diff --git a/.gitignore b/.gitignore index 2ee577593b..118e705838 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,7 @@ Core/ apps/ios/*.xcodeproj/ apps/ios/*.xcworkspace/ apps/ios/.swiftpm/ +apps/ios/.derivedData/ apps/ios/.local-signing.xcconfig vendor/ apps/ios/Clawdbot.xcodeproj/ diff --git a/CHANGELOG.md b/CHANGELOG.md index ef328c5d0c..37be5f25fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Docs: https://docs.openclaw.ai ### Fixes - Telegram/Cron/Heartbeat: honor explicit Telegram topic targets in cron and heartbeat delivery (`:topic:`) so scheduled sends land in the configured topic instead of the last active thread. (#19367) Thanks @Lukavyi. +- iOS/Signing: restore local auto-selected signing-team overrides during iOS project generation by wiring `.local-signing.xcconfig` into the active signing config and emitting `OPENCLAW_DEVELOPMENT_TEAM` in local signing setup. (#19993) Thanks @ngutman. - Commands/Doctor: avoid rewriting invalid configs with new `gateway.auth.token` defaults during repair and only write when real config changes are detected, preventing accidental token duplication and backup churn. - Sandbox/Registry: serialize container and browser registry writes with shared file locks and atomic replacement to prevent lost updates and delete rollback races from desyncing `sandbox list`, `prune`, and `recreate --all`. Thanks @kexinoh. - Security/Exec: require `tools.exec.safeBins` binaries to resolve from trusted bin directories (system defaults plus gateway startup `PATH`) so PATH-hijacked trojan binaries cannot bypass allowlist checks. Thanks @jackhax for reporting. diff --git a/apps/ios/Config/Signing.xcconfig b/apps/ios/Config/Signing.xcconfig index e3d5857143..3f834bdb9b 100644 --- a/apps/ios/Config/Signing.xcconfig +++ b/apps/ios/Config/Signing.xcconfig @@ -3,6 +3,7 @@ OPENCLAW_IOS_DEFAULT_TEAM = Y5PE65HELJ OPENCLAW_IOS_SELECTED_TEAM = $(OPENCLAW_IOS_DEFAULT_TEAM) // Local contributors can override this by running scripts/ios-configure-signing.sh. +// Keep include after defaults: xcconfig is evaluated top-to-bottom. #include? "../.local-signing.xcconfig" CODE_SIGN_STYLE = Automatic diff --git a/apps/ios/Signing.xcconfig b/apps/ios/Signing.xcconfig index c11f974e9e..f942fc0224 100644 --- a/apps/ios/Signing.xcconfig +++ b/apps/ios/Signing.xcconfig @@ -1,5 +1,6 @@ // Default signing values for shared/repo builds. -// For local development overrides, create LocalSigning.xcconfig (git-ignored). +// Auto-selected local team overrides live in .local-signing.xcconfig (git-ignored). +// Manual local overrides can go in LocalSigning.xcconfig (git-ignored). OPENCLAW_CODE_SIGN_STYLE = Manual OPENCLAW_DEVELOPMENT_TEAM = Y5PE65HELJ @@ -10,4 +11,7 @@ OPENCLAW_SHARE_BUNDLE_ID = ai.openclaw.ios.share OPENCLAW_APP_PROFILE = ai.openclaw.ios Development OPENCLAW_SHARE_PROFILE = ai.openclaw.ios.share Development +// Keep local includes after defaults: xcconfig is evaluated top-to-bottom, +// so later assignments in local files override the defaults above. +#include? ".local-signing.xcconfig" #include? "LocalSigning.xcconfig" diff --git a/apps/ios/Sources/Info.plist b/apps/ios/Sources/Info.plist index ad421e0e54..327a431546 100644 --- a/apps/ios/Sources/Info.plist +++ b/apps/ios/Sources/Info.plist @@ -18,6 +18,19 @@ $(PRODUCT_NAME) CFBundlePackageType APPL + CFBundleShortVersionString + 2026.2.18 + CFBundleURLTypes + + + CFBundleURLName + ai.openclaw.ios + CFBundleURLSchemes + + openclaw + + + CFBundleVersion 20260218 NSAppTransportSecurity diff --git a/scripts/ios-configure-signing.sh b/scripts/ios-configure-signing.sh index f7fceb7222..ef891632c1 100755 --- a/scripts/ios-configure-signing.sh +++ b/scripts/ios-configure-signing.sh @@ -28,6 +28,8 @@ tmp_file="$(mktemp "${TMPDIR:-/tmp}/openclaw-ios-signing.XXXXXX")" cat >"${tmp_file}" <