I have a Flutter app that should be sandboxed for Appstore and this app should run a binary that I build with make.
I sign that binary with Developer ID certificate:
codesign -v -f --options=runtime --entitlements "./macos/Runner/binary_sandboxed.entitlements" --sign "Developer ID Application: ..." ./path/to/binary
here is binary_sandboxed.entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>$(TEAM_ID).$(PRODUCT_BUNDLE_IDENTIFIER)</string>
</array>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
</dict>
</plist>
and the main app runned with entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>Q7Q43CUMWT.$(PRODUCT_BUNDLE_IDENTIFIER)</string>
</array>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)$(PRODUCT_BUNDLE_IDENTIFIER)</string>
</array>
</dict>
</plist>
When I run app I get an error ProcessException: Operation not permitted
In console log I see this message:
denied since it was quarantined by Main app and created without user consent, qtn-flags was 0x00000086
if delete quarantine flag binary in Containers
xattr -d com.apple.quarantine /Users/appuser/Library/Containers/com.bin/Data/Library/Application Support/com.bin/binary
I got an error when run binary
zsh: illegal hardware instruction
failed: Unable to get bundle identifier because code signature information has no Info.Plist.
What did I do wrong?
And what should I do?
PixelPlex
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Post
Replies
Boosts
Views
Activity
The application "..." can't be opened'
When I try to run app on some Macs, 5\7 mac opens binary normally, but 2\7 got this message. On all Macs, the firewall is disabled.
My app is notarized for developer_id and signed, also it uploaded to testflight and verified.
Workaround is:
xattr -cr </path/to/app>
But I need a real cause and solution.
logs from terminal
% open /Users/someuser/dir/App.app
The application cannot be opened for an unexpected reason, error=Error Domain=NSOSStatusErrorDomain Code=-10810 "kLSUnknownErr: Unexpected internal error" UserInfo={_LSFunction=_LSLaunchWithRunningboard, _LSLine=2735, NSUnderlyingError=0x6000023693b0 {Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600002369290 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}}}