From ac956b83113eadf19627b234d8070b372f128e7d Mon Sep 17 00:00:00 2001
From: chahinebrini <chahinebrini@gmail.com>
Date: Mon, 11 May 2026 23:35:32 +0200
Subject: [PATCH] fix(ios): config plugin to disable code-signing for pod
 resource bundles

EAS iOS build failed: "Starting from Xcode 14, resource bundles are signed by
default, which requires setting the development team for each resource bundle
target." Cause: we build with useFrameworks: "static" (expo-build-properties),
so CocoaPods generates resource-bundle targets for pods with resources, and
Xcode 14+ wants them signed. EAS has no dev team for those.

New plugin with-resource-bundle-signing-fix injects into the Podfile's existing
post_install hook: sets CODE_SIGNING_ALLOWED = 'NO' for every pod resource-bundle
target (they don't need signing). Idempotent; runs as withDangerousMod('ios')
during prebuild so it survives EAS's clean prebuild.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 apps/rebreak-native/app.config.ts             |  2 +
 .../with-resource-bundle-signing-fix.js       | 66 +++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 apps/rebreak-native/plugins/with-resource-bundle-signing-fix.js

diff --git a/apps/rebreak-native/app.config.ts b/apps/rebreak-native/app.config.ts
index 16d1020..3d76a6b 100644
--- a/apps/rebreak-native/app.config.ts
+++ b/apps/rebreak-native/app.config.ts
@@ -78,6 +78,8 @@ export default ({ config }: ConfigContext): ExpoConfig => ({
     ],
     // Xcode 16 + RN 0.79 fmt consteval workaround
     "./plugins/with-fmt-consteval-fix",
+    // Xcode 14+ resource-bundle-signing fix (needed because useFrameworks: static)
+    "./plugins/with-resource-bundle-signing-fix",
     // Phase 5: NEFilter Extension + Family Controls Entitlements (iOS)
     "./plugins/with-rebreak-protection-ios",
     // Phase 5: VpnService + AccessibilityService (Android)
diff --git a/apps/rebreak-native/plugins/with-resource-bundle-signing-fix.js b/apps/rebreak-native/plugins/with-resource-bundle-signing-fix.js
new file mode 100644
index 0000000..cf023dd
--- /dev/null
+++ b/apps/rebreak-native/plugins/with-resource-bundle-signing-fix.js
@@ -0,0 +1,66 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+/**
+ * Fix für: "Starting from Xcode 14, resource bundles are signed by default,
+ * which requires setting the development team for each resource bundle target."
+ *
+ * Grund: wir bauen mit `useFrameworks: "static"` (expo-build-properties) — dabei
+ * erzeugt CocoaPods für jeden Pod mit Ressourcen ein Resource-Bundle-Target, und
+ * Xcode 14+ will die signieren (mit einem Development-Team). EAS-Build hat keins
+ * für diese Targets → Build bricht ab.
+ *
+ * Lösung: im Podfile-`post_install`-Hook für alle Resource-Bundle-Targets
+ * `CODE_SIGNING_ALLOWED = NO` setzen — die brauchen keine Signatur.
+ *
+ * Der Podfile hat schon EINEN `post_install do |installer|`-Block (mit
+ * `react_native_post_install`) — ein zweiter würde den ersten ersetzen, also
+ * injizieren wir IN den bestehenden Block (gleich nach dem `do |installer|`).
+ * Läuft als withDangerousMod('ios') während `expo prebuild`, bevor `pod install`.
+ * Idempotent via Marker-Kommentar.
+ */
+const { withDangerousMod } = require('@expo/config-plugins');
+const fs = require('fs');
+const path = require('path');
+
+const MARKER = '# REBREAK_RESOURCE_BUNDLE_SIGNING_FIX';
+
+const FIX = `
+    ${MARKER}
+    # Xcode 14+ signiert Resource-Bundles per default -> braucht ein Dev-Team.
+    # Mit static frameworks erzeugen Pods Resource-Bundles -> Code-Signing fuer
+    # die abschalten (brauchen's nicht).
+    installer.target_installation_results.pod_target_installation_results.each do |pod_name, target_installation_result|
+      target_installation_result.resource_bundle_targets.each do |resource_bundle_target|
+        resource_bundle_target.build_configurations.each do |config|
+          config.build_settings['CODE_SIGNING_ALLOWED'] = 'NO'
+        end
+      end
+    end
+    ${MARKER}
+`;
+
+module.exports = function withResourceBundleSigningFix(config) {
+  return withDangerousMod(config, [
+    'ios',
+    async (cfg) => {
+      const podfilePath = path.join(cfg.modRequest.platformProjectRoot, 'Podfile');
+      if (!fs.existsSync(podfilePath)) {
+        console.warn('[with-resource-bundle-signing-fix] Podfile not found at', podfilePath);
+        return cfg;
+      }
+      let podfile = fs.readFileSync(podfilePath, 'utf-8');
+      if (podfile.includes(MARKER)) {
+        return cfg; // schon gepatcht
+      }
+      // Direkt nach dem (einzigen) `post_install do |installer|` einfügen.
+      const anchorRe = /(post_install do \|installer\|[^\n]*\n)/;
+      if (!anchorRe.test(podfile)) {
+        console.warn('[with-resource-bundle-signing-fix] no `post_install do |installer|` block found — skipping');
+        return cfg;
+      }
+      podfile = podfile.replace(anchorRe, `$1${FIX}`);
+      fs.writeFileSync(podfilePath, podfile);
+      console.log('[with-resource-bundle-signing-fix] patched Podfile post_install');
+      return cfg;
+    },
+  ]);
+};