Post

Replies

Boosts

Views

Activity

Reply to Looks like the signed app losing entitlements
@DTS Engineer Yes, those crazy behaviors do not depend on how I run the application. It has identical behaviors if I run it from Finder after the build. I dig more into it. And it looks like the mmap behavior changes after signing for a short time. But not anything out from what is documented. And this change looks to be a reason for what I see.
Sep ’24
Reply to Looks like the signed app losing entitlements
@DTS Engineer Thanks for the information. I believe I will use them later. Now, back to the problem. In Xcode, I use "Clean build folder", enable "Allow Unsigned executable memory" in Signing & Capabilities, and let Xcode automatically manage signing with my personal developer team and my Developer certificate/ID. I use Product -> Build followed by Product -> Run, and I am happy. I click on the "Do Lua script" button and it takes 0.1 seconds to finish the script. I use Product -> Run again (no rebuild, resigning), and I am surprised, I click on the "Do Lua script" button, select the same script and it takes 18 seconds to finish it. Sometimes 2nd, 3rd runs still work well. So, it looks like entitlements "Allow Unsigned executable memory" work as expected but unfortunately only some short time after the app signs. If it is a problem in the application I expect a deterministic entitlement behavior if I use the same inputs. I see also the same call sequences in the debugger. This does not look like an application problem to me but like some crazy signing issue. I did not find anything successful to fix it, so I am here. What should I do to determine what is going on and how to fix it?
Sep ’24
Reply to Looks like the signed app losing entitlements
@DTS Engineer You’re signing your code with --deep, which is a bad idea. See --deep Considered Harmful. If you’re going to sign code manually, rather than with Xcode, check out: No difference with and without --deep. The first app run works well, next runs work badly. I experimented with many codesign variants, I started with a version copied from Xcode .xcactivitylog. However, I strongly recommend that you enable the hardened runtime regardless of your deployment channel. Does it mean I cannot check if hardened runtime entitlements take effect with the developer/ad-hoc signature? I plan to check it locally with ad-hoc or personal developer ID if I can fix that and pay for the developer account only if I see, that it makes sense to do.
Sep ’24