From aclaure at gmail.com Thu Apr 27 23:13:18 2017 From: aclaure at gmail.com (Adalid Claure) Date: Thu, 27 Apr 2017 17:13:18 -0400 Subject: [Qtwebengine] Getting QtWebEngineProcess.app to run in sandbox after being signed Message-ID: I have a desktop app that I have been trying to get onto the Mac App store but I have been having problems getting it to run in sandbox mode. For context I am (preferrably) using Qt 5.8 running on macOS 10.11.6. The crux seems to be QtWebEngineProcess.app refuses to run after I codesign the bundle. As a result, my QtWebEngine component doesn't load. I am using this QtWebEngine component as part of my app's UI. When the app starts I see the following errors in Console: kernel[0]: Sandbox: QtWebEngineProce(20764) deny(1) mach-lookup org.chromium.Chromium.rohitfork.20763 kernel[0]: Sandbox: QtWebEngineProce(20765) deny(1) mach-lookup org.chromium.Chromium.rohitfork.20763 QtWebEngineProcess[20764]: [0427/071053:ERROR:mach_broker_mac.mm(52)] bootstrap_look_up: Permission denied (1100) QtWebEngineProcess[20765]: [0427/071053:ERROR:mach_broker_mac.mm(52)] bootstrap_look_up: Permission denied (1100) kernel[0]: Sandbox: QtWebEngineProce(20764) deny(1) forbidden-sandbox-reinit My build process is pretty straight forward: 1. Run macdeployqt on the app, using the -appstore-compliant. 2. Sign all of the Qt Frameworks and PlugIns individually with my app's entitlement file. 3. Sign QtWebEngineProcess.app with the following entitlements file: com.apple.security.app-sandbox com.apple.security.inherit 4. Call codesign on the overall MyProgram.app bundle with the entitlements file from Step 2. I have tried numerous things all in combination with one another, including: a. built QtWebEngine using WEBENGINE_CONFIG+=use_appstore_compliant_code (per the notes here: https://doc.qt.io/qt-5/qtwebengine-platform-notes.html#mac-app-store-compatibility ) b. use macdeployqt's -codesign, even though the binarys have to be signed a second time after this in order to apply the entitlements c. sign QtWebEngineProcess.app with CFBundleIdentifier equal to 'com.qt-project.Qt.QtWebEngineProcess' and with my own app's bundle ID. d. tried linking with Qt 5.7 e. tried linking with Qt 5.6.2 which *did* run but then gets rejected by Apple because: ------------------------------- Your app uses or references the following non-public API(s): framework: '/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit' : NSAccessibilityUnregisterUniqueIdForUIElement : _NSAppendToKillRing : _NSDrawCarbonThemeBezel : _NSDrawCarbonThemeListBox : _NSInitializeKillRing : _NSNewKillRingSequence : _NSPrependToKillRing : _NSSetKillRingToYankedState : _NSYankFromKillRing framework: '/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices' : CGSSetDenyWindowServerConnections : CGSShutdownServerConnections : CTFontCopyDefaultCascadeList The use of non-public APIs is not permitted on the App Store as it can lead to a poor user experience should these APIs change. ------------------------------- I have chronicled a lot of this in this thread here ( https://forum.qt.io/topic/78518/sandbox-app-for-the-mac-app-store-with-qt-5-8-and-qtwebengineprocess) but the problem persists. Does anyone have any suggestions? Does anyone know of any apps on the Mac App Store that use QtWebEngine? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: