fastlane 2.9.0 → 2.10.0

data/gym/lib/assets/wrap_xcodebuild/xcbuild-safe.sh

@@ -1,4 +1,6 @@
 #!/bin/bash --login
+# shellcheck disable=SC2155
+# shellcheck disable=SC1090
 
 # Originally from, https://stackoverflow.com/questions/33041109
 # Modified to work in RVM and non RVM environments
@@ -21,6 +23,7 @@
 # -----
 
 which rvm > /dev/null
+# shellcheck disable=SC2181
 if [[ $? -eq 0 ]]; then
   echo "RVM detected, forcing to use system ruby"
   # This allows you to use rvm in a script. Otherwise you get a BS

data/gym/lib/gym/generators/build_command_generator.rb

@@ -71,6 +71,7 @@ module Gym
           pipe << " --no-color" if Helper.colors_disabled?
           pipe << " --formatter " if formatter
           pipe << formatter if formatter
+          pipe << "--utf" if Gym.config[:xcpretty_utf]
           report_output_junit = Gym.config[:xcpretty_report_junit]
           report_output_html = Gym.config[:xcpretty_report_html]
           report_output_json = Gym.config[:xcpretty_report_json]

data/gym/lib/gym/options.rb

@@ -248,7 +248,12 @@ module Gym
                                      optional: true,
                                      verify_block: proc do |value|
                                        UI.user_error!("Report output location not found at path '#{File.expand_path(value)}'") unless File.exist?(value)
-                                     end)
+                                     end),
+        FastlaneCore::ConfigItem.new(key: :xcpretty_utf,
+                                     env_name: "XCPRETTY_UTF",
+                                     description: "Have xcpretty use unicode encoding when reporting builds",
+                                     optional: true,
+                                     is_string: false)
       ]
     end
   end

data/pem/README.md

@@ -114,7 +114,7 @@ To get a list of available options run:
 ### Note about empty `p12` passwords and Keychain Access.app
 
 `pem` will produce a valid `p12` without specifying a password, or using the empty-string as the password.
-While the file is valid, Mac OSX's Keychain Access will not allow you to open the file without specifying a passphrase.
+While the file is valid, the Mac's Keychain Access will not allow you to open the file without specifying a passphrase.
 
 Instead, you may verify the file is valid using OpenSSL:
 

data/scan/lib/scan/options.rb

@@ -63,11 +63,23 @@ module Scan
         FastlaneCore::ConfigItem.new(key: :code_coverage,
                                      description: "Should generate code coverage (Xcode 7 only)?",
                                      is_string: false,
-                                     default_value: false),
+                                     optional: true),
         FastlaneCore::ConfigItem.new(key: :address_sanitizer,
                                      description: "Should turn on the address sanitizer?",
                                      is_string: false,
-                                     default_value: false),
+                                     optional: true,
+                                     conflicting_options: [:thread_sanitizer],
+                                     conflict_block: proc do |value|
+                                       UI.user_error!("You can't use 'address_sanitizer' and 'thread_sanitizer' options in one run")
+                                     end),
+        FastlaneCore::ConfigItem.new(key: :thread_sanitizer,
+                                     description: "Should turn on the thread sanitizer?",
+                                     is_string: false,
+                                     optional: true,
+                                     conflicting_options: [:address_sanitizer],
+                                     conflict_block: proc do |value|
+                                       UI.user_error!("You can't use 'thread_sanitizer' and 'address_sanitizer' options in one run")
+                                     end),
         FastlaneCore::ConfigItem.new(key: :skip_build,
                                      description: "Should skip debug build before test build?",
                                      short_option: "-r",

data/scan/lib/scan/test_command_generator.rb

@@ -35,8 +35,9 @@ module Scan
         options << destination # generated in `detect_values`
         options << "-derivedDataPath '#{config[:derived_data_path]}'" if config[:derived_data_path]
         options << "-resultBundlePath '#{result_bundle_path}'" if config[:result_bundle]
-        options << "-enableCodeCoverage YES" if config[:code_coverage]
-        options << "-enableAddressSanitizer YES" if config[:address_sanitizer]
+        options << "-enableCodeCoverage #{config[:code_coverage] ? 'YES' : 'NO'}" unless config[:code_coverage].nil?
+        options << "-enableAddressSanitizer #{config[:address_sanitizer] ? 'YES' : 'NO'}" unless config[:address_sanitizer].nil?
+        options << "-enableThreadSanitizer #{config[:thread_sanitizer] ? 'YES' : 'NO'}" unless config[:thread_sanitizer].nil?
         options << "-xcconfig '#{config[:xcconfig]}'" if config[:xcconfig]
         options << config[:xcargs] if config[:xcargs]
 

data/screengrab/lib/screengrab/options.rb

@@ -61,6 +61,12 @@ module Screengrab
                                      short_option: "-l",
                                      type: Array,
                                      description: "Only run tests in these Java classes"),
+        FastlaneCore::ConfigItem.new(key: :launch_arguments,
+                                      env_name: 'SCREENGRAB_LAUNCH_ARGUMENTS',
+                                      optional: true,
+                                      short_option: "-e",
+                                      type: Array,
+                                      description: "Additional launch arguments"),
         FastlaneCore::ConfigItem.new(key: :test_instrumentation_runner,
                                      env_name: 'SCREENGRAB_TEST_INSTRUMENTATION_RUNNER',
                                      optional: true,
@@ -106,7 +112,11 @@ module Screengrab
         FastlaneCore::ConfigItem.new(key: :exit_on_test_failure,
                                      env_name: 'EXIT_ON_TEST_FAILURE',
                                      description: "Whether or not to exit Screengrab on test failure. Exiting on failure will not copy sceenshots to local machine nor open sceenshots summary",
-                                     default_value: true)
+                                     default_value: true),
+        FastlaneCore::ConfigItem.new(key: :reinstall_app,
+                                     env_name: 'SCREENGRAB_REINSTALL_APP',
+                                     description: "Enabling this option will automatically uninstall the application before running it",
+                                     default_value: false)
       ]
     end
   end

data/screengrab/lib/screengrab/runner.rb

@@ -63,11 +63,7 @@ module Screengrab
 
       validate_apk(app_apk_path)
 
-      install_apks(device_serial, app_apk_path, tests_apk_path)
-
-      grant_permissions(device_serial)
-
-      run_tests(device_serial, test_classes_to_use, test_packages_to_use)
+      run_tests(device_serial, app_apk_path, tests_apk_path, test_classes_to_use, test_packages_to_use, @config[:launch_arguments])
 
       number_of_screenshots = pull_screenshots_from_device(device_serial, device_screenshots_paths, device_type_dir_name)
 
@@ -189,6 +185,20 @@ module Screengrab
       UI.user_error! "Tests APK could not be installed" if apk_install_output.include?("Failure [")
     end
 
+    def uninstall_apks(device_serial, app_package_name, tests_package_name)
+      UI.message 'Uninstalling app APK'
+      apk_uninstall_output = run_adb_command("adb -s #{device_serial} uninstall #{app_package_name}",
+                                             print_all: true,
+                                             print_command: true)
+      UI.user_error! "App APK could not be uninstalled" if apk_uninstall_output.include?("Failure [")
+
+      UI.message 'Uninstalling tests APK'
+      apk_uninstall_output = run_adb_command("adb -s #{device_serial} uninstall -r #{tests_package_name}",
+                                             print_all: true,
+                                             print_command: true)
+      UI.user_error! "Tests APK could not be uninstalled" if apk_uninstall_output.include?("Failure [")
+    end
+
     def grant_permissions(device_serial)
       UI.message 'Granting the permission necessary to change locales on the device'
       run_adb_command("adb -s #{device_serial} shell pm grant #{@config[:app_package_name]} android.permission.CHANGE_CONFIGURATION",
@@ -210,26 +220,41 @@ module Screengrab
       end
     end
 
-    def run_tests(device_serial, test_classes_to_use, test_packages_to_use)
+    def run_tests(device_serial, app_apk_path, tests_apk_path, test_classes_to_use, test_packages_to_use, launch_arguments)
+      unless @config[:reinstall_app]
+        install_apks(device_serial, app_apk_path, tests_apk_path)
+        grant_permissions(device_serial)
+      end
+
       @config[:locales].each do |locale|
-        UI.message "Running tests for locale: #{locale}"
-
-        instrument_command = ["adb -s #{device_serial} shell am instrument --no-window-animation -w",
-                              "-e testLocale #{locale.tr('-', '_')}",
-                              "-e endingLocale #{@config[:ending_locale].tr('-', '_')}"]
-        instrument_command << "-e class #{test_classes_to_use.join(',')}" if test_classes_to_use
-        instrument_command << "-e package #{test_packages_to_use.join(',')}" if test_packages_to_use
-        instrument_command << "#{@config[:tests_package_name]}/#{@config[:test_instrumentation_runner]}"
-
-        test_output = run_adb_command(instrument_command.join(" \\\n"),
-                                      print_all: true,
-                                      print_command: true)
-
-        if @config[:exit_on_test_failure]
-          UI.user_error!("Tests failed", show_github_issues: false) if test_output.include?("FAILURES!!!")
-        else
-          UI.error("Tests failed") if test_output.include?("FAILURES!!!")
+        if @config[:reinstall_app]
+          uninstall_apks(device_serial, @config[:app_package_name], @config[:tests_package_name])
+          install_apks(device_serial, app_apk_path, tests_apk_path)
+          grant_permissions(device_serial)
         end
+        run_tests_for_locale(locale, device_serial, test_classes_to_use, test_packages_to_use, launch_arguments)
+      end
+    end
+
+    def run_tests_for_locale(locale, device_serial, test_classes_to_use, test_packages_to_use, launch_arguments)
+      UI.message "Running tests for locale: #{locale}"
+
+      instrument_command = ["adb -s #{device_serial} shell am instrument --no-window-animation -w",
+                            "-e testLocale #{locale.tr('-', '_')}",
+                            "-e endingLocale #{@config[:ending_locale].tr('-', '_')}"]
+      instrument_command << "-e class #{test_classes_to_use.join(',')}" if test_classes_to_use
+      instrument_command << "-e package #{test_packages_to_use.join(',')}" if test_packages_to_use
+      instrument_command << launch_arguments.map { |item| '-e ' + item }.join(' ') if launch_arguments
+      instrument_command << "#{@config[:tests_package_name]}/#{@config[:test_instrumentation_runner]}"
+
+      test_output = run_adb_command(instrument_command.join(" \\\n"),
+                                    print_all: true,
+                                    print_command: true)
+
+      if @config[:exit_on_test_failure]
+        UI.user_error!("Tests failed", show_github_issues: false) if test_output.include?("FAILURES!!!")
+      else
+        UI.error("Tests failed") if test_output.include?("FAILURES!!!")
       end
     end
 

data/sigh/lib/assets/resign.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
+# shellcheck disable=SC2155
 
 # Copyright (c) 2011 Float Mobile Learning
 # http://www.floatlearning.com/
@@ -65,7 +66,7 @@
 log() {
     # Make sure it returns 0 code even when verose mode is off (test 1)
     # To use like [[ condition ]] && log "x" && something
-    [[ -n "$VERBOSE" ]] && echo -e "$@" || test 1
+    if [[ -n "$VERBOSE" ]]; then echo -e "$@"; else test 1; fi
 }
 
 error() {
@@ -79,6 +80,7 @@ warning() {
 
 function checkStatus {
 
+    # shellcheck disable=SC2181
     if [ $? -ne 0 ];
     then
         error "Encountered an error, aborting!"
@@ -86,7 +88,7 @@ function checkStatus {
 }
 
 usage() {
-    echo -e "Usage: $(basename $0) source identity -p|--provisioning provisioning" >&2
+    echo -e "Usage: $(basename "$0") source identity -p|--provisioning provisioning" >&2
     echo -e "\t\t[-e|--entitlements entitlements]" >&2
     echo -e "\t\t[-k|--keychain keychain]" >&2
     echo -e "\t\t[-d|--display-name displayName]" >&2
@@ -96,7 +98,7 @@ usage() {
     echo -e "\t\t[-b|--bundle-id bundleId]" >&2
     echo -e "\t\t[--use-app-entitlements]" >&2
     echo -e "\t\toutputIpa" >&2
-    echo "Usage: $(basename $0) -h|--help" >&2
+    echo "Usage: $(basename "$0") -h|--help" >&2
     echo "Options:" >&2
     echo -e "\t-p, --provisioning provisioning\t\tProvisioning profile option, may be provided multiple times." >&2
     echo -e "\t\t\t\t\t\tYou can specify provisioning profile file name." >&2
@@ -224,7 +226,7 @@ then
 fi
 
 # Log the options
-for provision in ${RAW_PROVISIONS[@]}; do
+for provision in "${RAW_PROVISIONS[@]}"; do
     if [[ "$provision" =~ .+=.+ ]]; then
         log "Specified provisioning profile: '${provision#*=}' for bundle identifier: '${provision%%=*}'"
     else
@@ -291,15 +293,17 @@ fi
 # check the keychain
 if [ "${KEYCHAIN}" != "" ];
 then
-    security list-keychains -s $KEYCHAIN
-    security unlock $KEYCHAIN
-    security default-keychain -s $KEYCHAIN
+    security list-keychains -s "$KEYCHAIN"
+    security unlock "$KEYCHAIN"
+    security default-keychain -s "$KEYCHAIN"
 fi
 
 # Set the app name
 # In Payload directory may be another file except .app file, such as StoreKit folder.
 # Search the first .app file within the Payload directory
-APP_NAME=$(ls "$TEMP_DIR/Payload/"|grep ".app$"| head -1)
+# TODO: Replace with glob or call to 'find'; and remove shellcheck directive
+# shellcheck disable=SC2010
+APP_NAME=$(ls "$TEMP_DIR/Payload/" | grep ".app$" | head -1)
 
 # Make sure that PATH includes the location of the PlistBuddy helper tool as its location is not standard
 export PATH=$PATH:/usr/libexec
@@ -308,6 +312,7 @@ export PATH=$PATH:/usr/libexec
 # The first one may contain the wildcard character '*', in which case pattern matching will be used unless the third parameter is "STRICT"
 function does_bundle_id_match {
 
+    # shellcheck disable=SC2049
     if [[ "$1" == "$2" ]]; then
         return 0
     elif [[ "$3" != STRICT && "$1" =~ \* ]]; then
@@ -335,7 +340,7 @@ function provision_for_bundle_id {
 # Find the bundle identifier contained inside a provisioning profile
 function bundle_id_for_provison {
 
-    local FULL_BUNDLE_ID=`PlistBuddy -c 'Print :Entitlements:application-identifier' /dev/stdin <<< $(security cms -D -i "$1")`
+    local FULL_BUNDLE_ID=$(PlistBuddy -c 'Print :Entitlements:application-identifier' /dev/stdin <<< "$(security cms -D -i "$1")")
     checkStatus
     echo "${FULL_BUNDLE_ID#*.}"
 }
@@ -346,7 +351,7 @@ function add_provision_for_bundle_id {
     local PROVISION="$1"
     local BUNDLE_ID="$2"
 
-    local CURRENT_PROVISION=`provision_for_bundle_id "$BUNDLE_ID" STRICT`
+    local CURRENT_PROVISION=$(provision_for_bundle_id "$BUNDLE_ID" STRICT)
 
     if [[ "$CURRENT_PROVISION" != "" && "$CURRENT_PROVISION" != "$PROVISION" ]]; then
         error "Conflicting provisioning profiles '$PROVISION' and '$CURRENT_PROVISION' for bundle identifier '$BUNDLE_ID'."
@@ -371,7 +376,7 @@ function add_provision {
         error "Provisioning profile '$PROVISION' file does not exist"
     fi
 
-    local BUNDLE_ID=`bundle_id_for_provison "$PROVISION"`
+    local BUNDLE_ID=$(bundle_id_for_provison "$PROVISION")
     add_provision_for_bundle_id "$PROVISION" "$BUNDLE_ID"
 }
 
@@ -405,9 +410,9 @@ function resign {
     cp -f "$APP_PATH/Info.plist" "$TEMP_DIR/oldInfo.plist"
 
     # Read in current values from the app
-    local CURRENT_NAME=`PlistBuddy -c "Print :CFBundleDisplayName" "$APP_PATH/Info.plist"`
-    local CURRENT_BUNDLE_IDENTIFIER=`PlistBuddy -c "Print :CFBundleIdentifier" "$APP_PATH/Info.plist"`
-    local NEW_PROVISION=`provision_for_bundle_id "${BUNDLE_IDENTIFIER:-$CURRENT_BUNDLE_IDENTIFIER}"`
+    local CURRENT_NAME=$(PlistBuddy -c "Print :CFBundleDisplayName" "$APP_PATH/Info.plist")
+    local CURRENT_BUNDLE_IDENTIFIER=$(PlistBuddy -c "Print :CFBundleIdentifier" "$APP_PATH/Info.plist")
+    local NEW_PROVISION=$(provision_for_bundle_id "${BUNDLE_IDENTIFIER:-$CURRENT_BUNDLE_IDENTIFIER}")
 
     if [[ "$NEW_PROVISION" == "" && "$NESTED" != NESTED ]]; then
         NEW_PROVISION="$DEFAULT_PROVISION"
@@ -422,10 +427,11 @@ function resign {
         error "Use the -p option (example: -p com.example.app=xxxx.mobileprovision)"
     fi
 
-    local PROVISION_BUNDLE_IDENTIFIER=`bundle_id_for_provison "$NEW_PROVISION"`
+    local PROVISION_BUNDLE_IDENTIFIER=$(bundle_id_for_provison "$NEW_PROVISION")
 
     # Use provisioning profile's bundle identifier
     if [ "$BUNDLE_IDENTIFIER" == "" ]; then
+        # shellcheck disable=SC2049
         if [[ "$PROVISION_BUNDLE_IDENTIFIER" =~ \* ]]; then
             log "Bundle Identifier contains a *, using the current bundle identifier"
             BUNDLE_IDENTIFIER="$CURRENT_BUNDLE_IDENTIFIER"
@@ -447,7 +453,7 @@ function resign {
         if [ "${DISPLAY_NAME}" != "${CURRENT_NAME}" ];
         then
             log "Changing display name from '$CURRENT_NAME' to '$DISPLAY_NAME'"
-            `PlistBuddy -c "Set :CFBundleDisplayName $DISPLAY_NAME" "$APP_PATH/Info.plist"`
+            PlistBuddy -c "Set :CFBundleDisplayName $DISPLAY_NAME" "$APP_PATH/Info.plist"
         fi
     fi
 
@@ -456,10 +462,10 @@ function resign {
     security cms -D -i "$NEW_PROVISION" > "$TEMP_DIR/profile.plist"
     checkStatus
 
-    APP_IDENTIFIER_PREFIX=`PlistBuddy -c "Print :Entitlements:application-identifier" "$TEMP_DIR/profile.plist" | grep -E '^[A-Z0-9]*' -o | tr -d '\n'`
+    APP_IDENTIFIER_PREFIX=$(PlistBuddy -c "Print :Entitlements:application-identifier" "$TEMP_DIR/profile.plist" | grep -E '^[A-Z0-9]*' -o | tr -d '\n')
     if [ "$APP_IDENTIFIER_PREFIX" == "" ];
     then
-        APP_IDENTIFIER_PREFIX=`PlistBuddy -c "Print :ApplicationIdentifierPrefix:0" "$TEMP_DIR/profile.plist"`
+        APP_IDENTIFIER_PREFIX=$(PlistBuddy -c "Print :ApplicationIdentifierPrefix:0" "$TEMP_DIR/profile.plist")
         if [ "$APP_IDENTIFIER_PREFIX" == "" ];
         then
             error "Failed to extract any app identifier prefix from '$NEW_PROVISION'"
@@ -473,10 +479,10 @@ function resign {
     # Set new app identifer prefix if such entry exists in plist file
     PlistBuddy -c "Set :AppIdentifierPrefix $APP_IDENTIFIER_PREFIX." "$APP_PATH/Info.plist" 2>/dev/null
 
