Hello, My app used camera extension to implement virtual camera. After cosigned with Developer ID Application, My app can run on other mac. But can't run on MacOS 10.15. Print system log as follows:
Aug 22 16:08:11 YL1150-C01177PG com.apple.xpc.launchd[1] (com.apple.xpc.launchd.oneshot.0x10000060.Presentation Assistant[95558]): Binary is improperly signed. Aug 22 16:08:20 YL1150-C01177PG com.apple.xpc.launchd[1] (com.yealink.PresentationAssistant.app.4612[95559]): removing service since it exited with consistent failure - OS_REASON_CODESIGNING | When validating /Applications/Presentation Assistant.app/Contents/MacOS/Presentation Assistant: Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: Aug 22 16:08:20 YL1150-C01177PG com.apple.xpc.launchd[1] (com.yealink.PresentationAssistant.app.4612[95559]): Binary is improperly signed. Aug 22 16:08:51 YL1150-C01177PG com.apple.xpc.launchd[1] (com.apple.mdworker.shared.04000000-0700-0000-0000-000000000000[95551]): Service exited due to SIGKILL | sent by mds[114]
My app entitlements is:
??qq?<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<false/>
<key>com.apple.security.application-groups</key>
<array>
<string>xxxxx.com.yealink.PresentationAssistant.app</string>
</array>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.device.microphone</key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
<key>com.apple.security.device.usb</key>
<true/>
<key>com.apple.security.device.bluetooth</key>
<true/>
<key>com.apple.security.device.print</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.assets.pictures.read-write</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.assets.music.read-write</key>
<true/>
<key>com.apple.security.assets.movies.read-write</key>
<true/>
<key>com.apple.security.files.all</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.automation.apple-events</key>
<true/>
<key>com.apple.developer.system-extension.install</key>
<true/>
</dict>
</plist>
I found that it works on macos 10.15 as long as I remove system-extension.install. What should I do?
Your app is using restricted entitlements, that is, entitlements that must be authorised by a provisioning profile [1]. However, you haven’t claimed the com.apple.application-identifier entitlement, which means there’s no way for the system to match your app with its associated provisioning profile [2].
If you were using Xcode then it takes care of this for you. Given that you’re not, you have to do the work yourself. For detailed instructions, see Creating distribution-signed code for macOS.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Specifically, the com.apple.developer.system-extension.install entitlement is restricted.
[2] On modern systems the system will assume that the profile embedded in your app is correct, but that won’t work on 10.15. I talk more about this in Resolving Code Signing Crashes on Launch, part of my Resolving Trusted Execution Problems series.