Mac OS Sandbox: Launching main application from helper - macos

I have create in sandbox, an app which use a helper to start at login, as presented here.
It works ok, but the next messages are logged in the console:
lsboxd[1560]: Not allowing process 15208 to launch "/Applications/SandboxApp.app/Contents/Library/LoginItems/SandboxHelper.app" because it has not been launched previously by the user
lsboxd[1560]: Not allowing process 15208 to register app "/Applications/SandboxApp.app/Contents/Library/LoginItems/SandboxHelper.app" for launch.
I see that this messages are about the helper, but I don't know what to do, to prevent them.
My only concern is that Apple may reject the app because of this messages.
Is someone who prevent the raise of those sandbox messages, or is someone who sent an app, which raise sandbox messages, to Apple and was accepted on Appstore?

See http://blog.timschroeder.net/2012/07/03/the-launch-at-login-sandbox-project/ - according to this it is a code-signing issue that probably won't be an issue with the AppStore build as the AppStore build gets resigned.

This should work in the final build. According to Apple Documentation (Section “Launching Helpers with Launch Services”):
Launching Helpers with Launch Services
A sandboxed app is allowed to
launch a helper using Launch Services if at least one of these
conditions has been met:
Both the app and helper pass the Gatekeeper assessment. By default
that means both are signed by the Mac App Store or with a Developer
ID. Note: This does not include your development ("Mac Developer") or
distribution ("3rd Party Mac Developer Application") signing
identities.
The app is installed in /Applications and the app bundle
and all contents are owned by root.
The helper has been (manually) run
at least once by the user.
The first and/or second one should cover your case when your app was installed through the Mac App Store.

Related

can we use Applescript in mac development

current I am using some applescripts to the commands in mac machine.is apple allow applescripts in reviewing process or I have to look on alternatives but applescripts is working fine as for my requiremnts
Yes. Apple allows AppleScript in the Mac OS app development. You just need to add sandboxing in side your project and list all the app for you are using in AppleScript inside your apps entitlements file.
If you not added any entitlements then it will not allowed by apple. Try your app in sandboxing mode and you can see AppleScript not working because of no entitlements added for app.
Note : Some of the app not allowed to access using AppleScript. You app will be rejected by apple review team
To use AppleScript:
ON App sandbox in project.
Add all entitlements required for AppleScript access.
(Only If you wish to deploy through Mac App Store)
Few things before starting your work I suggests that you should go through this links in order to be sure that after your hard work you get want to want.
Determine Whether Your App Is Suitable for Sandboxing
Enabling App Sandbox
App Sandbox Temporary Exception Entitlements
Apple script doesn't work in Sandbox (As far as I know)
Your app should have a temporary exception (Doc mentions it)
Determine Whether Your App Is Suitable for Sandboxing
Sending Apple events to arbitrary apps With App Sandbox, you can
receive Apple events and respond to Apple events, but you cannot send
Apple events to arbitrary apps.
However, for applications that specifically provide scripting access
groups, you can send appropriate Apple events to those apps if your
app includes a scripting targets entitlement.
For other applications, by using a temporary exception entitlement,
you can enable the sending of Apple events to a list of specific apps
that you specify, as described in Entitlement Key Reference.
Finally, your app can use the subclasses of NSUserScriptTask class to
run user-provided AppleScript scripts out of a special directory,
NSApplicationScriptsDirectory (~/Library/Application
Scripts/code-signing-identifier/). Although your app can read files
within this directory, it cannot write files into this directory; the
user must manually place scripts here. For details, see the
documentation for NSUserScriptTask and WWDC 2012: Secure Automation
Techniques in OS X.
A complimentary
A Strategy for UI Scripting in AppleScript
Scripting from a Sandbox

Can I use In-App-Purchases when distributing outside of Apple's App Store?

I'm new to mac os app development and the documentation doesn't ever say that this is not supported (as far as I could tell).
Can I use IAPs if I don't submit to the App Store?
Is there anything different that I should do to setup IAPs when distributing outside of the App Store?
It looks like this is not possible, as documented here:
https://developer.apple.com/macos/distribution/
Only iCloud and Push Notifications are available.
I think its possible by following instructions below.
Go to itunesConnect , Users and Roles, Create a sandbox user . I am thinking you have already made the in app purchase items in your app in itunes connect. Now in your device log out the Appstore ID from settings. Do the in app purchase using the Test user credentials you created, and it will make the in app using a sandbox environment.
For more info about In App follow this link :
https://www.raywenderlich.com/122144/in-app-purchase-tutorial

signed electron app shell.openItem() fails

I want my Electron app could open *.txt-files (generated by my app) with system default application (default text editor).
I use shell.openItem(path) to perform it - and it worked fine... until I've packed (mas) and signed the app. I suppose I have to add some entitlements when signing, but already tried bunch of them without success :(
Could anyone give me a hand with that?
Unfortunately Electron disables the shell.openItem() API in Mac App Store builds. From their signing guide:
[shell.openItem()] will fail when the app is signed for distribution in the Mac App Store. Subscribe to #9005 for updates.
However, there is a work-around that will enable you to have the same functionality:
shell.openExternal('file://' + myFilePath);
This approach is also confirmed to pass the Apple Store Reviews (see here).

Distributing Apps Outside the Mac App Store crash with Code Signature Invalid error

I have a Mac App for OS X 10.10 that I am trying to create a working release build.
Not for the Mac App store "Distributing Apps Outside the Mac App
Store"
Uses "Developer ID Application" for the release code signing. Things look good in my App dev account
Created an OSX APP ID com.blah.app
Can create and verify an Archive successfully
sudo spctl --assess --verbose=4 Name.App, looks good "Name.App : accepted
source=Developer ID"
Read thru Apple "Distributing Apps Outside the Mac App Store"
Needs to be OS X 10.10 due to customer requirements
Read through everything I can find on stack overflow regarding this
matter
Can build and release iOS without a second thought, but this is my
first Mac App
I run the App and in the console I see "EXC_CRASH (Code Signature Invalid)"
Stumped ...
Gatekeeper
Macs have a "gatekeeper" feature that can be set in 3 modes in System Preferences > Security & Privacy > General > "Allow apps downloaded from:".
Which is your test system set to ?
Since you're signing using a Developer ID, it needs to be set to the 2nd or 3rd option (not just allowing the App store). [2nd option is the default on freshly installed machines]
Build for distribution outside of the app store
Builds that you create for submission to the App store cannot be run by everybody. One needs to build it specifically for that.
To quote https://developer.apple.com/library/mac/qa/qa1884/_index.html :
[...] use Xcode Organizer > Export > Export a Developer ID-signed Application. Developer ID-signed apps can be run by anyone. However, code that uses technologies only available to Mac App Store apps, such as receipt validation, iCloud, and push notifications, will not work if your app is Developer ID-signed. You might need to temporarily disable those parts of your app if you opt for the Developer ID testing approach
There was an error in the selected capabilities (red) that wasn't stopping the build, "Key chain sharing" in this case. Turned off as I didn't need it and everything works as expected

Create OS X Today Extension without containing app

On the Apple Developer website it states:
To deliver an OS X app extension, it’s recommended that you submit
your containing app to the App Store, but it’s not required.
However, to make a Today Extension from what I understand: I must create a Cocoa OS X application then add a "Today Extension" as a target. However, I do not want/need this main containing app. All I need is the extension.
So, how do I create an extension without a containing app? Even though technically I need to develop the containing app to create an extension target.
I think you are misreading this: what they are saying is that an OS X app extension may be distributed OUTSIDE the app store - if you continue reading, you will see the following:
If you distribute an OS X app extension outside of the Mac App Store, Gatekeeper prevents the extension from running until the user opens and approves the containing app. Further, if you code sign with a certificate other than your Developer ID, users must explicitly override Gatekeeper to open the containing app to make your extension available.
All extensions, at this writing, must be part of a container app and Apple devotes a large number of pages describing how, why, etc. My understanding (and work on extensions) is that all extensions must be part of a containing application. If there is a way to do so without the container app, Apple has not indicated it.

Resources