How to run `xctest` bundle - or how to add `entitlement` to test?

I am writing a SPM based project for MacOS. In this project? I need to access MacOS Keychain. I am write a swift test built by SPM testTarget(). I can see it generates a bundle ./.build/x86_64-apple-macosx/debug/MyProjectTests.xctest with an executable:

% file ./.build/x86_64-apple-macosx/debug/MyProjectPackageTests.xctest/Contents/MacOS/MyProjectPackageTests
./.build/x86_64-apple-macosx/debug/MyProjectPackageTests.xctest/Contents/MacOS/MyProjectPackageTests: Mach-O 64-bit bundle x86_64

This bundle file cannot be executed. How can I execute its tests?

I tried with xcodebuild test-without-building -xctestrun ./.build/x86_64-apple-macosx/debug/MyProjectPackageTests.xctest -destination 'platform=macOS' without any chance.

Obviously the next question is can I 'simply' add entitlement to this bundle with codesign to fix my enttilement error.

My error when running the test is A required entitlement isn't present.

Answered by DTS Engineer in 777611022

Obviously the next question is can I 'simply' add entitlement to this bundle with codesign to fix my enttilement error.

Entitlements are only relevant when applied to a main executable. If you claim an entitlement in a bundle the system ignores that claim [1]. Rather, the process, and hence the bundle loaded into the process, uses the entitlements of its main executable.

With Xcode’s testing infrastructure you can work around this by having your test target an app, and then applying the entitlements to the app. The bundle then loads into the app’s process and gets those entitlements. I’m not sure to translate that to a pure SwiftPM world, or if that’s even possible.

Oh, and btw, entitlements are only necessary if you target the data protection keychain. The file-based keychain doesn’t rely on them. OTOH, as TN3137 makes clear, you should be using the data protection keychain.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] At best. At worst, in specific bad cases, it can cause things to fail.

Accepted Answer

Obviously the next question is can I 'simply' add entitlement to this bundle with codesign to fix my enttilement error.

Entitlements are only relevant when applied to a main executable. If you claim an entitlement in a bundle the system ignores that claim [1]. Rather, the process, and hence the bundle loaded into the process, uses the entitlements of its main executable.

With Xcode’s testing infrastructure you can work around this by having your test target an app, and then applying the entitlements to the app. The bundle then loads into the app’s process and gets those entitlements. I’m not sure to translate that to a pure SwiftPM world, or if that’s even possible.

Oh, and btw, entitlements are only necessary if you target the data protection keychain. The file-based keychain doesn’t rely on them. OTOH, as TN3137 makes clear, you should be using the data protection keychain.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] At best. At worst, in specific bad cases, it can cause things to fail.

How to run `xctest` bundle - or how to add `entitlement` to test?
 
 
Q