Turning on Sandbox at Runtime/Debug

Josh_Hill · May 1, 2018, 10:11pm

Has anyone had luck on Mac OS code signing and running an app sandboxed during debug? Using xattr to remove FinderInfo data breaks the connection to the debugger or maybe it’s the fact that the app has been Sandboxed. Here’s my post-build Build Automation Step:

//Setup Basic Variables
Dim cert_name, result, the_command, entitlements_path, kQuote As String
Dim sandbox_enabled As Boolean
Dim osErr As Integer
kQuote = Chr(34)
Dim app_name As String = CurrentBuildAppName()
Dim project_folder As String = CurrentBuildLocation()
Dim bundle_path As String = project_folder + "/" + app_name + ".app"
Dim app_path As String = bundle_path + "/Contents/MacOS/" + kQuote + CurrentBuildAppName + kQuote
If ShowDialog("Enable Sandboxing?","", "Yes", "No", "", 3) = "Yes" Then sandbox_enabled = True
If sandbox_enabled Then 
  entitlements_path = project_folder + "/Internals/Resources/sandbox.entitlements"
Else
  entitlements_path = project_folder + "/Internals/Resources/regular.entitlements"
End If
If ConstantValue("App.BuildForRetailRelease") = "True" Then
  cert_name = "Developer ID Application: Koingo Software, Inc. (CH23HELMP2)"
Else
  cert_name = "3rd Party Mac Developer Application: Koingo Software, Inc. (CH23HELMP2)"
End If

Function perform_command(the_command As String) As Boolean
  Dim result As String
  Dim osErr As Integer
  result = DoShellCommand(the_command,3000,osErr)
  If osErr <> 0 Then
    Print("Error "+Str(osErr)+" Executing Shell Script" + EndOfLine + EndOfLine + the_command  + EndOfLine + EndOfLine + "Result: " + result)
    CancelBuild()
    Return False
  End If
  If Len(result) <> 0 Then Print(result)
  Return True
End Function

//Remove FinderInfo Attributes
Dim xRemove() As String = Array("com.apple.FinderInfo")
For Each s As string in xRemove
  If Not perform_command("xattr -rd " + s + " "+  bundle_path) Then Return
Next

//Codesign Exercutable
If sandbox_enabled Then
  If Not perform_command("codesign -f -s " + kQuote + cert_name + kQuote + "  --entitlements " + entitlements_path + " " +  app_path) Then Return
Else
  If Not perform_command("codesign -f -s " + kQuote + cert_name + kQuote  + " " +  app_path) Then Return
End If

//Codesign Bundle
If sandbox_enabled Then
  If Not perform_command("codesign -f -s " + kQuote + cert_name + kQuote + "  --entitlements " + entitlements_path + " " +  bundle_path) Then Return
Else
  If Not perform_command("codesign -f -s " + kQuote + cert_name + kQuote + " " +  bundle_path) Then Return
End If

Sam_Rowlands · May 2, 2018, 2:06am

If you use App Wrapper, there’s a section in the help for setting it up to run at debug time. It’s how I’ve been building Sandboxed apps for the last 3 or so years.

Oliver_Osswald · May 2, 2018, 7:13am

Yes, with the help of AppWrapper I am debugging in sandboxed mode all the time.
http://www.ohanaware.com/appwrapper/

Sascha_S · May 2, 2018, 10:04am

Same here. If you develop for Apple Store, use App Wrapper. It’s a MUST-HAVE