New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

App crashes when sandboxed. #1

Closed
mlakkadshaw opened this Issue Feb 21, 2015 · 8 comments

Comments

Projects
None yet
2 participants
@mlakkadshaw

mlakkadshaw commented Feb 21, 2015

Hi,
When I sandbox and run the app, the app crashes, and I can see this message in the console:
node-webkit Help(21572) deny forbidden-sandbox-reinit

node-webkit Help(21572) deny forbidden-sandbox-reinit

Process: node-webkit Help [21572]
Path: /Users/User/deployer.app/Contents/Frameworks/node-webkit Helper.app/Contents/MacOS/node-webkit Helper
Load Address: 0x1025d0000
Identifier: com.intel.nw.helper
Version: 2125.104 (38.0.2125.104)
Code Type: x86_64 (Native)
Parent Process: node-webkit [21569]

Date/Time: 2015-02-21 20:06:44.985 +0530
OS Version: Mac OS X 10.10.2 (14C109)
Report Version: 8

Thread 0:
0 libsystem_kernel.dylib 0x00007fff8fa50e92 mac_syscall + 10
1 libsystem_secinit.dylib 0x00007fff8a162b21 libsecinit_initialize_once + 20
2 libdispatch.dylib 0x00007fff8ccabc13 dispatch_client_callout + 8
3 libdispatch.dylib 0x00007fff8ccabb26 dispatch_once_f + 117
4 libSystem.B.dylib 0x00007fff90005aaa libSystem_initializer + 131
5 dyld 0x00007fff62f7aceb ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 265
6 dyld 0x00007fff62f7ae78 ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40
7 dyld 0x00007fff62f77871 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 305
8 dyld 0x00007fff62f77806 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 198
9 dyld 0x00007fff62f77806 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 198
10 dyld 0x00007fff62f77806 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 198
11 dyld 0x00007fff62f77806 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 198
12 dyld 0x00007fff62f77806 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 198
13 dyld 0x00007fff62f77806 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 198
14 dyld 0x00007fff62f776f8 ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 138
15 dyld 0x00007fff62f77969 ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 75
16 dyld 0x00007fff62f6a245 dyld::initializeMainExecutable() + 187
17 dyld 0x00007fff62f6dbe1 dyld::main(macho_header const, unsigned long, int, char const
, char const
, char const__, unsigned long_) + 2716
18 dyld 0x00007fff62f69276 dyldbootstrap::start(macho_header const_, int, char const__, long, macho_header const_, unsigned long*) + 512
19 dyld 0x00007fff62f69036 _dyld_start + 54

Binary Images:
0x7fff62f68000 - 0x7fff62f9e837 dyld (353.2.1) <65dccb06-339c-3e25-9702-600a28291d0e> /usr/lib/dyld
0x7fff8a162000 - 0x7fff8a163fff libsystem_secinit.dylib (18) <581dad0f-6b63-3a48-b63b-917af799abaa> /usr/lib/system/libsystem_secinit.dylib
0x7fff8ccaa000 - 0x7fff8ccd4ff7 libdispatch.dylib (442.1.4) <502cf32b-669b-3709-8862-08188225e4f0> /usr/lib/system/libdispatch.dylib
0x7fff8fa3b000 - 0x7fff8fa58fff libsystem_kernel.dylib (2782.10.72) <97cd7acd-ea0c-3434-befc-fcd013d6bb73> /usr/lib/system/libsystem_kernel.dylib
0x7fff90004000 - 0x7fff90005fff libSystem.B.dylib (1213) <90b107bc-ff74-32cc-b1cf-4e02f544d957> /usr/lib/libSystem.B.dylib

I am using the following entitlements:

entitlements.child
`

com.apple.security.app-sandbox com.apple.security.inherit `

entitlements.parent
`

com.apple.security.app-sandbox com.apple.security.network.client com.apple.security.network.server com.apple.security.files.user-selected.read-write com.apple.security.temporary-exception.files.absolute-path.read-write /private/tmp/ /private/var/tmp/ /private/var/folders/ml/ `
@alexeyst

This comment has been minimized.

Show comment
Hide comment
@alexeyst

alexeyst Feb 22, 2015

Owner

Hello Mohammed,

Could you please let me know what kind of command line is used to sign the app with these entitlements. I've seen this error and I fixed it by tweaking the command line and the order of execution.

Owner

alexeyst commented Feb 22, 2015

Hello Mohammed,

Could you please let me know what kind of command line is used to sign the app with these entitlements. I've seen this error and I fixed it by tweaking the command line and the order of execution.

@alexeyst

This comment has been minimized.

Show comment
Hide comment
@alexeyst

alexeyst Feb 22, 2015

Owner

So, I got it to work by using the following:

codesign --deep -s <your identity> -i com.yourapp.name --entitlements /tmp/entitlements.child

This needs to be first executed on each of 3 Helper apps, and on any so or compiled modules you included.

Then the same command line but with parent entitlements is executed on the main app. I hope it helps! Let me know!

Owner

alexeyst commented Feb 22, 2015

So, I got it to work by using the following:

codesign --deep -s <your identity> -i com.yourapp.name --entitlements /tmp/entitlements.child

This needs to be first executed on each of 3 Helper apps, and on any so or compiled modules you included.

Then the same command line but with parent entitlements is executed on the main app. I hope it helps! Let me know!

