python "import foundation" crushes if the app is codesigned

Hi,

python "import foundation" crushes without error message (but with a macos crush report) if the app is codesigned with Developer ID Application Certificate.(Without codesign, it works fine.)

1-test_simple_foundation.py(already attached):

import socket

import Foundation

print("hallo")

2-Install Nuitka: pip install Nuitka

3-Generate App File via Nuitka: echo *** | sudo -S python3.9 -m nuitka --run --standalone --macos-create-app-bundle --macos-app-mode=ui-element --macos-app-icon=icons/app_icon.png --include-data-dir=icons=icons test_simple_foundation.py

4-Copy app file under /applications

5-Execute test_simple_foundation.app file from terminal ./Applications/test_simple_foundation.app/Contents/MacOS/test_simple_foundation and observer that "hallo" is printed out

6-Codesign with following sh file(already attached):

7-Execute test_simple_foundation.app file from terminal ./Applications/test_simple_foundation.app/Contents/MacOS/test_simple_foundation and observer that code freezes with a macos crush report(already attached), after import Foundation nothing printed out.

Requirement: python3.9 -m nuitka --version

1.9rc5

Commercial: None

Python: 3.9.12 (v3.9.12:b28265d7e6, Mar 23 2022, 18:22:40)

Flavor: CPython Official

Executable: /Library/Frameworks/Python.framework/Versions/3.9/bin/python3.9

OS: Darwin

Arch: x86_64

Version C compiler: /usr/bin/clang (clang).

MacOS: Sonoma 14.2.1 1,6 GHz Dual-Core Intel Core i5 8 GB 2133 MHz LPDDR3

Answered by DTS Engineer in 795726022

The crash report you posted was for Apple’s built-in Console app. I’m not sure why it’s crashing but it’s clearly fallout from this issue rather than a cause of this issue.

As to what’s going on with your Python code, it’s hard to say but there are a couple of red flags here. First you’re signing your code with --deep, which is never a good idea. See --deep Considered Harmful. For advice on how to sign Mac code, see Creating distribution-signed code for macOS

Second, your entitlements file contains com.apple.security.network.client, and just that. THat doesn’t make sense. To start, an entitlements file is meant to be an XML property list, which this isn’t. But, more importantly, com.apple.security.network.client is only relevant if your app is sandboxed, and it’s not (because sandboxing is enabled by the com.apple.security.app-sandbox entitlement, which isn’t present).

As to your primary issue, it’s hard to say what’s going on based on your description of the symptoms (“observer that code freezes”). I recommend that you add a print both before and after the import Foundation to make sure it’s freezing in that call. Presuming it does, a good next step is to take a sample of the process (using Activity Monitor or the sample tool) to see where it’s frozen.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

The crash report you posted was for Apple’s built-in Console app. I’m not sure why it’s crashing but it’s clearly fallout from this issue rather than a cause of this issue.

As to what’s going on with your Python code, it’s hard to say but there are a couple of red flags here. First you’re signing your code with --deep, which is never a good idea. See --deep Considered Harmful. For advice on how to sign Mac code, see Creating distribution-signed code for macOS

Second, your entitlements file contains com.apple.security.network.client, and just that. THat doesn’t make sense. To start, an entitlements file is meant to be an XML property list, which this isn’t. But, more importantly, com.apple.security.network.client is only relevant if your app is sandboxed, and it’s not (because sandboxing is enabled by the com.apple.security.app-sandbox entitlement, which isn’t present).

As to your primary issue, it’s hard to say what’s going on based on your description of the symptoms (“observer that code freezes”). I recommend that you add a print both before and after the import Foundation to make sure it’s freezing in that call. Presuming it does, a good next step is to take a sample of the process (using Activity Monitor or the sample tool) to see where it’s frozen.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

Thanks a lot for the response. I could solve the problem with following entitlements file and following codesign command.

codesign -s "$SIGNING_IDENTITY_APP" --verbose --force --deep --entitlements /Users/emre/Documents/MrProtect/app.entitlements --options=runtime --timestamp --preserve-metadata=entitlements,requirements,flags,runtime \

I do not know which change worked exactly, but it is working now.

python "import foundation" crushes if the app is codesigned
 
 
Q