macOS, CEF, and notarization

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Re: macOS, CEF, and notarization

Postby magreenblatt » Fri Jul 26, 2019 3:07 pm

It doesn’t look like you specified any entitlements when codesigning. Look at the Chromium issue for an idea of what’s required.
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

Re: macOS, CEF, and notarization

Postby mic » Fri Jul 26, 2019 5:12 pm

Indeed, I did not specify any entitlements when codesigning, since I had no idea any were required. That information can really only come from CEF or Chromium. After scouring the Chromium issue and the files referenced by it, my best guess as to the entitlements required are:

For the browser app:
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>com.apple.security.device.audio-input</key>
   <true/>
   <key>com.apple.security.device.bluetooth</key>
   <true/>
   <key>com.apple.security.device.camera</key>
   <true/>
   <key>com.apple.security.device.print</key>
   <true/>
   <key>com.apple.security.device.usb</key>
   <true/>
</dict>
</plist>


For the helper app:
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
   <true/>
   <key>com.apple.security.cs.disable-library-validation</key>
   <true/>
   <key>com.apple.security.cs.allow-jit</key>
   <true/>
</dict>
</plist>


If I create the files entitlements-browser.plist and entitlements-helper.plist with the above contents, then resign the helper and main app like this:

Code: Select all
codesign --force --options runtime --entitlements "entitlements-helper.plist" --sign "Developer ID Application: <name>" --timestamp --verbose "cefsimple Helper.app"

codesign --verify --deep --strict --verbose=2 "cefsimple Helper.app"

spctl --assess -vvvv --type execute "cefsimple Helper.app"

codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: <name>" --timestamp --verbose "cefsimple.app"

codesign --verify --deep --strict --verbose=2 "cefsimple.app"

spctl --assess -vvvv --type execute "cefsimple.app"


Then the helper app crash no longer occurs, and the result can be notarized. I conclude that this is the way to codesign CEF apps that need to be notarized, at least for now. Presumably at some point the Chromium changes will be picked up by CEF, and the macOS build process for the demo apps can then be used as a reference.

Thanks for your help.
mic
Mentor
 
Posts: 82
Joined: Fri Jan 29, 2016 12:59 pm

Re: macOS, CEF, and notarization

Postby magreenblatt » Fri Jul 26, 2019 9:12 pm

Right, well done. The number of required entitlements will decrease over time as we update to newer Chromium versions and pick up the required fixes.
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

Re: macOS, CEF, and notarization

Postby magreenblatt » Tue Aug 06, 2019 2:45 pm

I've filed issue #2744 to add documentation for code signing.
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

Re: macOS, CEF, and notarization

Postby leetb » Wed Aug 07, 2019 4:14 am

1.The cef_binary_75.1.8+g84fed5d+chromium-75.0.3770.100_macosx64 version
2. Run the cefsimple and cefsimple_Helper
3. open the App sandbox and add cefsimple.entitlements and cefsimple Helper.entitlements to the project
4.Run the command above.
5. Run the cefsimple.app and crash.
6. Xcode 10.3

log:
Process: cefsimple [14051]
Path: /Users/USER/Downloads/*/cefsimple.app/Contents/MacOS/cefsimple
Identifier: org.cef.cefsimple
Version: 1.0
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: cefsimple [14051]
User ID: 501

Date/Time: 2019-08-07 16:59:24.457 +0800
OS Version: Mac OS X 10.14.4 (18E226)
Report Version: 12
Bridge OS Version: 3.4 (16P4507)
Anonymous UUID: 6077D1E8-C2BE-5101-B7DD-3E3B137A5652


Time Awake Since Boot: 27000 seconds

System Integrity Protection: enabled

Crashed Thread: 18 ThreadPoolSingleThreadForegroundBlocking0

Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000002, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Signal: Trace/BPT trap: 5
Termination Reason: Namespace SIGNAL, Code 0x5
Terminating Process: exc handler [14051]

Thread 0:: CrBrowserMain Dispatch queue: com.apple.main-thread
0 dyld 0x000000010be3d03e dyld::notifyBatchPartial(dyld_image_states, bool, char const* (*)(dyld_image_states, unsigned int, dyld_image_info const*), bool, bool) + 226
1 dyld 0x000000010be4ae11 ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 85
2 dyld 0x000000010be3dcb2 dyld::runInitializers(ImageLoader*) + 82
3 dyld 0x000000010be473dc dlopen_internal + 607
4 libdyld.dylib 0x00007fff6eb00d43 dlopen + 200
5 com.apple.vImage 0x00007fff3eaf02f1 InitCGInterfaces + 49
6 libdispatch.dylib 0x00007fff6eac863d _dispatch_client_callout + 8
7 libdispatch.dylib 0x00007fff6eac9d4c _dispatch_once_callout + 20
8 com.apple.vImage 0x00007fff3eaf02b0 LoadCGInterfaces + 48
9 com.apple.vImage 0x00007fff3eaef9e8 vImageConverter_CreateWithColorSyncCodeFragment + 72
10 com.apple.CoreGraphics 0x00007fff42ab6453 CGvImageConverterInitializeShared + 516
11 com.apple.CoreGraphics 0x00007fff42ab5c47 CGvImageConverterCacheGetRetained + 877
12 com.apple.CoreGraphics 0x00007fff42ab5894 CGCMSConverterCreateCachedCGvImageConverter + 76
13 com.apple.CoreGraphics 0x00007fff42ab57a1 convert_using_vImageConverter + 393
14 com.apple.CoreGraphics 0x00007fff42ab55f2 convert_icc + 46
15 com.apple.CoreGraphics 0x00007fff42ab55af CGCMSConverterConvert + 113
16 com.apple.CoreGraphics 0x00007fff42ab54ab CGCMSConverterConvertColorComponents + 598
17 com.apple.CoreGraphics 0x00007fff42ab3da6 CGColorTransformConvertColorComponents + 573
18 com.apple.CoreGraphics 0x00007fff42ac3468 ripc_GetColor + 1596
19 com.apple.CoreGraphics 0x00007fff42ac24ad ripc_Render + 156
20 com.apple.CoreGraphics 0x00007fff42abf56b ripc_DrawRects + 354
21 com.apple.CoreGraphics 0x00007fff42abf37a CGContextFillRects + 96
22 com.apple.CoreGraphics 0x00007fff42abf313 CGContextFillRect + 105
23 com.apple.coreui 0x00007fff57268590 -[CUIShapeEffectStack newColorByProcessingColor:] + 470
24 com.apple.coreui 0x00007fff572409e2 CUICoreThemeRenderer::CopyCustomColorCore(__CFString const*, __CFDictionary const*) const + 574
25 com.apple.coreui 0x00007fff57240768 CUICopyCustomColorWithOptions + 236
26 com.apple.AppKit 0x00007fff3fd12b74 __44-[NSAppearance _copyCustomCGColor:withTint:]_block_invoke + 24
27 com.apple.AppKit 0x00007fff3fd37fcb -[NSCompositeAppearance _callCoreUIWithBlock:options:] + 363
28 com.apple.AppKit 0x00007fff3fd12b09 -[NSAppearance _copyCustomCGColor:withTint:] + 221
29 com.apple.AppKit 0x00007fff3fd129f4 -[NSAppearance _customColor:withTint:] + 20
30 com.apple.AppKit 0x00007fff3fefb402 -[NSDynamicModifiedColor resolvedColor] + 197
31 com.apple.AppKit 0x00007fff3fefb022 -[NSDynamicNamedColor colorUsingColorSpace:] + 30
32 com.apple.AppKit 0x00007fff3fefb068 -[NSDynamicNamedColor colorUsingColorSpace:] + 100
33 org.chromium.ContentShell.framework 0x0000000104b5c4ad 0x1030d6000 + 27813037
34 org.chromium.ContentShell.framework 0x0000000104b5bdb9 0x1030d6000 + 27811257
35 org.chromium.ContentShell.framework 0x0000000104b5ba29 0x1030d6000 + 27810345
36 org.chromium.ContentShell.framework 0x0000000104b5b902 0x1030d6000 + 27810050
37 org.chromium.ContentShell.framework 0x0000000104704e3a 0x1030d6000 + 23260730
38 org.chromium.ContentShell.framework 0x0000000104b4dbd7 0x1030d6000 + 27753431
39 org.chromium.ContentShell.framework 0x0000000104704066 0x1030d6000 + 23257190
40 org.chromium.ContentShell.framework 0x0000000104706dc2 0x1030d6000 + 23268802
41 org.chromium.ContentShell.framework 0x000000010559d90f 0x1030d6000 + 38566159
42 org.chromium.ContentShell.framework 0x000000010528b7fe 0x1030d6000 + 35346430
43 org.chromium.ContentShell.framework 0x000000010528b4c1 0x1030d6000 + 35345601
44 org.chromium.ContentShell.framework 0x000000010797ccbb 0x1030d6000 + 76180667
45 org.chromium.ContentShell.framework 0x00000001054f91ce 0x1030d6000 + 37892558
46 org.chromium.ContentShell.framework 0x00000001054f8cfc 0x1030d6000 + 37891324
47 org.chromium.ContentShell.framework 0x00000001030d9254 cef_initialize + 276
48 org.cef.cefsimple 0x00000001030245b2 CefInitialize(CefMainArgs const&, CefStructBase<CefSettingsTraits> const&, scoped_refptr<CefApp>, void*) + 146
49 org.cef.cefsimple 0x0000000102fd7a3f main + 255
50 libdyld.dylib 0x00007fff6eb153d5 start + 1

Thread 1:
0 libsystem_pthread.dylib 0x00007fff6ed023f0 start_wqthread + 0

Thread 2:
0 libsystem_pthread.dylib 0x00007fff6ed023f0 start_wqthread + 0

Thread 3:
0 libsystem_pthread.dylib 0x00007fff6ed023f0 start_wqthread + 0

Thread 4:
0 libsystem_pthread.dylib 0x00007fff6ed023f0 start_wqthread + 0

Thread 5:: ThreadPoolServiceThread
0 libsystem_kernel.dylib 0x00007fff6ec520a6 kevent64 + 10
1 org.chromium.ContentShell.framework 0x0000000105864521 0x1030d6000 + 41477409
2 org.chromium.ContentShell.framework 0x00000001058643b6 0x1030d6000 + 41477046
3 org.chromium.ContentShell.framework 0x000000010580cce8 0x1030d6000 + 41118952
4 org.chromium.ContentShell.framework 0x00000001057e2487 0x1030d6000 + 40944775
5 org.chromium.ContentShell.framework 0x0000000105819684 0x1030d6000 + 41170564
6 org.chromium.ContentShell.framework 0x000000010582a214 0x1030d6000 + 41239060
7 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
8 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
9 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
10 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 6:: ThreadPoolForegroundWorker
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 org.chromium.ContentShell.framework 0x00000001057fa060 0x1030d6000 + 41042016
3 org.chromium.ContentShell.framework 0x00000001057fa171 0x1030d6000 + 41042289
4 org.chromium.ContentShell.framework 0x0000000105814608 0x1030d6000 + 41149960
5 org.chromium.ContentShell.framework 0x0000000105814e7d 0x1030d6000 + 41152125
6 org.chromium.ContentShell.framework 0x0000000105814b64 0x1030d6000 + 41151332
7 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
8 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
9 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
10 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 7:: ThreadPoolBackgroundWorker
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 org.chromium.ContentShell.framework 0x00000001057fa060 0x1030d6000 + 41042016
3 org.chromium.ContentShell.framework 0x00000001057fa171 0x1030d6000 + 41042289
4 org.chromium.ContentShell.framework 0x0000000105814608 0x1030d6000 + 41149960
5 org.chromium.ContentShell.framework 0x0000000105814e7d 0x1030d6000 + 41152125
6 org.chromium.ContentShell.framework 0x0000000105814ad4 0x1030d6000 + 41151188
7 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
8 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
9 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
10 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 8:: Chrome_IOThread
0 libsystem_malloc.dylib 0x00007fff6ecc25c3 free + 98
1 org.chromium.ContentShell.framework 0x0000000104c92b8a 0x1030d6000 + 29084554
2 org.chromium.ContentShell.framework 0x0000000104c94cae 0x1030d6000 + 29093038
3 org.chromium.ContentShell.framework 0x0000000104c8314f 0x1030d6000 + 29020495
4 org.chromium.ContentShell.framework 0x0000000104c78d64 0x1030d6000 + 28978532
5 org.chromium.ContentShell.framework 0x0000000105869853 0x1030d6000 + 41498707
6 org.chromium.ContentShell.framework 0x000000010586a203 0x1030d6000 + 41501187
7 org.chromium.ContentShell.framework 0x000000010587e79e 0x1030d6000 + 41584542
8 org.chromium.ContentShell.framework 0x00000001057fde95 0x1030d6000 + 41057941
9 org.chromium.ContentShell.framework 0x000000010580c470 0x1030d6000 + 41116784
10 org.chromium.ContentShell.framework 0x000000010580c208 0x1030d6000 + 41116168
11 org.chromium.ContentShell.framework 0x0000000105864357 0x1030d6000 + 41476951
12 org.chromium.ContentShell.framework 0x000000010580cce8 0x1030d6000 + 41118952
13 org.chromium.ContentShell.framework 0x00000001057e2487 0x1030d6000 + 40944775
14 org.chromium.ContentShell.framework 0x000000010470d8b4 0x1030d6000 + 23296180
15 org.chromium.ContentShell.framework 0x000000010582a214 0x1030d6000 + 41239060
16 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
17 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
18 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
19 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 9:: NetworkConfigWatcher
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 com.apple.CoreFoundation 0x00007fff426a013e __CFRunLoopServiceMachPort + 328
3 com.apple.CoreFoundation 0x00007fff4269f6ac __CFRunLoopRun + 1612
4 com.apple.CoreFoundation 0x00007fff4269ee0e CFRunLoopRunSpecific + 455
5 com.apple.Foundation 0x00007fff448f5a9f -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280
6 org.chromium.ContentShell.framework 0x00000001057c11f1 0x1030d6000 + 40808945
7 org.chromium.ContentShell.framework 0x00000001057c0018 0x1030d6000 + 40804376
8 org.chromium.ContentShell.framework 0x000000010580cce8 0x1030d6000 + 41118952
9 org.chromium.ContentShell.framework 0x00000001057e2487 0x1030d6000 + 40944775
10 org.chromium.ContentShell.framework 0x000000010582a214 0x1030d6000 + 41239060
11 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
12 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
13 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
14 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 10:: NetworkConfigWatcher
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 com.apple.CoreFoundation 0x00007fff426a013e __CFRunLoopServiceMachPort + 328
3 com.apple.CoreFoundation 0x00007fff4269f6ac __CFRunLoopRun + 1612
4 com.apple.CoreFoundation 0x00007fff4269ee0e CFRunLoopRunSpecific + 455
5 com.apple.Foundation 0x00007fff448f5a9f -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280
6 org.chromium.ContentShell.framework 0x00000001057c11f1 0x1030d6000 + 40808945
7 org.chromium.ContentShell.framework 0x00000001057c0018 0x1030d6000 + 40804376
8 org.chromium.ContentShell.framework 0x000000010580cce8 0x1030d6000 + 41118952
9 org.chromium.ContentShell.framework 0x00000001057e2487 0x1030d6000 + 40944775
10 org.chromium.ContentShell.framework 0x000000010582a214 0x1030d6000 + 41239060
11 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
12 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
13 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
14 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 11:: ThreadPoolForegroundWorker
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 org.chromium.ContentShell.framework 0x00000001057fa060 0x1030d6000 + 41042016
3 org.chromium.ContentShell.framework 0x00000001057fa171 0x1030d6000 + 41042289
4 org.chromium.ContentShell.framework 0x0000000105814608 0x1030d6000 + 41149960
5 org.chromium.ContentShell.framework 0x0000000105814e7d 0x1030d6000 + 41152125
6 org.chromium.ContentShell.framework 0x0000000105814b64 0x1030d6000 + 41151332
7 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
8 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
9 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
10 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 12:: ThreadPoolBackgroundWorker
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 org.chromium.ContentShell.framework 0x00000001057fa060 0x1030d6000 + 41042016
3 org.chromium.ContentShell.framework 0x00000001057fa171 0x1030d6000 + 41042289
4 org.chromium.ContentShell.framework 0x0000000105814608 0x1030d6000 + 41149960
5 org.chromium.ContentShell.framework 0x0000000105814c4f 0x1030d6000 + 41151567
6 org.chromium.ContentShell.framework 0x0000000105814ad4 0x1030d6000 + 41151188
7 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
8 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
9 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
10 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 13:: ThreadPoolForegroundWorker
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 org.chromium.ContentShell.framework 0x00000001057fa060 0x1030d6000 + 41042016
3 org.chromium.ContentShell.framework 0x00000001057fa171 0x1030d6000 + 41042289
4 org.chromium.ContentShell.framework 0x0000000105814608 0x1030d6000 + 41149960
5 org.chromium.ContentShell.framework 0x0000000105814e7d 0x1030d6000 + 41152125
6 org.chromium.ContentShell.framework 0x0000000105814b64 0x1030d6000 + 41151332
7 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
8 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
9 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
10 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 14:: ThreadPoolForegroundWorker
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 org.chromium.ContentShell.framework 0x00000001057fa060 0x1030d6000 + 41042016
3 org.chromium.ContentShell.framework 0x00000001057fa171 0x1030d6000 + 41042289
4 org.chromium.ContentShell.framework 0x0000000105814608 0x1030d6000 + 41149960
5 org.chromium.ContentShell.framework 0x0000000105814e7d 0x1030d6000 + 41152125
6 org.chromium.ContentShell.framework 0x0000000105814b64 0x1030d6000 + 41151332
7 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
8 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
9 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
10 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 15:: ThreadPoolForegroundWorker
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 org.chromium.ContentShell.framework 0x00000001057fa060 0x1030d6000 + 41042016
3 org.chromium.ContentShell.framework 0x00000001057fa171 0x1030d6000 + 41042289
4 org.chromium.ContentShell.framework 0x0000000105814608 0x1030d6000 + 41149960
5 org.chromium.ContentShell.framework 0x0000000105814c4f 0x1030d6000 + 41151567
6 org.chromium.ContentShell.framework 0x0000000105814b64 0x1030d6000 + 41151332
7 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
8 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
9 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
10 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 16:: CompositorTileWorker1/32523
0 libsystem_kernel.dylib 0x00007fff6ec4d86a __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff6ed0656e _pthread_cond_wait + 722
2 org.chromium.ContentShell.framework 0x000000010585ae35 0x1030d6000 + 41438773
3 org.chromium.ContentShell.framework 0x0000000106a121e8 0x1030d6000 + 60015080
4 org.chromium.ContentShell.framework 0x0000000105829642 0x1030d6000 + 41236034
5 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
6 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
7 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
8 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 17:: AudioThread
0 libsystem_kernel.dylib 0x00007fff6ec4a22a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff6ec4a76c mach_msg + 60
2 org.chromium.ContentShell.framework 0x00000001057fa060 0x1030d6000 + 41042016
3 org.chromium.ContentShell.framework 0x00000001057f9f1f 0x1030d6000 + 41041695
4 org.chromium.ContentShell.framework 0x00000001057bfea1 0x1030d6000 + 40804001
5 org.chromium.ContentShell.framework 0x000000010580cce8 0x1030d6000 + 41118952
6 org.chromium.ContentShell.framework 0x00000001057e2487 0x1030d6000 + 40944775
7 org.chromium.ContentShell.framework 0x000000010582a214 0x1030d6000 + 41239060
8 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
9 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
10 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
11 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 18 Crashed:: ThreadPoolSingleThreadForegroundBlocking0
0 org.chromium.ContentShell.framework 0x00000001057b4900 0x1030d6000 + 40757504
1 org.chromium.ContentShell.framework 0x00000001057b7ae3 0x1030d6000 + 40770275
2 org.chromium.ContentShell.framework 0x00000001057b8fd8 0x1030d6000 + 40775640
3 org.chromium.ContentShell.framework 0x00000001057b8bc3 0x1030d6000 + 40774595
4 org.chromium.ContentShell.framework 0x00000001057dd18c 0x1030d6000 + 40923532
5 org.chromium.ContentShell.framework 0x00000001057dcc6e 0x1030d6000 + 40922222
6 org.chromium.ContentShell.framework 0x000000010474b87a 0x1030d6000 + 23550074
7 org.chromium.ContentShell.framework 0x000000010474a8c0 0x1030d6000 + 23546048
8 org.chromium.ContentShell.framework 0x00000001057fde95 0x1030d6000 + 41057941
9 org.chromium.ContentShell.framework 0x000000010581b692 0x1030d6000 + 41178770
10 org.chromium.ContentShell.framework 0x000000010581b364 0x1030d6000 + 41177956
11 org.chromium.ContentShell.framework 0x000000010585b756 0x1030d6000 + 41441110
12 org.chromium.ContentShell.framework 0x000000010581adb6 0x1030d6000 + 41176502
13 org.chromium.ContentShell.framework 0x0000000105814d91 0x1030d6000 + 41151889
14 org.chromium.ContentShell.framework 0x0000000105814bc4 0x1030d6000 + 41151428
15 org.chromium.ContentShell.framework 0x000000010585bba7 0x1030d6000 + 41442215
16 libsystem_pthread.dylib 0x00007fff6ed032eb _pthread_body + 126
17 libsystem_pthread.dylib 0x00007fff6ed06249 _pthread_start + 66
18 libsystem_pthread.dylib 0x00007fff6ed0240d thread_start + 13

Thread 18 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000000 rbx: 0x00007fffa1b139a0 rcx: 0x0000000000000000 rdx: 0x0000000000000400
rdi: 0x00007000091c0100 rsi: 0x00007fba96024aa0 rbp: 0x00007000091c05d0 rsp: 0x00007000091c00a0
r8: 0x00000000000130a8 r9: 0x00007fffa1b16288 r10: 0x0000000000000000 r11: 0x00007fffa1b16280
r12: 0x00007fba96024aa0 r13: 0x00007000091c00e8 r14: 0x00007000091c0638 r15: 0x00007000091c0648
rip: 0x00000001057b4900 rfl: 0x0000000000000246 cr2: 0x0000000109c09c7d

Logical CPU: 5
Error Code: 0x00000000
Trap Number: 3

last: any idea to fixed it?
leetb
Newbie
 
Posts: 5
Joined: Tue Aug 06, 2019 4:10 am

Re: macOS, CEF, and notarization

Postby ndesktop » Wed Aug 07, 2019 7:19 am

What's this crash have to do with code signing?
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am

Re: macOS, CEF, and notarization

Postby leetb » Wed Aug 07, 2019 10:22 am

sorry, It seems to be caused by opening the sandbox of the app.
leetb
Newbie
 
Posts: 5
Joined: Tue Aug 06, 2019 4:10 am

Notarization fails, help!

Postby coder678 » Tue Sep 03, 2019 8:36 pm

I am trying to notarize cefsimple but it fails. Please help.

File system: Mac OS Extended (Journaled)
Xcode 10.1
MacOS 10.13.6
CEF 76.0.5
Hardened runtime is enabled.
No sandbox.

ERROR: cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework/Chromium Embedded Framework: a sealed resource is missing or invalid

Some resources mention that it may be related to non-alphabetical characters in files names of the package (and here some files have an underscore _ character).

Commands that I use:
Code: Select all
codesign --force --options runtime --entitlements "entitlements-helper.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/cefsimple Helper.app"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework/Libraries/libEGL.dylib"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework/Libraries/libswiftshader_libEGL.dylib"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework/Libraries/libGLESv2.dylib"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework/Libraries/libswiftshader_libGLESv2.dylib"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app"

/usr/bin/ditto -c -k --keepParent "cefsimple.app" "cefsimple.app.zip"

xcrun altool --notarize-app --primary-bundle-id "myid" --username "myname" --password "mypassword" --file "cefsimple.app.zip"


entitlements-browser.plist
Code: Select all
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
       <key>com.apple.security.device.audio-input</key>
       <true/>
       <key>com.apple.security.device.bluetooth</key>
       <true/>
       <key>com.apple.security.device.camera</key>
       <true/>
       <key>com.apple.security.device.print</key>
       <true/>
       <key>com.apple.security.device.usb</key>
       <true/>
    </dict>
    </plist>


entitlements-helper.plist
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
   <true/>
   <key>com.apple.security.cs.disable-library-validation</key>
   <true/>
   <key>com.apple.security.cs.allow-jit</key>
   <true/>
</dict>
</plist>
coder678
Techie
 
Posts: 35
Joined: Sun Jun 26, 2016 10:03 pm

Re: macOS, CEF, and notarization

Postby ssthakur » Thu Sep 05, 2019 12:04 am

Hi Mic,
We have done notarization chnages in one of our Application which is using CEF.
Let me know what issues you are facing.
ssthakur
Techie
 
Posts: 17
Joined: Mon Oct 09, 2017 11:11 pm

Re: Notarization fails, help!

Postby coder678 » Mon Sep 09, 2019 1:42 am

I figured out the sequence of commands that allows to notarize successfully. It worked even on AFPS file system.

Code: Select all
chmod -R 777 cefsimple.app

codesign --force --options runtime --entitlements "entitlements-helper.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/cefsimple Helper.app"

codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework/Libraries/libEGL.dylib"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework/Libraries/libswiftshader_libEGL.dylib"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework/Libraries/libGLESv2.dylib"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework/Libraries/libswiftshader_libGLESv2.dylib"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app/Contents/Frameworks/Chromium Embedded Framework.framework"
codesign --force --options runtime --entitlements "entitlements-browser.plist" --sign "Developer ID Application: xxx" --timestamp --verbose "cefsimple.app"

/usr/bin/ditto -c -k --keepParent "cefsimple.app" "cefsimple.app.zip"

xcrun altool --notarize-app --primary-bundle-id "myid" --username "myname" --password "mypassword" --file "cefsimple.app.zip"
coder678
Techie
 
Posts: 35
Joined: Sun Jun 26, 2016 10:03 pm

PreviousNext

Return to Support Forum

Who is online

Users browsing this forum: No registered users and 45 guests