New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MAS com.apple.security.app-sandbox in entitlements crashes the application #4790
Comments
I have identical issue with identical setup. Also I can change entitlements to anything I want and all works except the case when I enable app-sandbox in entitlements. Tried building for mas-dev and mas with different provision profiles and certificates. Any updates on this? |
Having the exact same issue here too. Add |
The reason the entitlements gets "messed up" is because your entitlements are being regenerated with extra fields, and then binary encoded. This only occurs when com.apple.securirty.app-sandbox is supplied in your entitlements, and is caused by util-entitlements.js in electron-osx-sign. I'm currently unsure why this process takes place, because my native (non-electron) macOS apps don't have any of the extra stuff electron-osx-sign is adding to the entitlements, and further they are not in the encoded format being used here. |
@schetle yep I think you're right. See electron/osx-sign#223 (comment) for reversal of this binary encoding. |
@schetle doesn't the binary encoding stem from the |
@sangeeth96 The originating call for the entitlements (specifically the parent entitlements) getting encoded is in the preAutoEntitlements code in util-entitlements.js from the dependent electron-osx-sign package. The code can be seen on line 88 of util-entitlements.js. It is calling into appBuilder to perform the operation, it looks like, but you can prevent entitlements from getting encoded by preventing the call altogether. Bypassing that whole section of electron-osx-sign will prevent your entitlements from getting encoded. Take a peek at the file for confirmation of this. |
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Of course it is relevant! Fucking slate bot!
сб, 11 июл. 2020 г., 17:04 stale[bot] <notifications@github.com>:
… Is this still relevant? If so, what is blocking it? Is there anything you
can do to help move it forward?
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#4790 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAF6VB7C3KK5O6TUXY36HTTR3B5PBANCNFSM4LMJ4WXQ>
.
|
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
It is relevant and no solution is provided... |
One of the many critical issues solved by the great stale bot! 🥳 |
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
no fix yet... |
I had this issue but found out that it was because I was using requestSingleInstanceLock() in the main.js file and this was crashing the mas-dev build when setting sandbox in the entitlements |
The mas-dev runs well after I install the correct provisionprofile. My crash info was 'EXC_CRASH (Code Signature Invalid)'. "electron-builder": "22.10.5" |
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
☝️ |
I'm still running into this exact issue. How do we fix this? |
Same here ( |
I have the same issue. Is there a basic entitlement file working somewhere? |
I had been stuck on this issue for 2-3 days and finally I made it work! Put *.plist files and *.provisionprofile files in the root of
|
On my side, this issue #7229 helped me to resolve the problem. |
Thank you so much for your solution here, this solved a problem that had been bugging me for weeks, especially the second point.
|
anyone fixed this? I have sandbox but it quits. |
Sandbox entitlement is crashing the mas build on startup. The application works fine if I do not include
<key>com.apple.security.app-sandbox</key><true/>
, but it is refused by Mac Store. I tried using both mac and mas plist.I even tried a workaround proposed in [https://github.com/electron/osx-sign/issues/192](this issue) to add to
node_modules/app-builder-lib/templates/entitlements.mac.plist
the sandbox entitlement. The app crashes.Here is my build config:
I identified the problem by checking the entitlements of the output. It seems that when I add sandbox entitlement it completely messes up the xml.
Here is the output of
codesign -d --entitlements :- Test.app
when entitlements do not include sandbox:That is exactly the xml that I have in my entitlements.mas.plist.
However, when I add the sandbox entitlement to mas.plist or to mas.inherit.plist, this is the output:
As you can see the entitlements are completely messed up because of the sandbox. Seems that there is some issue in how the entitlements are created during the build.
Any suggestions of what might be wrong?
The text was updated successfully, but these errors were encountered: