[Development] Getting QtWebEngineProcess.app to run in sandbox after being signed
Adalid Claure
aclaure at gmail.com
Thu May 4 15:11:45 CEST 2017
Yeah, I saw that thread and unfortunately the suggestions there didn't help
me.
I attached a simple app and some other files to this bug I logged:
https://bugreports.qt.io/browse/QTBUG-60443
Thanks for your reply!
On Thu, May 4, 2017 at 8:45 AM, Morten Sørvig <Morten.Sorvig at qt.io> wrote:
> Hi,
>
> Not sure if I can be of much help, but:
>
> - This thread discusses and solves a similar problem:
> https://forum.qt.io/topic/49250/solved-qtwebengineprocess-not-
> working-in-sandboxed-application
>
> - If this could be reduced to a simple sandboxed-app-with-helper-process
> test case (no QtWebEngine usage), that that’s something I could look at,
> and something we could eventually add an autotest for.
>
>
> Morten
>
>
> > On 28 Apr 2017, at 18:49, Adalid Claure <aclaure at gmail.com> wrote:
> >
> > I have a desktop app that I have been trying to get onto the Mac App
> store but I have been having problems getting it to run in sandbox mode.
> For context I am (preferably) using Qt 5.8 running on macOS 10.11.6.
> >
> > The crux seems to be QtWebEngineProcess.app refuses to run after I
> codesign the bundle. As a result, my QtWebEngine component doesn't load. I
> am using this QtWebEngine component as part of my app's UI.
> >
> > When the app starts I see the following errors in Console:
> >
> > kernel[0]: Sandbox: QtWebEngineProce(20764) deny(1) mach-lookup
> org.chromium.Chromium.rohitfork.20763
> > kernel[0]: Sandbox: QtWebEngineProce(20765) deny(1) mach-lookup
> org.chromium.Chromium.rohitfork.20763
> > QtWebEngineProcess[20764]: [0427/071053:ERROR:mach_broker_mac.mm(52)]
> bootstrap_look_up: Permission denied (1100)
> > QtWebEngineProcess[20765]: [0427/071053:ERROR:mach_broker_mac.mm(52)]
> bootstrap_look_up: Permission denied (1100)
> > kernel[0]: Sandbox: QtWebEngineProce(20764) deny(1)
> forbidden-sandbox-reinit
> >
> > My build process is pretty straight forward:
> >
> > 1. Run macdeployqt on the app, using the -appstore-compliant.
> > 2. Sign all of the Qt Frameworks and PlugIns individually with my app's
> entitlement file.
> > 3. Sign QtWebEngineProcess.app with the following entitlements file:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "
> http://www.apple.com/DTDs/PropertyList-1.0.dtd">
> > <plist version="1.0">
> > <dict>
> > <key>com.apple.security.app-sandbox</key>
> > <true/>
> > <key>com.apple.security.inherit</key>
> > <true/>
> > </dict>
> > </plist>
> >
> > 4. Call codesign on the overall MyProgram.app bundle with the
> entitlements file from Step 2.
> >
> > I have tried numerous things all in combination with one another,
> including:
> >
> > a. built QtWebEngine using WEBENGINE_CONFIG+=use_appstore_compliant_code
> (per the notes here: https://doc.qt.io/qt-5/qtwebengine-platform-notes.
> html#mac-app-store-compatibility)
> > b. use macdeployqt's -codesign, even though the binarys have to be
> signed a second time after this in order to apply the entitlements
> > c. sign QtWebEngineProcess.app with CFBundleIdentifier equal to
> 'com.qt-project.Qt.QtWebEngineProcess' and with my own app's bundle ID.
> > d. tried linking with Qt 5.7
> > e. tried linking with Qt 5.6.2 which *did* run but then gets rejected by
> Apple because:
> >
> > -------------------------------
> > Your app uses or references the following non-public API(s):
> >
> > framework: '/System/Library/Frameworks/AppKit.framework/Versions/C/
> AppKit'
> > : NSAccessibilityUnregisterUniqueIdForUIElement
> > : _NSAppendToKillRing
> > : _NSDrawCarbonThemeBezel
> > : _NSDrawCarbonThemeListBox
> > : _NSInitializeKillRing
> > : _NSNewKillRingSequence
> > : _NSPrependToKillRing
> > : _NSSetKillRingToYankedState
> > : _NSYankFromKillRing
> >
> > framework: '/System/Library/Frameworks/ApplicationServices.framework/
> Versions/A/ApplicationServices'
> > : CGSSetDenyWindowServerConnections
> > : CGSShutdownServerConnections
> > : CTFontCopyDefaultCascadeList
> >
> > The use of non-public APIs is not permitted on the App Store as it can
> lead to a poor user experience should these APIs change.
> > -------------------------------
> >
> > I have chronicled a lot of this in this thread here (
> https://forum.qt.io/topic/78518/sandbox-app-for-the-mac-
> app-store-with-qt-5-8-and-qtwebengineprocess) but the problem persists.
> >
> > Does anyone have any suggestions? Does anyone know of any apps on the
> Mac App Store that use QtWebEngine?
> >
> > Thanks.
> > _______________________________________________
> > Development mailing list
> > Development at qt-project.org
> > http://lists.qt-project.org/mailman/listinfo/development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20170504/8bd46310/attachment.html>
More information about the Development
mailing list