Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Mac OS app, sandbox with command line tool?

Tags:

I've made an app which includes a command-line tool. I have enabled the app's sandbox, and tested that it works. I've also code-signed both the app and the command line tool.

But when I upload the app to iTunes, I received a email telling me "App sandbox not enabled".

Apparently I need to set entitlement file of key com.apple.security.app-sandbox with true value, and list the executables: /Contents/MacOS/myApp and /contents/Frameworks/x86/myCommandLineTool.

I'm sure I've enabled sandbox in Xcode, so I thought the problem was with the command line tool.

How can I enable sandbox for command line tool? Or is there a specific folder I should put the tool? Any suggestions welcome - I have been troubled by it for several days.

like image 726
dinosaur Avatar asked Aug 06 '12 01:08

dinosaur


People also ask

Does Mac Have Sandbox app?

Overview. The App Sandbox is an access control technology that macOS provides and enforces at the kernel level. The sandbox's primary function is to contain damage to the system and the user's data if the user executes a compromised app.

What is macOS command line tools?

They allow programmers to compile programs and debug them, convert files, and perform a number of tasks for handling the resources required for making applications and other tools. Running the Terminal-based developer tool “make” on a system without the command line tools installed will prompt you to install them.

Where is command line developer tools Mac?

Go to Terminal in /Applications/Utilities/. In the same way when you are downloading new software and apps, a popup update window will appear asking you: “The xcode-select command requires the command line developer tools.


1 Answers

I had the same issue and after some search, trial & error, this is what worked for me:

  1. create an entitlement file - for me it was just com.apple.security.inherit set to YES. I created this file in xcode itself.

  2. Now sign this commandline tool using the command:

    codesign --entitlements ./entitlements.plist -s "copy & paste your certificate from keychain" ./commandlinetool    
  3. Just to be sure, check using this command:

    codesign --display --entitlements - ./commandlinetool    
  4. This tool was already included in the project. So just compile, archive & submit

The status is now 'waiting for review'.

like image 114
jjude Avatar answered Sep 21 '22 08:09

jjude