search

ronaldoussoren / py2app

py2app is a Python setuptools command which will allow you to make standalone Mac OS X application bundles and plugins from Python scripts.
Other
340 stars 36 forks source link

py2app should support sandboxing #86

Open ronaldoussoren opened 11 years ago

ronaldoussoren commented 11 years ago

Original report by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

Py2app should have options to add sandboxing to an application. This can be done using the codesign(1) utility using entitlments.

Note: I don't know yet how useful sandboxing is without getting the application signed for AppStore distribution.

Note 2: I also don't know if the AppStore will accept application bundles that were signed outside of Xcode.

See also #85

ronaldoussoren commented 11 years ago

Original comment by George Henne (Bitbucket: ghenne, GitHub: ghenne).

I'm working on submitting to the App Store using the Application Loader instead of full Xcode. I still have issues (#99), but seem to have gotten past the code signing and sandboxing by doing the following (after p2app creates the .app file):

# Code signing

codesign --force --verify --verbose \
  --sign "3rd Party Mac Developer Application: NS BASIC Corporation" \
  --entitlements ../AppStudio.entitlements \
  AppStudio.app

codesign --force --verify --verbose \
  --sign "3rd Party Mac Developer Application: NS BASIC Corporation" \
  --entitlements ../AppStudio.entitlements \
  AppStudio.app/Contents/Frameworks/Python.framework/Versions/2.7

codesign --force --verify --verbose \
  --sign "3rd Party Mac Developer Application: NS BASIC Corporation" \
  --entitlements ../AppStudio.entitlements \
  AppStudio.app/Contents/MacOS/python

codesign -vvv -d AppStudio.app

The AppStudio.entitlements file is very simple:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>   <true/>
</dict>
</plist>

After codesigning is done, I make the pkg file:

# Make the pkg file for the App Store

productbuild \
    --component AppStudio.app /Applications \
    --sign "3rd Party Mac Developer Installer: NS BASIC Corporation" \
     AppStudio.pkg
ronaldoussoren commented 11 years ago

Original comment by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

Thanks for the info.

brandonserna commented 4 years ago

I have been desperately trying anything and everything I can find to get this working with either the new Transporter or the xcrun altool --upload-app and keep getting stuck at this sandbox issue. Is anyone else stuck on this?

ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.myname.appname.pkg/Payload/name.app/Contents/Resources/name" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app."

I've tried including this within setup.py and also manually including this from an entitlements file using codesign. Still no luck, if anyone has ideas I would greatly appreciate them 🤗

MacOS: 10.15.4 Transporter: 1.1.1 Xcode: 11.4 py2app: 0.21