Hi,
Context:
I developed a streaming player and I have an issue after signing my binary with entitlements.
Issue:
After building my player without any signature, the player runs and plays a stream.
After signing my player (binary and its shared libraries) without any entitlements, the player runs but fails to play a stream. Failure is due to a shared library which needs to access hardware routines. This issue is known and it seems the shared library needs entitled options to run (com.apple.security.cs.allow-jit and com.apple.security.cs.allow-unsigned-executable-memory)
After signing my player (just the binary) with entitlments and shared libraries without entitlements, player is killed without reason (error code or message) at the beginning.
Command used:
to sign shared libraries
codesign --deep --force --options runtime --verbose -s "..." -i "..." player.bin
to sign player binary
codesign --deep --force --options runtime --verbose --entitlements ./entitlement.plist -s "..." -i "..." player.bin
Entitlements file used:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>
com.apple.security.cs.allow-jit</key>
<true/>
<key>
com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
</dict>
</plist>
Tests done:
I removed quarantine extended attribute (to be sure)
I verified my signatures (binary and shared libraries)
codesign -vvvv <binary and shared_libraries>
I verified my entitlements
codesign --display --entitlements :- player.bin
Questions:
1/ How to know why my player is killed (an error code, message, ...)
2/ Do I use correctly entitlements which seem being the problem
- Is entitlement file ok ?
- Do I install entitlements file somewhere specific (In my mind it is useless after the signature) ?
3/ Perhaps entitlements I want to use have some environment constraints or prerequesites ? If so where I can find them ?
If you need more information, don't hesitate.
Thanks a lot