-    TEAM_IDENTIFIER=`PlistBuddy -c "Print :Entitlements:com.apple.developer.team-identifier" "$TEMP_DIR/profile.plist" | tr -d '\n'`
+    TEAM_IDENTIFIER=$(PlistBuddy -c "Print :Entitlements:com.apple.developer.team-identifier" "$TEMP_DIR/profile.plist" | tr -d '\n')
     if [ "$TEAM_IDENTIFIER" == "" ];
     then
-        TEAM_IDENTIFIER=`PlistBuddy -c "Print :TeamIdentifier:0" "$TEMP_DIR/profile.plist"`
+        TEAM_IDENTIFIER=$(PlistBuddy -c "Print :TeamIdentifier:0" "$TEMP_DIR/profile.plist")
         if [ "$TEAM_IDENTIFIER" == "" ];
         then
             warning "Failed to extract team identifier from '$NEW_PROVISION', resigned ipa may fail on iOS 8 and higher"
@@ -497,19 +503,19 @@ function resign {
     if [ "$CURRENT_BUNDLE_IDENTIFIER" != "$BUNDLE_IDENTIFIER" ];
     then
         log "Updating the bundle identifier from '$CURRENT_BUNDLE_IDENTIFIER' to '$BUNDLE_IDENTIFIER'"
-        `PlistBuddy -c "Set :CFBundleIdentifier $BUNDLE_IDENTIFIER" "$APP_PATH/Info.plist"`
+        PlistBuddy -c "Set :CFBundleIdentifier $BUNDLE_IDENTIFIER" "$APP_PATH/Info.plist"
         checkStatus
     fi
 
     # Update the version number properties in the Info.plist if a version number has been provided
     if [ "$VERSION_NUMBER" != "" ];
     then
-        CURRENT_VERSION_NUMBER=`PlistBuddy -c "Print :CFBundleVersion" "$APP_PATH/Info.plist"`
+        CURRENT_VERSION_NUMBER=$(PlistBuddy -c "Print :CFBundleVersion" "$APP_PATH/Info.plist")
         if [ "$VERSION_NUMBER" != "$CURRENT_VERSION_NUMBER" ];
         then
             log "Updating the version from '$CURRENT_VERSION_NUMBER' to '$VERSION_NUMBER'"
-            `PlistBuddy -c "Set :CFBundleVersion $VERSION_NUMBER" "$APP_PATH/Info.plist"`
-            `PlistBuddy -c "Set :CFBundleShortVersionString $VERSION_NUMBER" "$APP_PATH/Info.plist"`
+            PlistBuddy -c "Set :CFBundleVersion $VERSION_NUMBER" "$APP_PATH/Info.plist"
+            PlistBuddy -c "Set :CFBundleShortVersionString $VERSION_NUMBER" "$APP_PATH/Info.plist"
         fi
     fi
 
@@ -545,7 +551,7 @@ function resign {
         do
             if [[ "$framework" == *.framework || "$framework" == *.dylib ]]
             then
-                /usr/bin/codesign ${VERBOSE} ${KEYCHAIN_FLAG} -f -s "$CERTIFICATE" "$framework"
+                /usr/bin/codesign ${VERBOSE} "${KEYCHAIN_FLAG}" -f -s "$CERTIFICATE" "$framework"
                 checkStatus
             else
                 log "Ignoring non-framework: $framework"
@@ -555,20 +561,21 @@ function resign {
 
