Hello everyone,
I'm developing a macOS app with Python and PyInstaller, and I've hit a roadblock with microphone permissions. The app prompts for microphone access correctly when running unsigned. However, after signing with the hardened runtime option, the prompt no longer appears, and the app can't access the mic.
Here's what my setup looks like:
Python app packaged with PyInstaller
Entitlements file with com.apple.security.device.microphone and com.apple.security.cs.allow-unsigned-executable-memory
Signing command:
codesign --deep --force --verify --timestamp --verbose --sign "Developer ID Application: [******]" --options=runtime --entitlements ./entitlements.plist main.app
I've tried resetting microphone permissions and PRAM to no avail.
entitlements.plist looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<!-- 允许应用使用未签名的可执行内存 -->
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<!-- 其他你的应用可能需要的键 -->
<!-- 比如麦克风使用权限 -->
<key>com.apple.security.device.microphone</key>
<true/>
</dict>
</plist>
Testing without the --options=runtime flag works perfectly - the mic prompt appears, and the log file is created. With the flag, neither the prompt nor the log file appears.
Has anyone faced a similar issue or can offer insight into why the hardened runtime option might be causing this? Any guidance or workaround to have the microphone permission prompt appear with hardened runtime enabled would be highly appreciated.
Thanks in advance for your help!