Manual codesign failed - Illegal instruction: 4

I'm trying to manually codesign a prebuilt binary of SQLite (sqlite3) using the following command:

codesign -s "Mac Developer" --entitlements sqlite3.entitlements sqlite3


However, when I try to run the result sqlite3, I get:

Illegal instruction: 4


What was I doing wrong?

Accepted Reply

There can be a variety of causes for an illegal instruction crash. In the case of code signing it typically means that the code has requested entitlements that aren’t covered by the provisioning profile, but in your case I suspect that you’re running into another snag, namely, that you’re trying to run sandboxed code from Terminal. That won’t work. The App Sandbox is an app sandbox; it does not support command line tools.

Back in your other thread I wrote:

Does your app use the sqlite3 tool directly (sublaunching it via NSTask, for example)?

The reason I asked this is that, once you add the sandbox inheritance entitlement (

com.apple.security.inherit
) to a command line tool, the only way to run that tool is by sublaunching it from your sandboxed app. You can’t run it from Terminal because in that context it has no sandbox to inherit.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

There can be a variety of causes for an illegal instruction crash. In the case of code signing it typically means that the code has requested entitlements that aren’t covered by the provisioning profile, but in your case I suspect that you’re running into another snag, namely, that you’re trying to run sandboxed code from Terminal. That won’t work. The App Sandbox is an app sandbox; it does not support command line tools.

Back in your other thread I wrote:

Does your app use the sqlite3 tool directly (sublaunching it via NSTask, for example)?

The reason I asked this is that, once you add the sandbox inheritance entitlement (

com.apple.security.inherit
) to a command line tool, the only way to run that tool is by sublaunching it from your sandboxed app. You can’t run it from Terminal because in that context it has no sandbox to inherit.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks eskimo! Your last reply solved the last bit of my puzzle.


I want to explain why I asked this question after you replied to my other thread. Actually it's simple and common for a new user and an expert. An expert knows everything and many times he does not know why a new user asks a question; and a new user is always drowned in an expert's answers though he only needs one or two very stupid tips which an expert would always ignore because they are too 'obvious'.


The 'stupid' tips I needed were:


1. The commandline syntax for signing a binary tool. Believe it or not, I spent seveal hours to figure out 'codesign -s --entitlements'.

2. Why I could not run the signed tool, which is obvious to me now. When I first encountered this error, I thought I must have done wrong in codesign process.


BTW, I have submitted my app to App Store and everything works as before.