New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Entitlements for saving to user-selected dir #271
Comments
Which version of Electron are you building packages with? |
v0.36.8. I'll add as a comment in the original post, too |
@positlabs Actually, this looks to me like a folder permission error. If you'd like to add one other item in your parent.list the temporary exception of file read and write, not sure if this could be resolved. |
Tried adding this key to entitlements, but I'm still seeing the error. Also attempted a build using Electron v0.35.6, to no effect. I'm using ffmpeg v2.8.6 via prebuilt binaries. It works fine just running electron directly, but fails in the signed app. I suppose i could lose this feature of having a cached output directory (instead, write to one of the specific document folders that is allowed), but it seems silly that it's not allowed. |
Is the entitlements done like the following?
|
That did it! Thanks @sethlu! I think i remember reading something about apple not liking when apps use that entitlement, though. Seems like it's just a convenient way to circumvent their file i/o security model. I will try submitting to mac app store and see what they say! |
@sethlu what is the reason behind using v0.35.6 for mas builds? |
Looks like he's documented this in electron-osx-sign: https://github.com/sethlu/electron-osx-sign/wiki/2.-Electron-Compatibility |
Hmm. I'm not seeing that issue when i build with v0.36.8, but I will follow your recommendation, @sethlu. |
@positlabs Great it works! The reason I'm saying v0.35.6 may be the best compatible mas build for distribution is that when sandboxed, there is an issue in rendering the graphics with Electron (at least on my machine 😕), of which reason I'm not totally sure about. However, I guess when they upgrade their Chromium (PR: electron/libchromiumcontent#175), the glitch could ease a bit. As the darwin builds don't really need to get sandboxed, they should be fine. |
On the ffmpeg, @jasonhinkle has tried to upload one of his apps to the App Store with his self-built binary. However, it seems that ffmpeg calls some of Apple's private APIs. Not sure if libffmpeg.dylib's doing the same. |
Is that an issue in regards to sandboxing? Or acceptance to the app store? I'm a web dev, by trade. Not too familiar with native dev stuff. Jumping hurdles as they come :) |
I've compiled a custom version of ffmpeg but I haven't tried submitting it yet, once I do that (this week with luck) if it gets accepted I'll post instructions. I don't really know what side-effects my changes will have as well, it may crash depending on what ffmpeg features you use! |
@jasonhinkle let me know how it goes! I'm going to try submitting by the end of the week. |
First attempt: REJECTED! I tried using app-scope bookmarks since the docs describe the exact issue I'm trying to solve.
@sethlu It seems like this is probably an issue with Electron mas builds. What do you think? Should I file this issue over at https://github.com/atom/electron ? |
I see the security concerns with The app-scope bookmarks actually looks like a nice solution, but (from App Sandbox In Depth):
I'm not sure about a way to prompt for any file open/save from I guess forwarding this to https://github.com/atom/electron may give us some better answers. Let me take a look at the Atom source code and see how they get around with this. (Probably it'll malfunction after sandboxed.) From StackOverflow: Mac OS In App Sandbox Entitlements Directory Read Issue |
All that I can say from Atom (https://github.com/atom/atom/blob/7aab88c4f62eb671bdfb9c036d1f0733f913109d/src/browser/atom-application.coffee) is that there's a |
Yea, I guess the So if there's a way from Node to get something like (in Coffee) |
I have not done that yet myself but when I was reading about it my impression is that the sandbox exception entitlement requires that the user's file selection has to be done through a native file open/save dialog. Perhaps this page would be helpful? http://www.mylifeforthecode.com/getting-started-with-standard-dialogs-in-electron/ |
I am using the This article describes the process of storing bookmarked paths. It seems like some logic will need to be added to Electron before this works automatically. |
@jasonhinkle any luck on submitting that custom ffmpeg build? I've tried submitting without customizing and apple flagged it immediately.
|
I believe the same was mentioned in electron/osx-sign#5. |
I'm going to close this since it will be resolved by electron/electron#4637 |
@positlabs Hey, sorry I didn't get around to submitting due to other stuff coming up. I have a custom build that you can grab which I believe has the private API calls removed - however it also is missing some bits as well hopefully would not affect your app. ffmpeg here as of today https://github.com/jasonhinkle/Tube-DL/tree/master/assets/bin/osx is my custom build. If you would like to try using that and re-submit your app, i'd be curious to see if it is accepted. |
Awesome! I'll give it a shot and let you know if it works. |
@jasonhinkle when I try using that build of ffmpeg in my app (even non-packaged, unsandboxed), it dies.
|
Hmm what feature are you using of ffmpeg? I basically commented out the offending code and throw an error if that function is called. I only use ffmpeg for file conversions so my app never hits that part of the code. It seems to be code that is validating an SSL cert, which indicates probably an http call. To actually re-implement it without the private API call looks like a tricky job. |
I am trying to save a user-selected output directory path so I can save to it in the future, without having the user re-select the dir every time the app is restarted. I think I have more than enough entitlements in the plists, so I'm not sure why it's borking.
5.2.1 (but actually latest/master)
OSX 10.11.3
darwin & mas, x64
parent.plist
child.plist
The text was updated successfully, but these errors were encountered: