How embed sqlite3 binary into my app?

Does your app use the

sqlite3

tool directly (sublaunching it via NSTask, for example)? If so, you should sandbox the tool and set the

com.apple.security.inherit

entitlement. That will cause the tool to inherit its entitlements from your app, which is probably what the want and will make App Review happy.

The only fly in that ointment is if you also want the user to be able to run the

sqlite3

tool from Terminal. In that case

com.apple.security.inherit

causes problems because there’s no app sandbox to inherit from. If that’s the case, please post back explaining the expected use cases for this

sqlite3

tool.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I am in the first case - the sqlite3 binary is only called by my app via a BASH script by using NSTask .

Another problem is I don't quite understand how to 'sandbox the tool and set

com.apple.security.inherit

entitlement'. The sqlite3 binary is a plain console program, how to entitle it?

I am in the first case - the sqlite3 binary is only called by my app via a BASH script by using NSTask .

OK, that’s actually good news, in that there is a well understood, albeit a little complex, solution.

The sqlite3 binary is a plain console program, how to entitle it?

Last I checked Xcode does not display it’s user friendly code signing interface for command line tools. You will have to set up code signing via the build settings, specifically:

• Code Signing Entitlements (

  CODE_SIGN_IDENTITY

  )

• Code Signing Identity (

  CODE_SIGN_ENTITLEMENTS

  )

IMPORTANT When you set up the Copy Files build phase to copy your tool into your app, make sure you copy it to the ‘executables’ directory (

Contents/MacOS

). See the Nested Code section in Technote 2206 OS X Code Signing In Depth for details.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for your reply. But I'm still not able to grasp anything.

First, CODE_SIGN_IDENTITY and CODE_SIGN_ENTITLEMENTS is already there because I think when I select Team profile in Build Settings they are done automatically by Xcode. And moreover, the app has been submitted to App Store, I think there should be no mistake about this.

Second, I still do not know how to entitle the sqlite3 console binary. In your first reply, "If so, you should sandbox the tool and set the

com.apple.security.inherit

entitlement." I think maybe I should create an app bundle from source of sqlite3 and this way I will be able to add entitlements, but it is an overkill. According to your reply, I guess it must be an easy way (via configuration).

Is it possible for you to take some trouble to list detailed procedures on how to do this?

Great thanks for your detailed reply.

But I'm really sorry to say that I'm still not able to get it working. What is the type of MyTool target? Should it be a "Command Line Tool", or "Cocoa Application", or a Bundle? I tried to build the target with SQLITE3 source code with all of the above 3 types, but to no avail.

I'm not sure if I asked my question properly. Suppose I only have the binary (already compiled) sqlite3, is it possible to sandbox it?

What is the type of MyTool target?

Command Line Tool

Suppose I only have the binary (already compiled) sqlite3, is it possible to sandbox it?

Yes, but the process becomes more complex because Xcode’s code signing infrastructure works best when building things from source.

At this point I’m going to recommend that you open a DTS tech support incident so that you can get one-on-one help from one of our tools experts.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for your time and patience. I'll try it again, maybe I made some rudimentary mistakes when following your steps.