Hi forum!
I'm a n00b in apple development, so I apologise in advance if something is very wrong.
I have a python app for MacOS that I am deploying with pyinstaller (thus I am NOT using Xcode). The app is to be deployed through github not through the app store. I could sign it and notarize it and it works. However, the app needs to run some external unsigned code (like a plugin). The hardened runtime blocks that, so I need to add entitlements. I've done it as it's explained in many other places with codesign. It seems to work but when I run the app, it crashes immediately with EXC_CRASH (Code signature invalid). The crash doesn't happen unless I add the entitlements.
Now my questions: how do I make my situation work? Do I need a provisioning profile? The entitlements I am trying to add (hardened runtime-related) are not restricted AFAIK, so I don't think I do?
If I need a provisioning profile, how can I add it to the app after it's bundled with pyinstaller?
Thank you so much!
Francesco
and my
entitlements.plistis the following:
Literally? If so, the problem is that your com.apple.security.cs.disable-library-validation key has a leading newline. Your property list should look like this:
% cat test.entitlements
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>
This is one example of a whole class of problems that cause ongoing grief for developers. I’ve used this thread as a reminder to add it to my Resolving Code Signing Crashes on Launch post. Check out the shiny new Normalise the Entitlements Property List section.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
