Hmm, I have different entitlements set here, as per
https://forum.qt.io/topic/102212/qtwebengine-signing-issues/20
In short, the QtWebEngineProcess.app Helper within
QtWebEngineCore.framework is signed with
com.apple.security.cs.disable-executable-page-protection true.
Runtime is hard and the application is signed, notarised and packaged
(and signed).
Hamish
On 15/6/24 22:23, Alexander Carôt via Interest wrote:
P.S.: Nevermind – I simply did not wait long enough for the app to be
notarized. The solution for me was to only include this key:
<key>com.apple.security.cs.allow-jit</key><true/>
and then I could sign, notarize and launch.
--
http://www.carot.de
Email : [email protected]
Tel.: +49 (0)177 5719797
Gesendet: Samstag, 15. Juni 2024 um 13:44 Uhr
Von: "Alexander Carôt via Interest" <[email protected]>
An: "qt qt" <[email protected]>
Betreff: [Interest] signing webenginewidgets issue
Hello all,
I just saw an issue when signing and notarizing an app containing a web browser
based on webenginewidgets (applies also for the Qt example minibrowser):
1.) Codesigning via
codesign --options=runtime --deep ./minibrowser.app -s "Developer ID Application:
XXX"
works fine but breaks the app: Launching minibrowser afterwards makes the
webprocess crash.
2.) Including the following keys into an entitlements file:
<key>com.apple.security.cs.allow-jit</key><true/>
<key>com.apple.security.cs.disable-library-validation</key><true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
and then signing via
codesign --options=runtime --entitlements ./entitlements.xml --deep ./minibrowser.app -s
"Developer ID Application: XXX"
does not lead to the crash anymore and
codesign --verify --deep --strict --verbose=2 ./minibrowser.app
tells that all is signed just fine, however, when I package the app as a DMG,
load it up to the web, load it down to my desktop and launch it, it tells me
that the developer cannot be verified – so it basically tells that it is not
signed.
The same happens when I only include the first key:
<key>com.apple.security.cs.allow-jit</key><true/>
but here comes the message that the package cannot be opened because it cannot
be checked in terms of malware etc.
Can anyone help with this ?
Thanks a lot in advance,
best
Alex
--
http://www.carot.de
Email : [email protected]
Tel.: +49 (0)177 5719797
_______________________________________________
Interest mailing list
[email protected]
https://lists.qt-project.org/listinfo/interest
_______________________________________________
Interest mailing list
[email protected]
https://lists.qt-project.org/listinfo/interest
_______________________________________________
Interest mailing list
[email protected]
https://lists.qt-project.org/listinfo/interest
