Qt Application Errors After Code Signing



  • I have developed a Qt based program for Mac that has been accepted into the Mac App Store. When my programmer compiles the program everything works just fine. However, after we code sign the Application with my Mac Developer Certificate the new version has a significant bug. We can't figure out what is causing this issue and how to fix it. Has anyone else experienced this?


  • Lifetime Qt Champion

    Hi,

    Can you tell what specific error you are getting as well as which version of OS X/Xcode and Qt you are using ?



  • Hi SGaist,

    Thank you for responding. My OS X version is 10.9.5. We are using Qt 5.3 I am using Xcode version 6.0.1 My programmer is using OS X 10.9.1 and I'm not sure which version of Xcode. I don't think we are using xcode to sign the App. We have been using terminal commands. My programmer just notified me today that he has narrowed down the actual command that is causing the issue.

    It is: codesign -s "3rd Party Mac Developer Application: ID NAME" --entitlements Entitlements.plist --deep 'Visual Renamer.app'

    He created a code signed bundle to submit to the App Store without using this command. The App passes Gatekeeper and is in fact signed, but it got rejected by the App Store.

    The error that was occurring was this: My application is a renaming app. You can drag and drop folders of files to be renamed or you can drag in files directly. Both methods worked fine before code signing with the entitlements.plist but after signing only the dragging and dropping a folder method worked correctly. I was still able to drag individual files into the App, but when I click on the button to actually rename them, my program said these files couldn't be renamed. Yet files that were dragged in by folder were able to be renamed correctly.

    I wonder if something is wrong with the entitlements.plist that I am using?

    Any thoughts would be extremely helpful

    Thanks!


  • Lifetime Qt Champion

    I may be wrong but you might be hitting one of the App Store rules maybe 2.6 of the "review guidelines":https://developer.apple.com/app-store/review/guidelines/.

    Didn't you get any information about the rejection reason ?



  • Issue 2.6 was not mentioned since the App update hasn't yet reached the review team. But the current version on the App Store actually has the same issue but was accepted by the App Store. I bought it and downloaded it just to check it's functionality and unfortunately this bug exists in that approved version.

    So far my Entitlements.plist includes only two entries:
    com.apple.security.app-sandbox | Boolean | Yes
    com.apple.security.files.user-selected.read-write | Boolean | Yes

    Apple describes the "com.apple.security.files.user-selected.read-write" entitlement as: Read/write access to files the user has selected using an Open or Save dialog. I'm not sure if my "Add Files" button qualifies as an Open or Save Dialog? Maybe that's the issue?



  • Well I've made some progress in my research, but no progress fixing the issue. I started reading here: https://developer.apple.com/library/mac/documentation/security/conceptual/AppSandboxDesignGuide/AppSandboxQuickStart/AppSandboxQuickStart.html#//apple_ref/doc/uid/TP40011183-CH2-SW2

    I ran the tests to see if I would get any error messages on Console and I got the following:

    Sandbox: App Name(21378) deny file-read-xattr /Users/MyName/Documents/TEST FILES/AUDIO/NEW AUDIO 006.aiff

    and

    Sandbox: App Name(21378) deny file-write-create /Users/MyName/Documents/TEST FILES/AUDIO/NEW AUDIO 006.aiff

    So it is in fact a Sandboxing issue. I tried adding all of the following entitlements, but still no luck fixing the issue:

    com.apple.security.app-sandbox
    com.apple.security.assets.movies.read-write
    com.apple.security.assets.music.read-write
    com.apple.security.assets.pictures.read-write
    com.apple.security.device.firewire
    com.apple.security.device.microphone
    com.apple.security.device.serial
    com.apple.security.device.usb
    com.apple.security.files.bookmarks.app-scope
    com.apple.security.files.bookmarks.document-scope
    com.apple.security.files.downloads.read-write
    com.apple.security.files.user-selected.read-write
    com.apple.security.network.client
    com.apple.security.network.server
    com.apple.security.personal-information.addressbook
    com.apple.security.personal-information.calendars
    com.apple.security.personal-information.location
    com.apple.security.temporary-exception.files.absolute-path.read-write

    Let me know what you think. Thanks!


  • Lifetime Qt Champion

    Are you sure you implemented correctly the user accessible part of the com.apple.security.files.user-selected.read-write entitlement ?



  • Thank you for your response! We are still struggling with this issue.

    Can you explain what you mean a little more? My programmer and I included com.apple.security.files.user-selected.read-write in our entitlements.plist with a Boolean value of True. Is there anything else we need to include in the entitlements.plist in order to implement this particular entitlement properly?

    It would be great if it's just a matter of modifying the entitlements.plist and not have to recode.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.