Hello,
I am trying to get an app written in java 11 to work on MacOs. It simply consists on a bash script that runs an executable jar, with some additional resource xml files. Last year, I had manually bundled it into an app folder and succesfully codesigned (without any entitlements) and distributed it outside of the Apple store; it was working then.
Now I am attempting to produce a new version, which is also codesigned successfuly, but when I upload it anywhere, download it again and run it, it cannot write on the configuration files already present within itself (or to be more precise the files in /private/var/folders/ where it is copying itself to, which is read only).
I then tried disable multiple security entitlements (below) but this didn't make a difference.
I would like to know if there is a practical solution to this problem. Although the app itself is not extremely complicated, it is too big to migrate it to work with XCode, which I know would be the proper way to go about this.
Here is how I am codesigning the .app :
codesign --entitlements app.entitlements -f -s "Developer ID Application: (...)" --timestamp --options runtime appFolder/App.app
and here is the contents of my entitlements file (it has been growing gradually as I was looking for solutions):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<false/>
<key>com.apple.security.get-task-allow</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
</dict>
</plist>
Any advice is much appreciated.
Thank you,
Vasco
