Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
MAS com.apple.security.app-sandbox in entitlements crashes the application
See original GitHub issue- Version: 22.4.1
- Target: mas
Sandbox entitlement is crashing the mas build on startup. The application works fine if I do not include <key>com.apple.security.app-sandbox</key><true/>, but it is refused by Mac Store. I tried using both mac and mas plist.
I even tried a workaround proposed in [https://github.com/electron/electron-osx-sign/issues/192](this issue) to add to node_modules/app-builder-lib/templates/entitlements.mac.plist the sandbox entitlement. The app crashes.
Here is my build config:
"build": {
"productName": "xxxxx",
"appId": "com.xxx.xx",
"artifactName": "${productName} Setup-${version}.${ext}",
"mac": {
"entitlementsInherit": "build/entitlements.mac.plist",
"category": "public.app-category.business",
"extraResources": [
{
"from": "./preconfigMac",
"to": "preconfig",
"filter": [
"*.sh"
]
}
]
},
"directories": {
"output": "release"
},
"files": [
"dist/",
"package.json"
],
"protocols": {
"name": "Test protocol",
"role": "Viewer",
"schemes": [
"test"
]
},
"mas": {
"type": "distribution",
"provisioningProfile": "embedded.provisionprofile",
"entitlements": "build/entitlements.mas.plist",
"entitlementsInherit": "build/entitlements.mas.inherit.plist"
},
"afterSign": "scripts/notarize.js"
},
I identified the problem by checking the entitlements of the output. It seems that when I add sandbox entitlement it completely messes up the xml.
Here is the output of codesign -d --entitlements :- Test.app when entitlements do not include sandbox:
Executable=xxxxxx
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>
That is exactly the xml that I have in my entitlements.mas.plist.
However, when I add the sandbox entitlement to mas.plist or to mas.inherit.plist, this is the output:
Executable=xxxxx
bplist00?
_ com.apple.application-identifier_#com.apple.developer.team-identifier_com.apple.security.app-sandbox_%com.apple.security.application-groups_com.apple.security.cs.allow-jit_6com.apple.security.cs.allow-unsigned-executable-memory_0com.apple.security.cs.disable-library-validation_xxxxxx ? :`???7U`acdef%
As you can see the entitlements are completely messed up because of the sandbox. Seems that there is some issue in how the entitlements are created during the build.
Any suggestions of what might be wrong?
Issue Analytics
- State:
- Created 4 years ago
- Reactions:11
- Comments:27 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
One of the many critical issues solved by the great stale bot! 🥳
Same here (