Howdy Rama, I just added this to the pure-data develop branch which will be folded soonish into Pd 0.56 development. I will leave com.apple.security.cs.allow-unsigned-executable-memory out for now as it is more or less a security risk.
> On May 27, 2025, at 6:30 PM, Dan Wilcox <danomat...@gmail.com> wrote: > > Hah whoops I now read you already referenced that. I'll just make a commit to > develop. > > enohp ym morf tnes > ----------- > Dan Wilcox > danomatika.com > robotcowboy.com > > >> On May 27, 2025, at 6:30 PM, Dan Wilcox <danomat...@gmail.com> wrote: >> >> FYI the Pd entitlements are in the repo. You can make a PR: >> >> https://github.com/pure-data/pure-data/blob/master/mac/stuff/pd.entitlements >> >> enohp ym morf tnes >> ----------- >> Dan Wilcox >> danomatika.com >> robotcowboy.com >> >> >>> On May 27, 2025, at 5:21 PM, Christof Ressi <i...@christofressi.com> wrote: >>> >>> >>> Hi Rama, >>> >>> sounds reasonable to me. I would suggest to open an issue on GitHub because >>> it makes it easier to keep track. >>> >>> Christof >>> >>> On 27.05.2025 16:35, Rama Gottfried wrote: >>>> dear pd devs, >>>> >>>> I have a Max object (o.luajit) which wraps Luajit that I’d like to port to >>>> Pd but it appears that since Pd does not ship with the entitlement >>>> "com.apple.security.cs.allow-jit” Luajit crashes when using JIT >>>> compilation. >>>> >>>> After some debugging (with helpful AI assistance) to analyze the crash >>>> report, I was able to isolate the issue to the JIT compiler memory >>>> allocation, and found that Luajit crashes Pd when the JIT computation is >>>> triggered crossing some kind of size threshold. The application is >>>> terminated with a “Code Signature Invalid” sigkill (details pasted below) >>>> due to missing the entitlement to run (or generate?) JIT code. >>>> >>>> If I manually disable JIT in the lua code the crash goes away (but then of >>>> course you loose the speed benefits of Luajit). >>>> >>>> As an experiment, I added: >>>> >>>> <key>com.apple.security.cs.allow-jit</key> >>>> <true /> >>>> >>>> to the /pure-data/mac/stuff/pd.entitlements file, and built the Pd.app via >>>> “make app”. >>>> finally with addition of this entitlement the Luajit JIT processing works >>>> as expected, which is great! >>>> >>>> so, to conclude, a feature request: would it be possible to add the >>>> com.apple.security.cs.allow-jit entitlement for the Pd Mac releases? I >>>> could imagine this would be useful in the future for others development >>>> projects as well. >>>> >>>> all the best, >>>> rama >>>> >>>> p.s. here’s what the crash looks like: >>>> >>>> Crashed Thread: 0 Dispatch queue: com.apple.main-thread >>>> >>>> Exception Type: EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid)) >>>> Exception Codes: UNKNOWN_0x32 at 0x0000000102793f7c >>>> Exception Codes: 0x0000000000000032, 0x0000000102793f7c >>>> >>>> Termination Reason: Namespace CODESIGNING, Code 2 Invalid Page >>>> >>>> p.p.s. in case it it helpful for reference, here are the Max.app >>>> entitlements which includes the allow-jit key. >>>> >>>> codesign -d --entitlements - /Applications/Max.app >>>> Executable=/Applications/Max.app/Contents/MacOS/Max >>>> [Dict] >>>> [Key] com.apple.security.automation.apple-events >>>> [Value] >>>> [Bool] true >>>> [Key] com.apple.security.cs.allow-jit >>>> [Value] >>>> [Bool] true >>>> [Key] com.apple.security.cs.allow-unsigned-executable-memory >>>> [Value] >>>> [Bool] true >>>> [Key] com.apple.security.cs.disable-library-validation >>>> [Value] >>>> [Bool] true >>>> [Key] com.apple.security.device.audio-input >>>> [Value] >>>> [Bool] true >>>> [Key] com.apple.security.device.camera >>>> [Value] >>>> [Bool] true >>>> [Key] com.apple.security.get-task-allow >>>> [Value] >>>> [Bool] true >>>> >>>> >>>> >>>> --- >>>> pd-dev@lists.iem.at <mailto:pd-dev@lists.iem.at> - the Pd developers' >>>> mailinglist >>>> https://lists.iem.at/hyperkitty/list/pd-dev@lists.iem.at/message/NHTPOPYIVKU6JR7HS7ZF2Q5USIVVQSU6/ >>> --- >>> pd-dev@lists.iem.at - the Pd developers' mailinglist >>> https://lists.iem.at/hyperkitty/list/pd-dev@lists.iem.at/message/PRVVFJG2NB4465YNSEMNELQMM365VNHS/ -------- Dan Wilcox danomatika.com <http://danomatika.com/> robotcowboy.com <http://robotcowboy.com/>
--- pd-dev@lists.iem.at - the Pd developers' mailinglist https://lists.iem.at/hyperkitty/list/pd-dev@lists.iem.at/message/LWYFOBSK4BIJDHQKYAGTLX4P5DH66X66/