App is getting crashed after sign the application

Question

SatwinderSingh OP

Created Sep ’24

Replies 2

Boosts 0

Participants 2

PLATFORM AND VERSION macOS Development environment: Other: Python Run-time configuration: macOS 14.6.1

DESCRIPTION OF PROBLEM We have created application using python and created .app using pyInstaller. We want to get the location access using python based application which we are trying to run on MacOS 14.6.1. Without including NSLocationUsageDescription in our info.plist, it is working fine but not getting location permission pop up. After including NSLocationUsageDescription in info.plist application got corrupted.

STEPS TO REPRODUCE We are using below commands to sign the application

codesign --force -s "Developer ID Application: Pitney Bowes (72NX38Y9GF)" -v DeviceHub.app --deep --strict --options=runtime --entitlements ../info.plist DeviceHub.app
ditto -c -k --keepParent --rsrc --sequesterRsrc --arch 'x86_64' DeviceHub.app DeviceHub.zip
xcrun notarytool submit DeviceHub.zip --keychain-profile "DHAgentProfile" --wait
xcrun stapler staple DeviceHub.app

Answered by DTS Engineer in 803079022

There are many concerning things here. To start, using --deep is never a good idea. See --deep Considered Harmful. Rather, you should sign each code item separately, from the inside out. You can find my standard advice for this in Creating distribution-signed code for macOS. However, I recommend that you discuss this with your tools vendor because they may have a well-trodden path that you can follow.

Secondly, --sequesterRsrc is a serious concern. This is never the right option for app distribution. See Extended Attributes and Zip Archives for a bunch of background on that.

In general, your app should not include any extended attributes, and thus this might not cause problems. But if your app does release on them, --sequesterRsrc will definitely put them in the wrong place.

After including NSLocationUsageDescription in Info.plist application got corrupted.

Can you elaborate on the timeline here. Normally one would configure the Info.plist, then build the app, then sign the app. It sounds like you’re changing the Info.plist after you’ve signed the app, and then attempting to re-sign it. That’s a tricky workflow to get right.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Sep ’24

Recommended

There are many concerning things here. To start, using --deep is never a good idea. See --deep Considered Harmful. Rather, you should sign each code item separately, from the inside out. You can find my standard advice for this in Creating distribution-signed code for macOS. However, I recommend that you discuss this with your tools vendor because they may have a well-trodden path that you can follow.

Secondly, --sequesterRsrc is a serious concern. This is never the right option for app distribution. See Extended Attributes and Zip Archives for a bunch of background on that.

In general, your app should not include any extended attributes, and thus this might not cause problems. But if your app does release on them, --sequesterRsrc will definitely put them in the wrong place.

After including NSLocationUsageDescription in Info.plist application got corrupted.

Can you elaborate on the timeline here. Normally one would configure the Info.plist, then build the app, then sign the app. It sounds like you’re changing the Info.plist after you’ve signed the app, and then attempting to re-sign it. That’s a tricky workflow to get right.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

SatwinderSingh OP

Sep ’24

Thanks for your swift response and your suggestion. We need to fix this quickly. We are following the same steps

Creating the info.plist
Build an app
Sign an app

After signing only we are getting mentioned issue in the above thread.

Please let me know if you need any additional info from our side.

Thanks Satwinder Singh

0