_KEY \
      -authenticationKeyIssuerID $AUTH_ISSUER \
      -authenticationKeyPath "~/.private_keys/AuthKey_$AUTH_KEY.p8"

It will correctly generate the developer cert/key. Running flutter build ipa will subsequently succeed.

I'm not sure that using the authKey is specifically necessary here - it would probably also work without it if the user had an up to date developer signing account signed in with Xcode. Being able to supply the key is useful though.

It would be great to be able to build this behaviour into flutter, particularly for use in CI environments.

Proposal

Two changes:

  • Extend flutter build ipa so that authentication key arguments can be passed through to xcode build
  • Extend flutter build ipa so that the initial archive correctly uses the -allowProvisioningUpdates flag

The first would be useful regardless.

The second ought to be happening now, but I believe that there may be a hole in the logic of buildXcodeProject which is causing the flag not to be applied in my situation. Either that, or it's the fact that the auth key arguments are required in my case -- I haven't quite figured out which.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Important issues not at the top of the work listc: new featureNothing broken; request for a new capabilityc: proposalA detailed proposal for a change to Flutterplatform-iosiOS applications specificallyt: xcode"xcodebuild" on iOS and general Xcode project managementteam-iosOwned by iOS platform teamtoolAffects the "flutter" command-line tool. See also t: labels.triaged-iosTriaged by iOS platform team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions