Howdy Rama,

I just added this to the pure-data develop branch which will be folded soonish 
into Pd 0.56 development. I will leave 
com.apple.security.cs.allow-unsigned-executable-memory out for now as it is 
more or less a security risk.

> On May 27, 2025, at 6:30 PM, Dan Wilcox <danomat...@gmail.com> wrote:
> 
> Hah whoops I now read you already referenced that. I'll just make a commit to 
> develop.
> 
> enohp ym morf tnes
> -----------
> Dan Wilcox
> danomatika.com
> robotcowboy.com
> 
> 
>> On May 27, 2025, at 6:30 PM, Dan Wilcox <danomat...@gmail.com> wrote:
>> 
>> FYI the Pd entitlements are in the repo. You can make a PR:
>> 
>> https://github.com/pure-data/pure-data/blob/master/mac/stuff/pd.entitlements
>> 
>> enohp ym morf tnes
>> -----------
>> Dan Wilcox
>> danomatika.com
>> robotcowboy.com
>> 
>> 
>>> On May 27, 2025, at 5:21 PM, Christof Ressi <i...@christofressi.com> wrote:
>>> 
>>> 
>>> Hi Rama,
>>> 
>>> sounds reasonable to me. I would suggest to open an issue on GitHub because 
>>> it makes it easier to keep track.
>>> 
>>> Christof
>>> 
>>> On 27.05.2025 16:35, Rama Gottfried wrote:
>>>> dear pd devs,
>>>> 
>>>> I have a Max object (o.luajit) which wraps Luajit that I’d like to port to 
>>>> Pd but it appears that since Pd does not ship with the entitlement 
>>>> "com.apple.security.cs.allow-jit” Luajit crashes when using JIT 
>>>> compilation. 
>>>> 
>>>> After some debugging (with helpful AI assistance) to analyze the crash 
>>>> report, I was able to isolate the issue to the JIT compiler memory 
>>>> allocation, and found that Luajit crashes Pd when the JIT computation is 
>>>> triggered crossing some kind of size threshold. The application is 
>>>> terminated with a “Code Signature Invalid” sigkill (details pasted below) 
>>>> due to missing the entitlement to run (or generate?) JIT code.
>>>> 
>>>> If I manually disable JIT in the lua code the crash goes away (but then of 
>>>> course you loose the speed benefits of Luajit). 
>>>> 
>>>> As an experiment, I added:
>>>> 
>>>>    <key>com.apple.security.cs.allow-jit</key>
>>>>    <true />
>>>> 
>>>> to the /pure-data/mac/stuff/pd.entitlements file, and built the Pd.app via 
>>>> “make app”.
>>>> finally with addition of this entitlement the Luajit JIT processing works 
>>>> as expected, which is great!
>>>> 
>>>> so, to conclude, a feature request: would it be possible to add the 
>>>> com.apple.security.cs.allow-jit entitlement for the Pd Mac releases?  I 
>>>> could imagine this would be useful in the future for others development 
>>>> projects as well.
>>>> 
>>>> all the best,
>>>> rama
>>>> 
>>>> p.s. here’s what the crash looks like:
>>>> 
>>>> Crashed Thread:        0  Dispatch queue: com.apple.main-thread
>>>> 
>>>> Exception Type:        EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid))
>>>> Exception Codes:       UNKNOWN_0x32 at 0x0000000102793f7c
>>>> Exception Codes:       0x0000000000000032, 0x0000000102793f7c
>>>> 
>>>> Termination Reason:    Namespace CODESIGNING, Code 2 Invalid Page
>>>> 
>>>> p.p.s. in case it it helpful for reference, here are the Max.app 
>>>> entitlements which includes the allow-jit key.
>>>> 
>>>> codesign -d --entitlements - /Applications/Max.app
>>>> Executable=/Applications/Max.app/Contents/MacOS/Max
>>>> [Dict]
>>>>    [Key] com.apple.security.automation.apple-events
>>>>    [Value]
>>>>            [Bool] true
>>>>    [Key] com.apple.security.cs.allow-jit
>>>>    [Value]
>>>>            [Bool] true
>>>>    [Key] com.apple.security.cs.allow-unsigned-executable-memory
>>>>    [Value]
>>>>            [Bool] true
>>>>    [Key] com.apple.security.cs.disable-library-validation
>>>>    [Value]
>>>>            [Bool] true
>>>>    [Key] com.apple.security.device.audio-input
>>>>    [Value]
>>>>            [Bool] true
>>>>    [Key] com.apple.security.device.camera
>>>>    [Value]
>>>>            [Bool] true
>>>>    [Key] com.apple.security.get-task-allow
>>>>    [Value]
>>>>            [Bool] true
>>>> 
>>>> 
>>>> 
>>>>  ---
>>>> pd-dev@lists.iem.at <mailto:pd-dev@lists.iem.at> - the Pd developers' 
>>>> mailinglist
>>>> https://lists.iem.at/hyperkitty/list/pd-dev@lists.iem.at/message/NHTPOPYIVKU6JR7HS7ZF2Q5USIVVQSU6/
>>> ---
>>> pd-dev@lists.iem.at - the Pd developers' mailinglist
>>> https://lists.iem.at/hyperkitty/list/pd-dev@lists.iem.at/message/PRVVFJG2NB4465YNSEMNELQMM365VNHS/

--------
Dan Wilcox
danomatika.com <http://danomatika.com/>
robotcowboy.com <http://robotcowboy.com/>
 ---
pd-dev@lists.iem.at - the Pd developers' mailinglist
https://lists.iem.at/hyperkitty/list/pd-dev@lists.iem.at/message/LWYFOBSK4BIJDHQKYAGTLX4P5DH66X66/

Reply via email to