     # Check for and update bundle identifiers for extensions and associated nested apps
     log "Fixing nested app and extension references"
-    for key in ${NESTED_APP_REFERENCE_KEYS[@]}; do
+    for key in "${NESTED_APP_REFERENCE_KEYS[@]}"; do
         # Check if Info.plist has a reference to another app or extension
-        REF_BUNDLE_ID=`PlistBuddy -c "Print ${key}" "$APP_PATH/Info.plist" 2>/dev/null`
+        REF_BUNDLE_ID=$(PlistBuddy -c "Print ${key}" "$APP_PATH/Info.plist" 2>/dev/null)
         if [ -n "$REF_BUNDLE_ID" ];
         then
             # Found a reference bundle id, now get the corresponding provisioning profile for this bundle id
-            REF_PROVISION=`provision_for_bundle_id $REF_BUNDLE_ID`
+            REF_PROVISION=$(provision_for_bundle_id "$REF_BUNDLE_ID")
             # Map to the new bundle id
-            NEW_REF_BUNDLE_ID=`bundle_id_for_provison "$REF_PROVISION"`
+            NEW_REF_BUNDLE_ID=$(bundle_id_for_provison "$REF_PROVISION")
             # Change if not the same and if doesn't contain wildcard
+            # shellcheck disable=SC2049
             if [[ "$REF_BUNDLE_ID" != "$NEW_REF_BUNDLE_ID" ]] && ! [[ "$NEW_REF_BUNDLE_ID" =~ \* ]];
             then
                 log "Updating nested app or extension reference for ${key} key from ${REF_BUNDLE_ID} to ${NEW_REF_BUNDLE_ID}"
-                `PlistBuddy -c "Set ${key} $NEW_REF_BUNDLE_ID" "$APP_PATH/Info.plist"`
+                PlistBuddy -c "Set ${key} $NEW_REF_BUNDLE_ID" "$APP_PATH/Info.plist"
             fi
         fi
     done
@@ -578,7 +585,7 @@ function resign {
         if [ -n "$APP_IDENTIFIER_PREFIX" ];
         then
             # sanity check the 'application-identifier' is present in the provided entitlements and matches the provisioning profile value
-            ENTITLEMENTS_APP_ID_PREFIX=`PlistBuddy -c "Print :application-identifier" "$ENTITLEMENTS" | grep -E '^[A-Z0-9]*' -o | tr -d '\n'`
+            ENTITLEMENTS_APP_ID_PREFIX=$(PlistBuddy -c "Print :application-identifier" "$ENTITLEMENTS" | grep -E '^[A-Z0-9]*' -o | tr -d '\n')
             if [ "$ENTITLEMENTS_APP_ID_PREFIX" == "" ];
             then
                 error "Provided entitlements file is missing a value for the required 'application-identifier' key"
@@ -591,7 +598,7 @@ function resign {
         if [ -n "$TEAM_IDENTIFIER" ];
         then
             # sanity check the 'com.apple.developer.team-identifier' is present in the provided entitlements and matches the provisioning profile value
-            ENTITLEMENTS_TEAM_IDENTIFIER=`PlistBuddy -c "Print :com.apple.developer.team-identifier" "$ENTITLEMENTS" | tr -d '\n'`
+            ENTITLEMENTS_TEAM_IDENTIFIER=$(PlistBuddy -c "Print :com.apple.developer.team-identifier" "$ENTITLEMENTS" | tr -d '\n')
             if [ "$ENTITLEMENTS_TEAM_IDENTIFIER" == "" ];
             then
                 error "Provided entitlements file is missing a value for the required 'com.apple.developer.team-identifier' key"
@@ -670,9 +677,9 @@ function resign {
             "keychain-access-groups|APP_ID")
 
         # Loop over all the entitlement keys that need to be transferred from app entitlements
-        for RULE in ${ENTITLEMENTS_TRANSFER_RULES[@]}; do
-            KEY=$(echo $RULE | cut -d'|' -f1)
-            ID_TYPE=$(echo $RULE | cut -d'|' -f2)
+        for RULE in "${ENTITLEMENTS_TRANSFER_RULES[@]}"; do
+            KEY=$(echo "$RULE" | cut -d'|' -f1)
+            ID_TYPE=$(echo "$RULE" | cut -d'|' -f2)
 
