I created a simple Finder Sync (FinderSync) extension (appex) and it comes by default with App Sandbox ON (in .entitlements com.apple.security.app-sandbox true).
Everything works fine but I need to access a specific folder on the macOS via this extension and I cannot do that with the Sandbox on.
I disabled the sandbox but the extension is not loaded anymore in Finder.
Any thoughts on this? Any workarounds?
Finder Sync extensions must be sandboxed. I couldn't find this requirement explicitly documented anywhere, but the following error appears in your system log if it's not sandboxed:
pkd[255]: ignoring mis-configured plug-in at /Applications/Liferay\ Sync.app/Contents/PlugIns/LiferayFinderSync.appex: plug-ins must be sandboxed
If you need to access a folder outside your application's container, you can use temporary exception entitlements like "com.apple.security.temporary-exception.files.home-relative-path.read-only". Note that apps submitted to the Mac App Store using these entitlements will likely be rejected.
Related
I'm working on an Electron app, with Finder Sync extension.
When application is code-signed, but not notarized, everything works excelent. When I add the notarization process, no errors or warnings are shown during the process, but the extension does not start at all.
What exaclty are the requirements, when distributing extensions within app, so that the extension works after notarization?
What I have done/tried so far:
- The .appex file is added to the PlugIns folder in build process
- Tried code-signing the .appex before the build, then notarizing, but extexsion still does not start.
- Tried force code-signing it in the build process.
- Even tried not signing it at ll -> Notarization passed with no issues. Still .appex not running.
- Hardened runtime is enabled.
Questions:
- What actually should be the extension AppID? Apple documentation for Finder Sync Extension says "Be sure to use the same identifier for both the Finder Sync extension and the containing app" but in a notarization document it said they should be the same?
- Is it the fact that I'm not adding app group that's breaking it? When not notarized, this does not seem to be a problem.
Thanks in advance.
current I am using some applescripts to the commands in mac machine.is apple allow applescripts in reviewing process or I have to look on alternatives but applescripts is working fine as for my requiremnts
Yes. Apple allows AppleScript in the Mac OS app development. You just need to add sandboxing in side your project and list all the app for you are using in AppleScript inside your apps entitlements file.
If you not added any entitlements then it will not allowed by apple. Try your app in sandboxing mode and you can see AppleScript not working because of no entitlements added for app.
Note : Some of the app not allowed to access using AppleScript. You app will be rejected by apple review team
To use AppleScript:
ON App sandbox in project.
Add all entitlements required for AppleScript access.
(Only If you wish to deploy through Mac App Store)
Few things before starting your work I suggests that you should go through this links in order to be sure that after your hard work you get want to want.
Determine Whether Your App Is Suitable for Sandboxing
Enabling App Sandbox
App Sandbox Temporary Exception Entitlements
Apple script doesn't work in Sandbox (As far as I know)
Your app should have a temporary exception (Doc mentions it)
Determine Whether Your App Is Suitable for Sandboxing
Sending Apple events to arbitrary apps With App Sandbox, you can
receive Apple events and respond to Apple events, but you cannot send
Apple events to arbitrary apps.
However, for applications that specifically provide scripting access
groups, you can send appropriate Apple events to those apps if your
app includes a scripting targets entitlement.
For other applications, by using a temporary exception entitlement,
you can enable the sending of Apple events to a list of specific apps
that you specify, as described in Entitlement Key Reference.
Finally, your app can use the subclasses of NSUserScriptTask class to
run user-provided AppleScript scripts out of a special directory,
NSApplicationScriptsDirectory (~/Library/Application
Scripts/code-signing-identifier/). Although your app can read files
within this directory, it cannot write files into this directory; the
user must manually place scripts here. For details, see the
documentation for NSUserScriptTask and WWDC 2012: Secure Automation
Techniques in OS X.
A complimentary
A Strategy for UI Scripting in AppleScript
Scripting from a Sandbox
I am having trouble with submitting an app via the application loader.
I have written the app with Corona SDK. It is already available on Google Play but XCode is giving me errors...
During development, I have been testing the app on my personal iPhone with a developers provisioning profile from my private account. Now I want to publish it with the company profile. But I can't.
The errors I receive vary. If I build for Device, and click on the popupped "would you like to upload to appstore?" I get this Error:
This app containts an embedded provisioning profile that is not associated with your account. Please use a provisioning profile associated with Team ID *****
If I instead build for Xcode Simulator and try and upload that zip file instead I get these errors:
The Coderesources file is missing and it must me a symbolic _CodeSignature/CodeResources. Make certain that the bundle is on a locally-mounted volume (not a remote SMB volume) and be certain to use the mac os x finder to compress it.
Iphone Ipod Touch: application executable contains unsopported architecture(s): i386
Unable to extract codesigning entitlements from your application. Please make sure myAPP is a valid Mach executable that's properly codesigned.
I have been trying to make new profiles and certificates all weekend, but thats hasn't helped.
My question is Which errors should I try to fix? If theses errors only appear on different builds?
Is there any good templates for Build.Settings so that i can know for sure that its not my settings file thats corrupt?
Thank you for your time.
Are you specifying your BundleID in build.settings? If so, do you need to? If not, take it out. If so and you have the actual app ID in there try removing it so it's just com.appname.yourname as you specified in iTunes Connect when creating your provisioning profile.
I'm a newbie at mac osx development. I would like to know if there's any way to override the mac desktop security settings to allow an application - which is not registered in the Mac App Store, to be installed?
The setting should come from the app that I'm trying to install. That means, whenever I install the app to any mac computer, regardless of its security settings as the following,
Allow applications downloaded from:
Mac App Store
Mac App Store and identified developers
Anywhere
The app should set the settings to Anywhere, allowing it to be installed.
Any help would be very much appreciated.
Launch System Preferences from the Apple menu.
Choose “Security & Privacy” and then click the “General” tab, followed by clicking the lock icon in the corner to unlock the settings.
Look for “Allow applications downloaded from:” and choose “Anywhere”.
Accept the security warning and allow.
Note that you should be careful and aware that now the job of protecting the system from malicious apps belongs to you instead of the OS.
Right click the (app) icon and click 'open' in contextual menu - no need to disable the OS security.
This is not possible. The existence of that setting is intended to protect users from malicious executables. If there were a way for any arbitrary executable to override that setting, what protection would it offer? Malicious executables would simply change the setting to "Anywhere" like you suggest, bypassing the security features of Mac OS X.
You need to sign your application using a Mac Developer certificate, which you can obtain from Apple. That will mark your app as built by an "identified developer" and it will launch just fine without changing any settings.
Control Click the app icon to override this security feature. This is a one off, you don't have to change your settings, you can do it per-app.
There is one other way...
All you have to do to do it manually is to open up Terminal, cd into the .app application, cd into the Contents folder, then cd into the MacOS folder, then type ./YourAppNameHere and execute by typing Enter.
I'm using NSUserDefaults to save some data in my application. Where can I find the file where my data is stored during development? It's a normal cocoa app (so no ios/iphone!)
Once it's deployed, it should be available in Library/Preferences/appname.plist, right? But where can I find it while I'm still working on the application?
There is no difference between "development" and "deployment". NSUserDefaults doesn't know whether you did a debug or release build. The location should be ~/Library/Preferences/yourAppIdentifier.plist no matter what.
If you are seeing a difference between development and deployment builds, maybe check the bundle identifier (CFBundleIdentifier) in your app's Info.plist.
Also: if your app is sandboxed, your prefs will end up in the sandbox: ~/Library/Containers/yourAppIdentifier/Data/Library/Preferences/yourAppIdentifier.plist. The documentation claims that the system automatically moves your old preferences file into the sandbox, if necessary, on the first launch of the sandboxed version of the app.