On Fri, Jan 10, 2020 at 11:17 AM Nuno Santos <nunosan...@imaginando.pt> wrote:
>
> Roland,
>
> After spending more than 4 hours googling and searching for others examples
> and realising I was not doing anything wrong I have stumbled with a detail
> that was causing the crash.
>
> I was codesiging it with: codesign BUNDLE.app -s \"Developer ID Application:
> Acme Inc. (XPTO)\" --options "runtime"
>
> Removing the —options “runtime” did the trick. The documentation says:
>
> runtime On macOS versions >= 10.14.0, opts signed processes into a hard-
> ened runtime environment which includes runtime code signing
> enforcement, library validation, hard, kill, and debugging
> restrictions. These restrictions can be selectively relaxed via
> entitlements. Note: macOS versions older than 10.14.0 ignore the
> presence of this flag in the code signature.
>
> But I still don’t understand why it was crashing with this option.
>
> The app was not crashing on the computer that was built and signed but as
> soon it ran on another computer it would crash with the
> __CRASHING_DUE_TO_PRIVACY_VIOLATION__ reason.
>
> This was a very tricky one!
>
> Thanks for your reply.
>
> Best regards,
>
> Nuno
>
Nuno,
Mac OS 10.15 requires every software to be delivered from iTunes App Store or
to be notarized.
For Mac software (not being distributed via Store) to be notarized,
hardening runtime seems to be a pre-condition.
Signing with hardening runtime (-o runtime), you can pass some escapes
using the entitlements.plist, for example:
<?xml version="1.0" encoding="utf-8"?>
<plist version="1.0">
<dict>
<key>com.apple.security.automation.apple-events</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>
and some others.
codesign --deep -o runtime -f -vv --entitlements ./entitlements.plist
--preserve-metadata=identifier,entitlements,requirements,runtime
--timestamp -s
"Developer ID Application: Your.app" ./Your.app
Afterwords you place the app to an archive or package, notarize it
with Apple and staple prior to distribution.
I was getting various strange crashes prior to doing that.
Kind regards,
Robert Iakobashvili
............................
_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest
