I'm trying to build a developer tools app that can run in the app sandbox and execute commands related to working with DSYM files. The app sandbox is a requirement for publishing it to the App Store. I come from the world of iOS so everything is a sandbox to me and this is new territory.
To execute my commands I'm using the Process type to invoke command line.
func execute() throws -> CommandResult {
let task = Process()
let standardOutput = Pipe()
let standardError = Pipe()
task.standardOutput = standardOutput
task.standardError = standardError
task.arguments = ["-c", command]
task.executableURL = URL(fileURLWithPath: "/bin/zsh")
task.standardInput = nil
let outHandle = standardOutput.fileHandleForReading
let errorHandle = standardError.fileHandleForReading
try task.run()
let out1 = outHandle.readDataToEndOfFile()
let out2 = errorHandle.readDataToEndOfFile()
// more code interpreting the pipes
I'm trying to perform the following operations:
-
mdfind to locate DSYMs https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Locate-a-dSYM-using-Spotlight
-
dwarfdump to verify UUIDs https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Match-build-UUIDs
-
atos to symbolicate with the found DYSM file https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Symbolicate-the-crash-report-with-the-command-line
This all works just fine when I run my Mac app without sandboxing, but as one would expect totally fails when App Sandbox is enabled--the sandbox is doing its thing.
Responses like "xcrun cannot be used within an App Sandbox", or simply the output not finding anything because the scope of the process is limited to the sandbox, not where my app DSYM file is.
In my readings on the documentation, where it states that I can create a command line helper tool that gets installed alongside the app sandbox app. "Add a command-line tool to a sandboxed app's Xcode project to the resulting app can run it as a helper tool." https://developer.apple.com/documentation/security/app_sandbox
Is this the right path to take? Or is there a way to still achieve access to xcrun by asking the user to grant access to other parts of the system via dialogue prompts?
I have followed this guide but don't know where to go from here: https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app It leaves off at print("Hello World") and no instructions on how to have your app communicate with the helper from what I could find ... :).
I know, generally speaking, of XPC services and that I have the ability to make them on macOS, unlike iOS (wait maybe 17.4 allows it? https://developer.apple.com/documentation/xpc anyways). Would creating an XPC helper be allowed to execute commands against xcrun or have access to the ~/Library/Developer/Xcode path to find the debug symbols for the purposes of symbolicating a crash report?
I really want to be able to ship my app on the App Store and enable developers to use the tool super easy, but I'm not sure if the App Sandbox will prevent me from achieving what I'm trying to do or not.
Any tips, pointers, samples, guidance is much appreciated!
Would creating an XPC helper [help]?
No. App Review requires that all your executables be sandboxed, so your XPC service would hit the same limitations.
Responses like "xcrun cannot be used within an App Sandbox",
I’ve talked about this before on DevForums, but it’s all a bit fragmented. I decided to collect everything together in a single post: Running Developer Tools from a Sandboxed App.
Regarding the big picture, you wrote:
I'm trying to perform the following operations:
This is going to be a challenge. I’ll address each of the tools you mentioned, albeit out of order (-:
dwarfdump
to verify UUIDs
This is the easiest of the lot. I expect it’ll work, subject to the limitations in Running Developer Tools from a Sandboxed App.
atos
to symbolicate with the found DYSM file
This tool is a lot more complex than dwarfdump
, so I’m a lot less happy to recommend it because of the ‘it might change in the future’ issue discussed in Running Developer Tools from a Sandboxed App.
mdfind
to locate DSYMs
This is problematic. The Spotlight API, and hence mdfind
, will only return hits within your sandbox. You’ll need to find a way to extend your sandbox to include the locations that the user is likely to have their .dSYM
files installed.
Oh, and if you do managed to extend your sandbox appropriately, it’ll probably be easier to calling the Spotlight API yourself rather than running mdfind
.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"