Ignore com.apple.developer.healthkit.access entitlement#325
Open
Ignore com.apple.developer.healthkit.access entitlement#325
com.apple.developer.healthkit.access entitlement#325Conversation
The entitlement (introduced with iOS 17.5 / Xcode 15.3) declares which HealthKit data categories an app accesses. It is a companion to the base `com.apple.developer.healthkit` key and does not require a separate capability registration in App Store Connect. Without this entry, `Entitlement.Capability()` returned an `unknown entitlement key` error, which propagated up through `SyncBundleID` / `ensureBundleID` and broke `xcode-archive@6.x` automatic code signing for any target with HealthKit on iOS 17.5+. Mapping to `Ignored` matches the treatment of similar metadata-only companion keys (`icloud-container-identifiers`, `ubiquity-container-identifiers`).
This was referenced Apr 24, 2026
lpusok
approved these changes
Apr 24, 2026
gergely-sallai
approved these changes
Apr 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
com.apple.developer.healthkit.accesstoServiceTypeByKeyasIgnored, alongside other metadata-only companion keys (icloud-container-identifiers,ubiquity-container-identifiers).Entitlement.Capability()returning(nil, nil)for the new key.Why
Apple introduced
com.apple.developer.healthkit.accesswith iOS 17.5 / Xcode 15.3 (May 2024). It declares which HealthKit data categories an app accesses and is a companion to the basecom.apple.developer.healthkitkey — it does not require a separate capability registration in App Store Connect.Because the allow-list does not include it,
Entitlement.Capability()returnsunknown entitlement key: com.apple.developer.healthkit.access. That error propagates throughSyncBundleID→ensureBundleIDand breaksxcode-archive@6.x(both6.0.0and6.0.1) with:The same project builds successfully on
xcode-archive@5.7.0. The strict check is not new to 6.x (relevant files are byte-identical fromalpha.58throughalpha.81); 5.7.0 simply does not reachSyncBundleIDfor the affected bundle ID on those projects, while 6.x does. Fixing the allow-list unblocks 6.x adoption regardless of which upstream change changed the reachability.Impact
Unblocks
xcode-archive@6.xfor any target using HealthKit on iOS 17.5+ withautomatic_code_signing: api-key. Needed for the Bitrise React Native Build Cache private beta, which recommends upgradingxcode-archiveto 6.x.Follow-ups (not in this PR)
ServiceTypeByKeyagainst Apple's current entitlements reference (weatherkit,kernel.extended-virtual-addressing,kernel.increased-memory-limit,authentication-services.credential-provider-ui,matter.allow-setup-payloadetc.) — each will trip the same hard error the moment it crossesSyncBundleID.Capability()warn-and-skip on unknown keys instead of hard-erroring, analogous toProfileAttachedEntitlement, so the step is resilient to future Apple additions until the allow-list catches up.Test plan
go test ./autocodesign/...(including newTestCapability_HealthKitAccessIgnored)go vet ./autocodesign/...com.apple.developer.healthkit.accessin its entitlements viaxcode-archive@6.xafter dep bump; confirm nounknown entitlement keyerror🤖 Generated with Claude Code