CEF Support sandbox on macOS now, what about Mac App Store?

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

CEF Support sandbox on macOS now, what about Mac App Store?

Postby sunus » Wed Aug 22, 2018 11:53 am

As now in 2018.08, cef supports sandbox(helper process has seatbelt command line arguments)
I can build cefsimple with sandbox on.
Great job by the way!
But how about submit to Mac App Store?
I’ve tweaking with codesign, entitlements for a few days, right now when the helper will crash right after launched.
So , is cef now support to Mac App Store? Or is there any modifications we need to make ?
Thanks !
BTW, i saw some electron apps, nwjs apps are submited to MAS!

Thanks!
Last edited by sunus on Wed Aug 22, 2018 11:55 pm, edited 1 time in total.
sunus
Newbie
 
Posts: 8
Joined: Mon Jun 26, 2017 7:25 am

Re: CEF Support sandbox on macOS now, what about Mac App Sto

Postby sunus » Fri Aug 24, 2018 7:56 am

hello ? anyone ?any idea?
sunus
Newbie
 
Posts: 8
Joined: Mon Jun 26, 2017 7:25 am

Re: CEF Support sandbox on macOS now, what about Mac App Sto

Postby Czarek » Fri Aug 24, 2018 8:50 am

Mac App Store is for apps and CEF is a framework, or am I missing something? What is your issue?
Maintainer of the CEF Python, PHP Desktop and CEF C API projects. My LinkedIn.
User avatar
Czarek
Virtuoso
 
Posts: 1927
Joined: Sun Nov 06, 2011 2:12 am

Re: CEF Support sandbox on macOS now, what about Mac App Sto

Postby magreenblatt » Fri Aug 24, 2018 10:29 am

App Store acceptance is completely up to Apple. You can try it and see what they say.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: CEF Support sandbox on macOS now, what about Mac App Sto

Postby sunus » Fri Aug 24, 2018 10:31 pm

Czarek wrote:Mac App Store is for apps and CEF is a framework, or am I missing something? What is your issue?

hello, i mean,apps that use cef.

is app that uses cef is able to work fine with apple‘s sandbox?
i am tryinv to do that,but crashes a lot
sunus
Newbie
 
Posts: 8
Joined: Mon Jun 26, 2017 7:25 am

Re: CEF Support sandbox on macOS now, what about Mac App Sto

Postby sunus » Mon Aug 27, 2018 2:50 am

magreenblatt wrote:App Store acceptance is completely up to Apple. You can try it and see what they say.


i mean, have u ever tried or heard of any app that use cef is submited to apple store?
sunus
Newbie
 
Posts: 8
Joined: Mon Jun 26, 2017 7:25 am

Re: CEF Support sandbox on macOS now, what about Mac App Sto

Postby Czarek » Mon Aug 27, 2018 8:06 am

What is the stack trace of the crash? Does it reproduce with cefclient/cefsimple apps?
Maintainer of the CEF Python, PHP Desktop and CEF C API projects. My LinkedIn.
User avatar
Czarek
Virtuoso
 
Posts: 1927
Joined: Sun Nov 06, 2011 2:12 am

Re: CEF Support sandbox on macOS now, what about Mac App Sto

Postby sunus » Mon Aug 27, 2018 9:33 am

Czarek wrote:What is the stack trace of the crash? Does it reproduce with cefclient/cefsimple apps?



yes.

it need some modifition on cefsimple/cefclient.
sunus
Newbie
 
Posts: 8
Joined: Mon Jun 26, 2017 7:25 am

Re: CEF Support sandbox on macOS now, what about Mac App Sto

Postby sunus » Mon Aug 27, 2018 9:34 am

Czarek wrote:What is the stack trace of the crash? Does it reproduce with cefclient/cefsimple apps?

right now, i notice it uses sandbox_init_param to invoke sandbox in cef helper process.
does it compatibility with app sandbox in XCode tab?
sunus
Newbie
 
Posts: 8
Joined: Mon Jun 26, 2017 7:25 am

Re: CEF Support sandbox on macOS now, what about Mac App Sto

Postby hkurra » Wed Sep 12, 2018 9:24 am

I am also facing similar issue but reached a step ahead after lots of research.
After signing the helper process with following entitlements, it is no more crashing
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>com.apple.security.app-sandbox</key>
  <true/>
  <key>com.apple.security.inherit</key>
  <true/>
</dict>
</plist>

After this step, helper process is there but main process throwing following error:
[0912/192643.858474:ERROR:mach_port_broker.mm(100)] bootstrap_check_in: Permission denied (1100)

[0912/192643.873311:ERROR:mach_broker_mac.mm(52)] Failed to initialize the MachListenerThreadDelegate.

After digging further I found out, this is something main process and child process are not able to setup IPC communication channel due to insufficient privileges and most of the Chromium-based application like you have already mentioned Electron, Nw.js are mentioning to add App-group entitlements in your main application like below
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>com.apple.security.app-sandbox</key>
  <true/>
  <key>com.apple.security.application-groups</key>
  <string>TeamID.your.app.bundle.id</string>
</dict>
</plist>


Where team ID is available in your app store account or development Certificate but even after doing this step same error is still there.
After further digging, I found this article https://mediaarea.net/blog/2018/02/14/QtWebEngine-MacAppStore
According to this article, we might need to change some code in chromium code base where they have base bundle ID so it seems like we need to build the CEF on our own to fix this error.
I hope @magreenblatt can put more light on this issue.
hkurra
Techie
 
Posts: 22
Joined: Wed Jun 21, 2017 8:13 am

Next

Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 31 guests