             # Get the entry from app's entitlements
             # Read it with PlistBuddy as XML, then strip the header and <plist></plist> part
@@ -691,7 +698,9 @@ function resign {
             # Add new entry to patched entitlements
             # plutil needs dots in the key path to be escaped (e.g. com\.apple\.security\.application-groups)
             # otherwise it interprets they key path as nested keys
-            PLUTIL_KEY=`echo "$KEY" | sed 's/\./\\\\./g'`
+            # TODO: Should be able to replace with echo ${KEY//\./\\\\.} and remove shellcheck disable directive
+            # shellcheck disable=SC2001
+            PLUTIL_KEY=$(echo "$KEY" | sed 's/\./\\\\./g')
             plutil -insert "$PLUTIL_KEY" -xml "$ENTITLEMENTS_VALUE" "$PATCHED_ENTITLEMENTS"
 
             # Patch the ID value if specified
@@ -715,6 +724,33 @@ function resign {
         log "Replacing old bundle ID '$OLD_BUNDLE_ID' with new bundle ID '$NEW_BUNDLE_ID' in patched entitlements"
         sed -i .bak "s/$OLD_BUNDLE_ID/$NEW_BUNDLE_ID/g" "$PATCHED_ENTITLEMENTS"
 
+        log "Removing blacklisted keys from patched profile"
+        # See https://github.com/facebook/buck/issues/798 and https://github.com/facebook/buck/pull/802/files
+        BLACKLISTED_KEYS=(\
+            "com.apple.developer.icloud-container-development-container-identifiers" \
+            "com.apple.developer.icloud-container-environment" \
+            "com.apple.developer.icloud-container-identifiers" \
+            "com.apple.developer.icloud-services" \
+            "com.apple.developer.restricted-resource-mode" \
+            "com.apple.developer.ubiquity-container-identifiers" \
+            "com.apple.developer.ubiquity-kvstore-identifier" \
+            "inter-app-audio" \
+            "com.apple.developer.homekit" \
+            "com.apple.developer.healthkit" \
+            "com.apple.developer.in-app-payments" \
+            "com.apple.developer.associated-domains" \
+            "com.apple.security.application-groups" \
+            "com.apple.developer.maps" \
+            "com.apple.developer.networking.vpn.api" \
+            "com.apple.external-accessory.wireless-configuration"
+        )
+
+        # Blacklisted keys must not be included into new profile, so remove them from patched profile
+        for KEY in "${BLACKLISTED_KEYS[@]}"; do
+            log "Removing blacklisted key: $KEY"
+            PlistBuddy -c "Delete $KEY" "$PATCHED_ENTITLEMENTS" 2>/dev/null
+        done
+
         log "Resigning application using certificate: '$CERTIFICATE'"
         log "and patched entitlements:"
         log "$(cat "$PATCHED_ENTITLEMENTS")"
@@ -728,7 +764,7 @@ function resign {
         log "Resigning application using certificate: '$CERTIFICATE'"
         log "and entitlements from provisioning profile: $NEW_PROVISION"
         cp -- "$TEMP_DIR/newEntitlements" "$APP_PATH/archived-expanded-entitlements.xcent"
-        /usr/bin/codesign ${VERBOSE} ${KEYCHAIN_FLAG} -f -s "$CERTIFICATE" --entitlements "$TEMP_DIR/newEntitlements" "$APP_PATH"
+        /usr/bin/codesign ${VERBOSE} "${KEYCHAIN_FLAG}" -f -s "$CERTIFICATE" --entitlements "$TEMP_DIR/newEntitlements" "$APP_PATH"
         checkStatus
     fi
 
@@ -762,6 +798,8 @@ log "Repackaging as $NEW_FILE"
 # Zip all the contents, saving the zip file in the above directory
 # Navigate back to the orignating directory (sending the output to null)
 pushd "$TEMP_DIR" > /dev/null
+# TODO: Fix shellcheck warning and remove directive
+# shellcheck disable=SC2035
 zip -qry "../$TEMP_DIR.ipa" *
 popd > /dev/null