Notarized Mac Catalyst app fails to run due to com.apple.developer.user-fonts entitlement

Question

Created Feb ’20

Replies 7

Boosts 0

Views 3.7k

Participants 3

I have an iOS app which I'm trying to build with mac Catalyst. It works well locally but I'm having problems when I try and build a notarized version to send to testers. I have sucessfully notarized the app but when I run it, nothing happens. Console logs this:

default 10:10:46.455899+0000 taskgated-helper 70673: 0xdfd172 Checking profile: XC OSX: com.hacknicity.adaptivity.a

error 10:10:46.455919+0000 taskgated-helper 70673: 0xdfd172 com.hacknicity.adaptivity.a: Unsatisfied entitlements: com.apple.developer.user-fonts

error 10:10:46.455934+0000 taskgated-helper 70673: 0xdfd172 Disallowing: com.hacknicity.adaptivity.a

default 10:10:46.456962+0000 amfid 184: 0xdfd304 /Users/geoff/Desktop/Adaptivity.app/Contents/MacOS/AdaptivityA signature not valid: -67671

default 10:10:46.457021+0000 kernel 0: 0xdfd3ce proc 70702: load code signature error 4 for file "AdaptivityA"

default 10:10:46.457380+0000 kernel 0: 0xdfd3cf Security policy would not allow process: 70702, /Users/geoff/Desktop/Adaptivity.app/Contents/MacOS/AdaptivityA

default 10:10:46.465528+0000 ReportCrash 530: 0xdfce46 Parsing corpse data for process AdaptivityA [pid 70702]

default 10:10:47.329601+0000 ReportCrash 530: 0xdfce46 Saved crash report for AdaptivityA[70702] version ??? to AdaptivityA_2020-02-25-101047_Villanelle-2.crash

The iOS app has the Fonts->Use Installed Fonts capability configured in Xcode and I use UIFontPickerViewController to allow the user to choose a custom font. That view controller simply doesn't appear on Mac Catalyst, so I conditionally removed that part of the UI. However, the entitlements are shared between the iOS and Catalyst versions so I can't have it enabled in one and not in the other.

I suspect I might need to switch to manual signing so I can use separate provisioning profiles for the iOS and Catalyst versions. That seems like it shouldn't be necessary...

Boost

Answer 1

hacknicity OP

Feb ’20

Sumitted as Feedback 7599197

0

Answer 2

hacknicity OP

Feb ’20

As far as I can tell, it looks like Xcode is embedding an entitlements file with com.developer.user-fonts included into both the iOS and Catalyst builds. But the provisioning profile it automatically creates for Catalyst does not include it, creating the run-time mismatch. The iOS provisioning profile does have it.

It seems to be impossible to have separate entitlements for iOS and Catalyst (unless I create a separate target, but I can't do that because this is a universal app with the same bundle id for iOS and Catalyst). Maybe there is some way I can add a custom build step to strip user-fonts out of the entitlements file after it has been copied to the DerivedSources folder during a Catalyst build. But I'm not really sure how to do that!

0

Answer 3

hacknicity OP

Mar ’20

I was able to work around this issue by reaching into the intermediate files that Xcode creates during a build and to remove the com.apple.developer.user-fonts entitlement when building for Mac Catalyst. I added a Run Script to the build phases for my app. I added it before "Compile Sources", which is probably earlier than it needs to be:

if [ "${IS_MACCATALYST}" = "YES" ]; then
    ENTITLEMENTS_FILE="${TARGET_TEMP_DIR}/${FULL_PRODUCT_NAME}.xcent"
    
    echo "Removing com.apple.developer.user-fonts entitlement on Mac Catalyst from ${ENTITLEMENTS_FILE}"
    plutil -remove "com\.apple\.developer\.user-fonts" "${ENTITLEMENTS_FILE}"
fi

1

Answer 4

JoshDev OP

Apr ’20

I'm experiencing the same issue but for the entitlement "com.apple.developer.networking.wifi-info"

Luckily I don't need it on mac so I was able to remove it from the Mac Catalyst build using your script. Thanks.

0

Answer 5

hacknicity OP

Jun ’20

An update on this issue. Apple updated Feedback 7599197 and said:

Please verify this issue with the Xcode 12 beta 1 and update your bug report with your results by logging into https://feedbackassistant.apple.com/ or by using the Feedback Assistant app.

I'm still using macOS 10.15.5 (not Big Sur) and disabled my workaround that removes the entitlement when building for Catalyst. When I archive and attempt to upload to the notarisation service I now get an error:

Cannot create a Mac Catalyst Developer ID provisioning profile for "com.hacknicity.adaptivity.a". The App Groups and Fonts capabilities are not available for Mac Catalyst Developer ID Provisioning profiles. Disable these features and try again.

So, that's progress, I guess. But it still seems Catalyst apps don't support User Installed Fonts. Again, I did this on macOS 10.15.5 and not macOS 11 but I don't imagine that would make any difference.

My workaround for hacking the entitlements file when building for Catalyst should keep working.

0

Answer 6

VabererP OP

Mar ’21

It looks the script doesn't work for me. If I try to remove an app group it shows an error:

Couldn't modify plist, error: No value to remove a key path groupA_DOT_WAS_HEREcomA_DOT_WAS_HEREcompanyA_DOT_WAS_HEREappName

Just to mention, I have two app groups enabled in the entitlement file
I copied the script above and changed the app group:
plutil -remove "group\.com\.company\.appName" "${ENTITLEMENTS_FILE}"

Any suggestions?

0

Answer 7

hacknicity OP

Jun ’22

Xcode 14 update to this issue. It seems that Xcode 14 no longer adds the com.apple.developer.user-fonts entitlement when building for Mac Catalyst. That meant my earlier workaround stopped working because I was asking plutil to remove an entry that wasn't there. This caused plutil to (correctly) return a non-zero exit code. Which breaks my build.

The fix is simple: check that the entitlement is there before trying to remove it:

if [ "${IS_MACCATALYST}" = "YES" ]; then
    ENTITLEMENTS_FILE="${TARGET_TEMP_DIR}/${FULL_PRODUCT_NAME}.xcent"
    
    # Xcode 14 doesn't seem to add this entitlement for Catalyst builds and plutil returns a non-zero exit code if I try to remove it
    if grep -q "com\.apple\.developer\.user-fonts" "${ENTITLEMENTS_FILE}"; then
        echo "Removing com.apple.developer.user-fonts entitlement on Mac Catalyst from ${ENTITLEMENTS_FILE}"
        plutil -remove "com\.apple\.developer\.user-fonts" "${ENTITLEMENTS_FILE}"
    else
        echo "No need to remove com.apple.developer.user-fonts entitlement on Mac Catalyst from ${ENTITLEMENTS_FILE}"
    fi
fi

0