Page 1 of 3

CEF Support sandbox on macOS now, what about Mac App Store?

PostPosted: Wed Aug 22, 2018 11:53 am
by sunus
As now in 2018.08, cef supports sandbox(helper process has seatbelt command line arguments)
I can build cefsimple with sandbox on.
Great job by the way!
But how about submit to Mac App Store?
I’ve tweaking with codesign, entitlements for a few days, right now when the helper will crash right after launched.
So , is cef now support to Mac App Store? Or is there any modifications we need to make ?
Thanks !
BTW, i saw some electron apps, nwjs apps are submited to MAS!

Thanks!

Re: CEF Support sandbox on macOS now, what about Mac App Sto

PostPosted: Fri Aug 24, 2018 7:56 am
by sunus
hello ? anyone ?any idea?

Re: CEF Support sandbox on macOS now, what about Mac App Sto

PostPosted: Fri Aug 24, 2018 8:50 am
by Czarek
Mac App Store is for apps and CEF is a framework, or am I missing something? What is your issue?

Re: CEF Support sandbox on macOS now, what about Mac App Sto

PostPosted: Fri Aug 24, 2018 10:29 am
by magreenblatt
App Store acceptance is completely up to Apple. You can try it and see what they say.

Re: CEF Support sandbox on macOS now, what about Mac App Sto

PostPosted: Fri Aug 24, 2018 10:31 pm
by sunus
Czarek wrote:Mac App Store is for apps and CEF is a framework, or am I missing something? What is your issue?

hello, i mean,apps that use cef.

is app that uses cef is able to work fine with apple‘s sandbox?
i am tryinv to do that,but crashes a lot

Re: CEF Support sandbox on macOS now, what about Mac App Sto

PostPosted: Mon Aug 27, 2018 2:50 am
by sunus
magreenblatt wrote:App Store acceptance is completely up to Apple. You can try it and see what they say.


i mean, have u ever tried or heard of any app that use cef is submited to apple store?

Re: CEF Support sandbox on macOS now, what about Mac App Sto

PostPosted: Mon Aug 27, 2018 8:06 am
by Czarek
What is the stack trace of the crash? Does it reproduce with cefclient/cefsimple apps?

Re: CEF Support sandbox on macOS now, what about Mac App Sto

PostPosted: Mon Aug 27, 2018 9:33 am
by sunus
Czarek wrote:What is the stack trace of the crash? Does it reproduce with cefclient/cefsimple apps?



yes.

it need some modifition on cefsimple/cefclient.

Re: CEF Support sandbox on macOS now, what about Mac App Sto

PostPosted: Mon Aug 27, 2018 9:34 am
by sunus
Czarek wrote:What is the stack trace of the crash? Does it reproduce with cefclient/cefsimple apps?

right now, i notice it uses sandbox_init_param to invoke sandbox in cef helper process.
does it compatibility with app sandbox in XCode tab?

Re: CEF Support sandbox on macOS now, what about Mac App Sto

PostPosted: Wed Sep 12, 2018 9:24 am
by hkurra
I am also facing similar issue but reached a step ahead after lots of research.
After signing the helper process with following entitlements, it is no more crashing
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>com.apple.security.app-sandbox</key>
  <true/>
  <key>com.apple.security.inherit</key>
  <true/>
</dict>
</plist>

After this step, helper process is there but main process throwing following error:
[0912/192643.858474:ERROR:mach_port_broker.mm(100)] bootstrap_check_in: Permission denied (1100)

[0912/192643.873311:ERROR:mach_broker_mac.mm(52)] Failed to initialize the MachListenerThreadDelegate.

After digging further I found out, this is something main process and child process are not able to setup IPC communication channel due to insufficient privileges and most of the Chromium-based application like you have already mentioned Electron, Nw.js are mentioning to add App-group entitlements in your main application like below
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>com.apple.security.app-sandbox</key>
  <true/>
  <key>com.apple.security.application-groups</key>
  <string>TeamID.your.app.bundle.id</string>
</dict>
</plist>


Where team ID is available in your app store account or development Certificate but even after doing this step same error is still there.
After further digging, I found this article https://mediaarea.net/blog/2018/02/14/QtWebEngine-MacAppStore
According to this article, we might need to change some code in chromium code base where they have base bundle ID so it seems like we need to build the CEF on our own to fix this error.
I hope @magreenblatt can put more light on this issue.