[Interest] signing webenginewidgets issue

Alexander Carôt alexander_carot at gmx.net
Sat Jun 15 14:23:20 CEST 2024 

P.S.: Nevermind – I simply did not wait long enough for the app to be notarized. The solution for me was to only include this key:

<key>com.apple.security.cs.allow-jit</key><true/>

and then I could sign, notarize and launch.


--
http://www.carot.de
Email : Alexander at Carot.de
Tel.: +49 (0)177 5719797


> Gesendet: Samstag, 15. Juni 2024 um 13:44 Uhr
> Von: "Alexander Carôt via Interest" <interest at qt-project.org>
> An: "qt qt" <interest at qt-project.org>
> Betreff: [Interest] signing webenginewidgets issue
>
> Hello all,
> 
> I just saw an issue when signing and notarizing an app containing a web browser based on webenginewidgets (applies also for the Qt example minibrowser):
> 
> 1.) Codesigning via 
> 
> codesign --options=runtime --deep ./minibrowser.app -s "Developer ID Application: XXX" 
> 
> works fine but breaks the app: Launching minibrowser afterwards makes the webprocess crash.
> 
> 2.) Including the following keys into an entitlements file:
> 
> <key>com.apple.security.cs.allow-jit</key><true/>
> <key>com.apple.security.cs.disable-library-validation</key><true/>
> <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
> <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
> 
> and then signing via 
> 
> codesign --options=runtime --entitlements ./entitlements.xml --deep ./minibrowser.app -s "Developer ID Application: XXX"
> 
> does not lead to the crash anymore and
> 
> codesign --verify --deep --strict --verbose=2 ./minibrowser.app
> 
> tells that all is signed just fine, however, when I package the app as a DMG, load it up to the web, load it down to my desktop and launch it, it tells me that the developer cannot be verified – so it basically tells that it is not signed.
> 
> The same happens when I only include the first key:
> 
> <key>com.apple.security.cs.allow-jit</key><true/>
> 
> but here comes the message that the package cannot be opened because it cannot be checked in terms of malware etc.
> 
> Can anyone help with this ?
> 
> Thanks a lot in advance,
> best
> 
> Alex
> 
> 
> 
> 
> --
> http://www.carot.de
> Email : Alexander at Carot.de
> Tel.: +49 (0)177 5719797
> 
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
>

More information about the Interest mailing list