@alexeyst

This comment has been minimized.

Show comment
Hide comment
@alexeyst

alexeyst Feb 22, 2015

Owner

And finally, make sure that your bundle ID (com.yourapp.name) used in the command line matches the one specified in your plist files for both main app and all Helper apps inside. So, if you're using the regular bundle ID of Intel be sure to change it to something unique for main app and sub apps.

Owner

alexeyst commented Feb 22, 2015

And finally, make sure that your bundle ID (com.yourapp.name) used in the command line matches the one specified in your plist files for both main app and all Helper apps inside. So, if you're using the regular bundle ID of Intel be sure to change it to something unique for main app and sub apps.

@mlakkadshaw

This comment has been minimized.

Show comment
Hide comment
@mlakkadshaw

mlakkadshaw Feb 23, 2015

Hi Alexey,

I am using the following commands to sign the app

codesign --deep -s "" -i "com.mlco.deployer.Helper"
--entitlements /tmp/entitlements.child
"/Users/mohammed/deployer.app/Contents/Frameworks/node-webkit
Helper.app"

codesign --deep -s "" -i "com.mlco.deployer.Helper.EH"
--entitlements /tmp/entitlements.child
"/Users/mohammed/deployer.app/Contents/Frameworks/node-webkit
Helper EH.app"

codesign --deep -s "" -i "com.mlco.deployer.Helper.NP"
--entitlements /tmp/entitlements.child
"/Users/mohammed/deployer.app/Contents/Frameworks/node-webkit
Helper NP.app"

codesign --deep -s "" -i "com.mlco.deployer" --entitlements
/tmp/entitlements.parent "/Users/mohammed/deployer.app"

I have also change the bundle identified in Info.plist of all the helper
apps and main app.

Still I am getting the same error, any ideas why?

Thanks

On Sun, Feb 22, 2015 at 1:58 PM, Alexey Stoletny notifications@github.com
wrote:

And finally, make sure that your bundle ID (com.yourapp.name) used in the
command line matches the one specified in your plist files for both main
app and all Helper apps inside. So, if you're using the regular bundle ID
of Intel be sure to change it to something unique for main app and sub apps.


Reply to this email directly or view it on GitHub
#1 (comment)
.

mlakkadshaw commented Feb 23, 2015

Hi Alexey,

I am using the following commands to sign the app

codesign --deep -s "" -i "com.mlco.deployer.Helper"
--entitlements /tmp/entitlements.child
"/Users/mohammed/deployer.app/Contents/Frameworks/node-webkit
Helper.app"

codesign --deep -s "" -i "com.mlco.deployer.Helper.EH"
--entitlements /tmp/entitlements.child
"/Users/mohammed/deployer.app/Contents/Frameworks/node-webkit
Helper EH.app"

codesign --deep -s "" -i "com.mlco.deployer.Helper.NP"
--entitlements /tmp/entitlements.child
"/Users/mohammed/deployer.app/Contents/Frameworks/node-webkit
Helper NP.app"

codesign --deep -s "" -i "com.mlco.deployer" --entitlements
/tmp/entitlements.parent "/Users/mohammed/deployer.app"

I have also change the bundle identified in Info.plist of all the helper
apps and main app.

Still I am getting the same error, any ideas why?

Thanks

On Sun, Feb 22, 2015 at 1:58 PM, Alexey Stoletny notifications@github.com
wrote:

And finally, make sure that your bundle ID (com.yourapp.name) used in the
command line matches the one specified in your plist files for both main
app and all Helper apps inside. So, if you're using the regular bundle ID
of Intel be sure to change it to something unique for main app and sub apps.


Reply to this email directly or view it on GitHub
#1 (comment)
.

@alexeyst

This comment has been minimized.

Show comment
Hide comment
@alexeyst

alexeyst Feb 23, 2015

Owner

Could you try setting a single bundle ID to all four apps, so that even helper apps also have com.mico.deployer?

That is what I have ended up doing.

Owner

alexeyst commented Feb 23, 2015

Could you try setting a single bundle ID to all four apps, so that even helper apps also have com.mico.deployer?

That is what I have ended up doing.

@mlakkadshaw

This comment has been minimized.

Show comment
Hide comment
@mlakkadshaw

mlakkadshaw Feb 23, 2015

Changing the build id of all the four apps to com.mico.deployer worked!
Thanks for your help, and thanks for fixing the 0.11.5 of node-webkit for mac appstore, If you want, I will send you a free copy of my app when launched.

mlakkadshaw commented Feb 23, 2015

Changing the build id of all the four apps to com.mico.deployer worked!
Thanks for your help, and thanks for fixing the 0.11.5 of node-webkit for mac appstore, If you want, I will send you a free copy of my app when launched.

@alexeyst

This comment has been minimized.

Show comment
Hide comment
@alexeyst

alexeyst Feb 24, 2015

Owner

Great! Congrats! @mlakkadshaw

Owner

alexeyst commented Feb 24, 2015

Great! Congrats! @mlakkadshaw

@alexeyst

This comment has been minimized.

Show comment
Hide comment
@alexeyst

alexeyst Feb 24, 2015

Owner

Definitely, I'd be happy to see the app! @mlakkadshaw

Owner

alexeyst commented Feb 24, 2015

Definitely, I'd be happy to see the app! @mlakkadshaw

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment