After adding com.apple.developer.persistent-content-capture
entitlement the app crashes on macOS 10.13.6 with following crash report
Process: Remote for Mac [20489]
Path: /Applications/Remote for Mac.app/Contents/MacOS/Remote for Mac
Identifier: com.cherpake.macrc.server
Version: ???
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: Remote for Mac [20489]
User ID: 501
Date/Time: 2024-10-09 09:28:35.482 +0300
OS Version: Mac OS X 10.13.6 (17G14042)
Report Version: 12
Anonymous UUID: A2BB761B-2A18-0E9E-2470-21BD6C22E7A8
Time Awake Since Boot: 780000 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXC_CRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x1
kernel messages:
VM Regions Near 0 (cr2):
-->
__TEXT 0000000105bdc000-0000000105cdd000 [ 1028K] r-x/r-x SM=COW
Thread 0 Crashed:
0 ??? 0x00000001099bb19c _dyld_start + 0
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000000 rbx: 0x0000000000000000 rcx: 0x0000000000000000 rdx: 0x0000000000000000
rdi: 0x0000000000000000 rsi: 0x0000000000000000 rbp: 0x0000000000000000 rsp: 0x00007ffeea023c10
r8: 0x0000000000000000 r9: 0x0000000000000000 r10: 0x0000000000000000 r11: 0x0000000000000000
r12: 0x0000000000000000 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000
rip: 0x00000001099bb19c rfl: 0x0000000000000200 cr2: 0x0000000000000000
Logical CPU: 0
Error Code: 0x00000000
Trap Number: 0
Binary Images:
0x105bdc000 - 0x105cdcff7 +??? (0) <AB898262-B28C-3B3E-881C-31A6363FF1F6> (null)
0x1099ba000 - 0x109a04adf +??? (551.5) <CB9BFB56-4511-36F1-A546-891FF770C01C> (null)
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 332075
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=1584K resident=0K(0%) swapped_out_or_unallocated=1584K(100%)
Writable regions: Total=8408K written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=8408K(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= =======
STACK GUARD 56.0M 2
Stack 8192K 2
__DATA 528K 5
__LINKEDIT 268K 4
__TEXT 1328K 3
shared memory 8K 3
=========== ======= =======
TOTAL 66.1M 13
Download link https://dl.cherpake.com/Remote-for-Mac-7962.pkg.zip
Your app has a number of code signing issues that will cause problems. First, the immediate problem you’re seeing is caused by the absence of the App ID entitlement in your main app’s code signature:
% codesign -d --entitlements - "Remote for Mac.app"
Executable=/Users/quinn/Desktop/Remote for Mac.app/Contents/MacOS/Remote for Mac
[Dict]
[Key] com.apple.developer.networking.multicast
[Value]
[Bool] true
[Key] com.apple.developer.persistent-content-capture
[Value]
[Bool] true
[Key] com.apple.security.automation.apple-events
[Value]
[Bool] true
Without this, older systems are unable to match up your app’s profile with its code. See Check for Required Entitlements within Resolving Code Signing Crashes on Launch.
Note That’s part of my Resolving Trusted Execution Problems, which contains answers to all the weird trusted execution problems I’ve encountered over the years.
Beyond that, I see other concerns. Your app contains a bunch of executables:
% find "Remote for Mac.app" -print0 | xargs -0 file | grep executable
Remote for Mac.app/Contents/MacOS/Remote for Mac…
Remote for Mac.app/Contents/MacOS/cewd…
Remote for Mac.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate…
Remote for Mac.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app/Contents/MacOS/Updater…
Remote for Mac.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/Downloader.xpc/Contents/MacOS/Downloader…
Remote for Mac.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/Installer.xpc/Contents/MacOS/Installer…
Remote for Mac.app/Contents/Frameworks/Sparkle.framework/Autoupdate…
All of these are signed with the same entitlements:
% codesign -d --ent - "Remote for Mac.app/Contents/MacOS/cewd"
Executable=/Users/quinn/Desktop/Remote for Mac.app/Contents/MacOS/cewd
[Dict]
[Key] com.apple.developer.networking.multicast
[Value]
[Bool] true
[Key] com.apple.developer.persistent-content-capture
[Value]
[Bool] true
[Key] com.apple.security.automation.apple-events
[Value]
[Bool] true
That’s bad because your app only contains a single provisioning profile:
% find "Remote for Mac.app" -name "embedded.provisionprofile"
Remote for Mac.app/Contents/embedded.provisionprofile
It’s not possible for a single profile to authorise the use of restricted entitlements by all of these executables.
You should decide which executables actually need these restricted entitlements. I suspect, for example, that the Sparkle ones don’t (-: Then change your code signing process such that:
-
Executables are only signed with entitlements they need.
-
If an executable is signed with a restricted entitlement, it has a unique App ID, is signed with that App ID, and has its own embedded profile to authorise the use of that entitlement.
The trickier one here is cewd
. I suspect that it does need com.apple.developer.persistent-content-capture
, but it has no bundle in which to embed the profile. You’ll need to give it an app-like wrapper, per the advice in Signing a daemon with a restricted entitlement.
For more detailed advice on signing issues like this, see:
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"