fix: XML Parsing Error During Code Signing (#722)

internal/ssh/data/debugserver.plist

@@ -1,44 +1,44 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
-	<dict>
-		<key>com.apple.backboardd.debugapplications</key>
-		<true />
-		<key>com.apple.backboardd.launchapplications</key>
-		<true />
-		<key>com.apple.diagnosticd.diagnostic</key>
-		<true />
-		<key>com.apple.frontboard.debugapplications</key>
-		<true />
-		<key>com.apple.frontboard.launchapplications</key>
-		<true />
-		<key>com.apple.security.network.client</key>
-		<true />
-		<key>com.apple.security.network.server</key>
-		<true />
-		<key>com.apple.private.memorystatus</key>
-		<true />
-		<key>com.apple.private.logging.diagnostic</key>
-		<true />
-		<key>com.apple.springboard.debugapplications</key>
-		<true />
-		<key>com.apple.system-task-ports</key>
-		<true />
-		<key>get-task-allow</key>
-		<true />
-		<key>com.apple.security.cs.allow-jit</key>
-		<true />
-		<key>platform-application</key>
-		<true />
-		<key>run-unsigned-code</key>
-		<true />
-		<key>task_for_pid-allow</key>
-		<true />
-		<key>com.apple.private.cs.debugger</key>
-		<true />
-		<key>com.apple.private.thread-set-state</key>
-		<true />
-		<key>com.apple.private.set-exception-port</key>
-		<true />
-	</dict>
-</plist>
+<dict>
+	<key>com.apple.backboardd.debugapplications</key>
+	<true/>
+	<key>com.apple.backboardd.launchapplications</key>
+	<true/>
+	<key>com.apple.diagnosticd.diagnostic</key>
+	<true/>
+	<key>com.apple.frontboard.debugapplications</key>
+	<true/>
+	<key>com.apple.frontboard.launchapplications</key>
+	<true/>
+	<key>com.apple.private.cs.debugger</key>
+	<true/>
+	<key>com.apple.private.logging.diagnostic</key>
+	<true/>
+	<key>com.apple.private.memorystatus</key>
+	<true/>
+	<key>com.apple.private.set-exception-port</key>
+	<true/>
+	<key>com.apple.private.thread-set-state</key>
+	<true/>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.network.client</key>
+	<true/>
+	<key>com.apple.security.network.server</key>
+	<true/>
+	<key>com.apple.springboard.debugapplications</key>
+	<true/>
+	<key>com.apple.system-task-ports</key>
+	<true/>
+	<key>get-task-allow</key>
+	<true/>
+	<key>platform-application</key>
+	<true/>
+	<key>run-unsigned-code</key>
+	<true/>
+	<key>task_for_pid-allow</key>
+	<true/>
+</dict>
+</plist>

internal/utils/macos.go

@@ -128,17 +128,34 @@ func CodeSign(filePath, signature string) error {
 
 // CodeSignWithEntitlements codesigns a given binary with given entitlements
 func CodeSignWithEntitlements(filePath, entitlementsPath, signature string) error {
-	if runtime.GOOS == "darwin" {
-		cmd := exec.Command("/usr/bin/codesign", "--entitlements", entitlementsPath, "-s", signature, "-f", filepath.Clean(filePath))
-		out, err := cmd.CombinedOutput()
-		if err != nil {
-			return fmt.Errorf("%v: %s", err, out)
-		}
-
-		return nil
+	if runtime.GOOS != "darwin" {
+		return fmt.Errorf("only supported on macOS")
 	}
 
-	return fmt.Errorf("only supported on macOS")
+	return Retry(2, 0, func() error {
+		Indent(log.Info, 2)(fmt.Sprintf("Codesigning '%s' with entitlements", filepath.Base(filePath)))
+		cmd := exec.Command("/usr/bin/codesign", "--entitlements", entitlementsPath, "-s", signature, "-f", filepath.Clean(filePath))
+		out, err := cmd.CombinedOutput()
+
+		if err == nil {
+			return nil
+		}
+
+		if strings.Contains(string(out), "AMFIUnserializeXML: syntax error") {
+			Indent(log.Error, 2)(fmt.Sprintf("%v: %s", err, strings.TrimSpace(string(out))))
+			Indent(log.Info, 2)(fmt.Sprintf("Converting entitlements file '%s' to XML1 format", entitlementsPath))
+
+			convertCmd := exec.Command("/usr/bin/plutil", "-convert", "xml1", entitlementsPath)
+			convertOut, convertErr := convertCmd.CombinedOutput()
+			if convertErr != nil {
+				return &StopRetryingError{Err: fmt.Errorf("%v: %s", convertErr, strings.TrimSpace(string(convertOut)))}
+			}
+
+			return fmt.Errorf("%v: %s", err, strings.TrimSpace(string(out)))
+		}
+
+		return &StopRetryingError{Err: fmt.Errorf("%v: %s", err, strings.TrimSpace(string(out)))}
+	})
 }
 
 // CodeSignAdHoc codesigns a given binary with ad-hoc signature