[msbuild] Remove the CodesignVerify target. (#19490)

We'll soon start signing simulator builds by default, and simulator apps aren't verifiable (with the default signing configuration), which means we'd need some new logic to determine when to verify the code signature and when not to. Ref #18469. Xcode doesn't do any signature verification during/after the build as far as I can see. And lastly, the verification doesn't really contribute anything important. For device builds, the app installation will fail anyway if the signature is incorrect (and if the signature is correct, and the verification is wrong, we failed the build for no good reason). For App Store builds, the app store will also complain if the signature isn't correct. So just remove the whole signature verification. Another bonus is that this will speed up the build. There's nothing faster than doing nothing at all! Partial fix for https://github.com/xamarin/xamarin-macios/issues/18469. Fixes https://github.com/xamarin/xamarin-macios/issues/10641.
2023-11-21 07:56:29 +01:00 · 2023-11-21 07:56:29 +01:00 · 4bb75d4150
--- a/msbuild/Xamarin.MacDev.Tasks/Tasks/CodesignVerifyTaskBase.cs
+++ b/msbuild/Xamarin.MacDev.Tasks/Tasks/CodesignVerifyTaskBase.cs
@ -1,90 +0,0 @@
-using System;
-using System.IO;
-
-using Microsoft.Build.Framework;
-
-using Xamarin.Localization.MSBuild;
-using Xamarin.Messaging.Build.Client;
-using Xamarin.Utils;
-
-#nullable enable
-
-namespace Xamarin.MacDev.Tasks {
-	public class CodesignVerify : XamarinToolTask {
-		#region Inputs
-
-		[Required]
-		public string CodesignAllocate { get; set; } = string.Empty;
-
-		[Required]
-		public string Resource { get; set; } = string.Empty;
-
-		#endregion
-
-		protected override string ToolName {
-			get { return "codesign"; }
-		}
-
-		protected override string GenerateFullPathToTool ()
-		{
-			if (!string.IsNullOrEmpty (ToolPath))
-				return Path.Combine (ToolPath, ToolExe);
-
-			var path = Path.Combine ("/usr/bin", ToolExe);
-
-			return File.Exists (path) ? path : ToolExe;
-		}
-
-		protected override string GenerateCommandLineCommands ()
-		{
-			var args = new CommandLineArgumentBuilder ();
-
-			args.Add ("--verify");
-			args.Add ("-vvvv");
-
-			switch (Platform) {
-			case ApplePlatform.iOS:
-			case ApplePlatform.TVOS:
-			case ApplePlatform.WatchOS:
-				args.AddQuoted ("-R=anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)");
-				break;
-			case ApplePlatform.MacCatalyst:
-			case ApplePlatform.MacOSX:
-				args.Add ("--deep");
-				break;
-			default:
-				throw new InvalidOperationException (string.Format (MSBStrings.InvalidPlatform, Platform));
-			}
-
-			args.AddQuoted (Resource);
-
-			return args.ToString ();
-		}
-
-		protected override void LogEventsFromTextOutput (string singleLine, MessageImportance messageImportance)
-		{
-			// TODO: do proper parsing of error messages and such
-			Log.LogMessage (messageImportance, "{0}", singleLine);
-		}
-
-		public override bool Execute ()
-		{
-			if (ShouldExecuteRemotely ())
-				return new TaskRunner (SessionId, BuildEngine4).RunAsync (this).Result;
-
-			EnvironmentVariables = new string [] {
-				"CODESIGN_ALLOCATE=" + CodesignAllocate
-			};
-
-			return base.Execute ();
-		}
-
-		public override void Cancel ()
-		{
-			if (ShouldExecuteRemotely ())
-				BuildConnection.CancelAsync (BuildEngine4).Wait ();
-
-			base.Cancel ();
-		}
-	}
-}
--- a/msbuild/Xamarin.Shared/Xamarin.Shared.targets
+++ b/msbuild/Xamarin.Shared/Xamarin.Shared.targets
@ -61,7 +61,6 @@ Copyright (C) 2018 Microsoft. All rights reserved.
 	<UsingTask TaskName="Xamarin.MacDev.Tasks.AOTCompile" AssemblyFile="$(_TaskAssemblyName)" />
 	<UsingTask TaskName="Xamarin.MacDev.Tasks.BTouch" AssemblyFile="$(_TaskAssemblyName)" />
 	<UsingTask TaskName="Xamarin.MacDev.Tasks.Codesign" AssemblyFile="$(_TaskAssemblyName)" />
-	<UsingTask TaskName="Xamarin.MacDev.Tasks.CodesignVerify" AssemblyFile="$(_TaskAssemblyName)" />
 	<UsingTask TaskName="Xamarin.MacDev.Tasks.CollectBundleResources" AssemblyFile="$(_TaskAssemblyName)" />
 	<UsingTask TaskName="Xamarin.MacDev.Tasks.CompileAppManifest" AssemblyFile="$(_TaskAssemblyName)" />
 	<UsingTask TaskName="Xamarin.MacDev.Tasks.CreateEmbeddedResources" AssemblyFile="$(_TaskAssemblyName)" />
@ -1978,7 +1977,6 @@ Copyright (C) 2018 Microsoft. All rights reserved.
 			$(CoreCodesignDependsOn);
 			$(_CodesignAppBundleDependsOn);
 			_CodesignAppBundle;
-			_CodesignVerify;
 		</CoreCodesignDependsOn>

 		<CodesignDependsOn>
@ -2040,32 +2038,8 @@ Copyright (C) 2018 Microsoft. All rights reserved.
 		Finally we give the list of _ComputedCodesignItems to the Codesign
 		task for signing.

-		At the very end, and only if we signed the main app bundle, we verify
-		that the signature is correct (in the _CodesignVerify target).
-
 	-->

-	<!--
-		_CodesignVerify: verify that the app bundle we've produced is valid and signed properly.
-		This target is only executed for app bundles (and not when only dylibs and frameworks are signed, but the app bundle itself is not).
-	-->
-	<Target
-		Name="_CodesignVerify"
-		Condition="'$(_CodesignAppBundleCondition)' == 'true' And '$(_RequireCodeSigning)' == 'true' And '$(DisableCodesignVerification)' != 'true'"
-		DependsOnTargets="_CodesignAppBundle"
-		>
-		<CodesignVerify
-			SessionId="$(BuildSessionId)"
-			Condition="'$(IsMacEnabled)' == 'true'"
-			ToolExe="$(CodesignExe)"
-			ToolPath="$(CodesignPath)"
-			CodesignAllocate="$(_CodesignAllocate)"
-			Resource="$(_AppContainerDir)\%(_CodesignBundle.Identity)"
-			TargetFrameworkMoniker="$(_ComputedTargetFrameworkMoniker)"
-		>
-		</CodesignVerify>
-	</Target>
-
 	<!--

 		_CollectCodesigningData: This target collects all the data required to sign the app bundle.