From b81001188c10b0d68f3079272b8954493dd1b993 Mon Sep 17 00:00:00 2001
From: Sander van der Burg <svanderburg@gmail.com>
Date: Fri, 27 Jan 2017 10:50:36 +0100
Subject: xcodeenv, titaniumenv: fix IPA builds by granting codesign the right
 permissions

---
 pkgs/development/mobile/titaniumenv/build-app.nix | 3 ++-
 pkgs/development/mobile/xcodeenv/build-app.nix    | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'pkgs')

diff --git a/pkgs/development/mobile/titaniumenv/build-app.nix b/pkgs/development/mobile/titaniumenv/build-app.nix
index 3c56b3ecb8af..cf699c34e2be 100644
--- a/pkgs/development/mobile/titaniumenv/build-app.nix
+++ b/pkgs/development/mobile/titaniumenv/build-app.nix
@@ -99,6 +99,7 @@ stdenv.mkDerivation {
               security default-keychain -s $keychainName
               security unlock-keychain -p "" $keychainName
               security import ${iosCertificate} -k $keychainName -P "${iosCertificatePassword}" -A
+              security set-key-partition-list -S apple-tool:,apple: -s -k "" $keychainName
               provisioningId=$(grep UUID -A1 -a ${iosMobileProvisioningProfile} | grep -o "[-A-Za-z0-9]\{36\}")
    
               # Ensure that the requested provisioning profile can be found
@@ -130,7 +131,7 @@ stdenv.mkDerivation {
               fi
               
               # Do the actual build
-              titanium build --config-file $TMPDIR/config.json --force --no-colors --platform ios --target dist-adhoc --pp-uuid $provisioningId --distribution-name "${iosCertificateName}" --keychain $HOME/Library/Keychains/$keychainName --device-family universal --ios-version ${iosVersion} --output-dir $out
+              titanium build --config-file $TMPDIR/config.json --force --no-colors --platform ios --target dist-adhoc --pp-uuid $provisioningId --distribution-name "${iosCertificateName}" --keychain $HOME/Library/Keychains/$keychainName-db --device-family universal --ios-version ${iosVersion} --output-dir $out
             
               # Remove our generated keychain
               ${deleteKeychain}
diff --git a/pkgs/development/mobile/xcodeenv/build-app.nix b/pkgs/development/mobile/xcodeenv/build-app.nix
index 7e46aefb2997..bbbe1728ee5d 100644
--- a/pkgs/development/mobile/xcodeenv/build-app.nix
+++ b/pkgs/development/mobile/xcodeenv/build-app.nix
@@ -62,6 +62,9 @@ stdenv.mkDerivation {
         # Import the certificate into the keychain
         security import ${certificateFile} -k $keychainName -P "${certificatePassword}" -A 
 
+        # Grant the codesign utility permissions to read from the keychain
+        security set-key-partition-list -S apple-tool:,apple: -s -k "" $keychainName
+        
         # Determine provisioning ID
         PROVISIONING_PROFILE=$(grep UUID -A1 -a ${provisioningProfile} | grep -o "[-A-Za-z0-9]\{36\}")
 
@@ -77,7 +80,7 @@ stdenv.mkDerivation {
       ''}
 
     # Do the building
-    xcodebuild -target ${_target} -configuration ${_configuration} ${stdenv.lib.optionalString (scheme != null) "-scheme ${scheme}"} -sdk ${_sdk} TARGETED_DEVICE_FAMILY="1, 2" ONLY_ACTIVE_ARCH=NO CONFIGURATION_TEMP_DIR=$TMPDIR CONFIGURATION_BUILD_DIR=$out ${if generateXCArchive then "archive" else ""} ${xcodeFlags} ${if release then ''"CODE_SIGN_IDENTITY=${codeSignIdentity}" PROVISIONING_PROFILE=$PROVISIONING_PROFILE OTHER_CODE_SIGN_FLAGS="--keychain $HOME/Library/Keychains/$keychainName"'' else ""}
+    xcodebuild -target ${_target} -configuration ${_configuration} ${stdenv.lib.optionalString (scheme != null) "-scheme ${scheme}"} -sdk ${_sdk} TARGETED_DEVICE_FAMILY="1, 2" ONLY_ACTIVE_ARCH=NO CONFIGURATION_TEMP_DIR=$TMPDIR CONFIGURATION_BUILD_DIR=$out ${if generateXCArchive then "archive" else ""} ${xcodeFlags} ${if release then ''"CODE_SIGN_IDENTITY=${codeSignIdentity}" PROVISIONING_PROFILE=$PROVISIONING_PROFILE OTHER_CODE_SIGN_FLAGS="--keychain $HOME/Library/Keychains/$keychainName-db"'' else ""}
     
     ${stdenv.lib.optionalString release ''
       ${stdenv.lib.optionalString generateIPA ''
-- 
cgit 1.4.1