Hi, Not sure if I can be of much help, but:
- This thread discusses and solves a similar problem: https://forum.qt.io/topic/49250/solved-qtwebengineprocess-not-working-in-sandboxed-application - If this could be reduced to a simple sandboxed-app-with-helper-process test case (no QtWebEngine usage), that that’s something I could look at, and something we could eventually add an autotest for. Morten > On 28 Apr 2017, at 18:49, Adalid Claure <[email protected]> wrote: > > I have a desktop app that I have been trying to get onto the Mac App store > but I have been having problems getting it to run in sandbox mode. For > context I am (preferably) using Qt 5.8 running on macOS 10.11.6. > > The crux seems to be QtWebEngineProcess.app refuses to run after I codesign > the bundle. As a result, my QtWebEngine component doesn't load. I am using > this QtWebEngine component as part of my app's UI. > > When the app starts I see the following errors in Console: > > kernel[0]: Sandbox: QtWebEngineProce(20764) deny(1) mach-lookup > org.chromium.Chromium.rohitfork.20763 > kernel[0]: Sandbox: QtWebEngineProce(20765) deny(1) mach-lookup > org.chromium.Chromium.rohitfork.20763 > QtWebEngineProcess[20764]: [0427/071053:ERROR:mach_broker_mac.mm(52)] > bootstrap_look_up: Permission denied (1100) > QtWebEngineProcess[20765]: [0427/071053:ERROR:mach_broker_mac.mm(52)] > bootstrap_look_up: Permission denied (1100) > kernel[0]: Sandbox: QtWebEngineProce(20764) deny(1) forbidden-sandbox-reinit > > My build process is pretty straight forward: > > 1. Run macdeployqt on the app, using the -appstore-compliant. > 2. Sign all of the Qt Frameworks and PlugIns individually with my app's > entitlement file. > 3. Sign QtWebEngineProcess.app with the following entitlements file: > > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" > "http://www.apple.com/DTDs/PropertyList-1.0.dtd";> > <plist version="1.0"> > <dict> > <key>com.apple.security.app-sandbox</key> > <true/> > <key>com.apple.security.inherit</key> > <true/> > </dict> > </plist> > > 4. Call codesign on the overall MyProgram.app bundle with the entitlements > file from Step 2. > > I have tried numerous things all in combination with one another, including: > > a. built QtWebEngine using WEBENGINE_CONFIG+=use_appstore_compliant_code (per > the notes here: > https://doc.qt.io/qt-5/qtwebengine-platform-notes.html#mac-app-store-compatibility) > b. use macdeployqt's -codesign, even though the binarys have to be signed a > second time after this in order to apply the entitlements > c. sign QtWebEngineProcess.app with CFBundleIdentifier equal to > 'com.qt-project.Qt.QtWebEngineProcess' and with my own app's bundle ID. > d. tried linking with Qt 5.7 > e. tried linking with Qt 5.6.2 which *did* run but then gets rejected by > Apple because: > > ------------------------------- > Your app uses or references the following non-public API(s): > > framework: '/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit' > : NSAccessibilityUnregisterUniqueIdForUIElement > : _NSAppendToKillRing > : _NSDrawCarbonThemeBezel > : _NSDrawCarbonThemeListBox > : _NSInitializeKillRing > : _NSNewKillRingSequence > : _NSPrependToKillRing > : _NSSetKillRingToYankedState > : _NSYankFromKillRing > > framework: > '/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices' > : CGSSetDenyWindowServerConnections > : CGSShutdownServerConnections > : CTFontCopyDefaultCascadeList > > The use of non-public APIs is not permitted on the App Store as it can lead > to a poor user experience should these APIs change. > ------------------------------- > > I have chronicled a lot of this in this thread here > (https://forum.qt.io/topic/78518/sandbox-app-for-the-mac-app-store-with-qt-5-8-and-qtwebengineprocess) > but the problem persists. > > Does anyone have any suggestions? Does anyone know of any apps on the Mac App > Store that use QtWebEngine? > > Thanks. > _______________________________________________ > Development mailing list > [email protected] > http://lists.qt-project.org/mailman/listinfo/development _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
