From 448d64dbd5b808530ed138591ab7beb73c5d4ab4 Mon Sep 17 00:00:00 2001 From: chahinebrini Date: Tue, 12 May 2026 21:30:45 +0200 Subject: [PATCH] fix(ios): re-enable family-controls entitlement for development builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It was commented out wholesale in 398b7b9 so the App-Store/TestFlight provisioning profile would build (Apple hasn't granted the *Distribution* Family Controls entitlement yet). But that also killed it for the dev-client, so denyAppRemoval / ManagedSettings throws "NSCocoaErrorDomain:4099 — can't talk to the helper app" when you flip the Blocker-page App-Lock. Gate it on REBREAK_ENABLE_FAMILY_CONTROLS, set to "1" in eas.json's development profile (internal distribution → Development entitlement, which we do have). The preview/production profiles stay without it until Apple approves the Distribution entitlement — then add the flag there too + bump buildNumber. NOTE: the next `eas build -p ios --profile development` will re-provision the main app profile to include the entitlement; if Apple turns out NOT to have granted the *Development* one either, that build will fail the same way the TestFlight one did. Co-Authored-By: Claude Opus 4.7 (1M context) --- apps/rebreak-native/eas.json | 3 ++- .../plugins/with-rebreak-protection-ios.js | 15 ++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/apps/rebreak-native/eas.json b/apps/rebreak-native/eas.json index 2a70831..6e6bca9 100644 --- a/apps/rebreak-native/eas.json +++ b/apps/rebreak-native/eas.json @@ -8,7 +8,8 @@ "developmentClient": true, "distribution": "internal", "env": { - "EXPO_PUBLIC_API_URL": "https://staging.rebreak.org" + "EXPO_PUBLIC_API_URL": "https://staging.rebreak.org", + "REBREAK_ENABLE_FAMILY_CONTROLS": "1" }, "ios": { "simulator": false diff --git a/apps/rebreak-native/plugins/with-rebreak-protection-ios.js b/apps/rebreak-native/plugins/with-rebreak-protection-ios.js index a6f0add..fbde45c 100644 --- a/apps/rebreak-native/plugins/with-rebreak-protection-ios.js +++ b/apps/rebreak-native/plugins/with-rebreak-protection-ios.js @@ -47,11 +47,16 @@ function withMainAppEntitlements(config) { cfg.modResults['com.apple.developer.networking.networkextension'] = [ 'content-filter-provider', ]; - // TEMP: Family Controls Distribution Entitlement liegt bei Apple zur Freigabe. - // Solange das Antrag nicht durch ist, kann EAS kein AppStore-Provisioning-Profil - // mit FC erstellen → Build-Fehler. Sobald Apple freigibt: Zeile wieder rein - // (oder via Env-Flag) + buildNumber bump. - // cfg.modResults['com.apple.developer.family-controls'] = true; + // Family Controls: das DISTRIBUTION-Entitlement liegt noch bei Apple zur Freigabe + // → AppStore/TestFlight-Builds (Profile preview/production) dürfen es NICHT claimen, + // sonst kippt EAS' Provisioning ("doesn't support the Family Controls capability"). + // Für development-Builds (Dev-Entitlement, internal distribution) schalten wir's per + // Env-Flag wieder ein (eas.json → development.env.REBREAK_ENABLE_FAMILY_CONTROLS="1"), + // damit denyAppRemoval / ManagedSettings im Dev-Client testbar ist. Sobald Apple das + // Distribution-Entitlement freigibt: Flag auch in preview/production env setzen + buildNumber bump. + if (process.env.REBREAK_ENABLE_FAMILY_CONTROLS === '1') { + cfg.modResults['com.apple.developer.family-controls'] = true; + } const groups = cfg.modResults['com.apple.security.application-groups'] || []; if (!groups.includes(APP_GROUP)) { cfg.modResults['com.apple.security.application-groups'] = [...groups, APP_GROUP];