I am trying to turn on OSX code signing and app sandboxing, as I would to submit an app to the Mac App Store. I have things kind of working, but the information I've been able to find on the forums and wiki is a little confusing. I'm using the CEF 1750 binary distribution, Xcode 5, OSX 10.9, and working with the cefsimple demo.
In my .entitlements file I enabled App Sandbox and Outgoing Connections (network.client). I code sign the main app with my Developer ID via the usual Xcode settings, and sign everything else in a Run Script build phase, after building the additional helpers:
- Code: Select all
codesign -f -s 'Developer ID:*' "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/Contents/Frameworks/Chromium Embedded Framework.framework"
codesign -f -s 'Developer ID:*' "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/Contents/Frameworks/libplugin_carbon_interpose.dylib"
codesign -f -s 'Developer ID:*' "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/Contents/Frameworks/${PRODUCT_NAME} Helper.app"
codesign -f -s 'Developer ID:*' "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/Contents/Frameworks/${PRODUCT_NAME} Helper EH.app"
codesign -f -s 'Developer ID:*' "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/Contents/Frameworks/${PRODUCT_NAME} Helper NP.app"
With this setup, the app crashes until I set
- Code: Select all
settings.no_sandbox = YES;
So…am I going about this the right way? If so, there are some strange sandboxing warnings shown in the console at runtime, but I'll wait to ask about those until I know I'm doing things right. Thanks so much for any help or advice!