When following this guide https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app I cannot run the embedded binary.
I'm getting this error: "zsh: trace trap"
I would like to be able to use the embedded binary for NativeMessaging with for example Chrome but I can't figure out how to allow it to be executable even with sandboxing enabled.
How are Strongbox able to do this with their afproxy executable?
When following this guide … I cannot run the embedded binary.
Are you trying to run this tool from your app, by spawning a child process?
Or are you trying to run it from the shell?
That matters because of sandbox inheritance:
-
If you want to run the tool as a child of your app, you must sign your code with both the
com.apple.security.app-sandboxandcom.apple.security.inheritentitlements, as described in that doc. -
If you want to run the tool from a shell, you must sign it with
com.apple.security.app-sandboxonly.
The latter is tricky, because you have to give your tool a bundle ID so the system knows how to create its container. You can do in one of two ways:
-
Embed the tool in an app-like wrapper, as described in Signing a daemon with a restricted entitlement (while your command-line tool isn’t a daemon, the same logic applies).
-
Enable the Create Info.plist Section in Binary build setting, so Xcode puts the tool’s
Info.plist, which has its bundle ID, into the tool itself.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"