What entitlements did you sign spawnhelper with? The same as the main app or the inherit permission?
On Jun 24, 2014, at 9:40 AM, Zach Oakes <zsoa...@gmail.com> wrote: > I've successfully shipped Java apps on the MAS using an embedded JRE, but > with the stricter signing requirements now in place, I'm having a problem. > My script now signs all the binaries, including the JRE's jspawnhelper > executable, which my app relies on to spawn new processes via Runtime.exec. > > The sandboxed app launches correctly, but when it tries launching a new > process, I get a dialog saying "OS X needs to repair your Library to run > applications". It then fails to spawn the process, and the console says > "Sandbox creation failed: Container object initialization failed: failed to > get bundleid for app > "<snip>/Contents/PlugIns/jdk1.7.0_60.jdk/Contents/Home/jre/lib/jspawnhelper". > > I can't figure out why it is failing to get the bundleid for jspawnhelper. > It is definitely being signed with codesign, and I've tried explicitly > setting an --identifier to no avail. I would appreciate advice on how to > resolve this.