Can't execute shell script commands in sandboxed cocoa app
Question
I developed a cocoa application that builds, archives and creates iOS application files. Now I want to release it to Mac App Store. My app runs correctly, but not in sandbox mode. App structure is as following:
MyApp.app
|_Contents
|_Resources
|_BuildTask.command
The first thing I've done is to get permission to execute "BuildTask.command".
NSTask *permissionTask = [[NSTask alloc] init]; permissionTask.launchPath = @"/bin/bash"; permissionTask.arguments = @[@"-c", [NSString stringWithFormat:@"chmod +x %@", pathToBuildTask], @"run"]; [permissionTask launch]; [permissionTask waitUntilExit];
Otherwise, BuildTask produces an error:
Problem Running Task: launch path not accessible
After executing the permission task, I execute my BuildTask.command file with NSTask that includes xcodebuild commands in it.
NSString *path = [NSString stringWithFormat:@"%@", [[NSBundle mainBundle] pathForResource:@"BuildTask" ofType:@"command"]]; task.launchPath = path; task.arguments = scriptArguments; [task launch]; [task waitUntilExit];
Everything is OK when App Sandbox is off in Capabilities. When I enable App Sandbox for Mac App Store, permission task gives error:
chmod: Unable to change file mode on .../MyApp.app/Contents/Resources/BuildTask.command: Operation not permitted
When I execute chmod on BuildTask.command manually, defaults write commands and xcodebuild commands in BuildTask.command give errors like:
defaults[2264:70400] Could not write domain .../SampleApp/SampleApp/SampleApp-Info.plist; exiting
xcodebuild[2410] (FSEvents.framework) FSEventStreamCreate: _FSEventStreamCreate: ERROR: watch_path() failed for '/'
xcodebuild[2410] (FSEvents.framework) FSEventStreamCopyPathsBeingWatched(): failed assertion 'streamRef != NULL'
../MyApp.app/Contents/Resources/BuildTask.command: line 65: 2410 Segmentation fault: 11 xcodebuild -scheme "${SCHEME}" clean build CODE_SIGN_IDENTITY="${SIGNING_IDENTITY}" "${BUILD_ARGUMENT}" "${WORKSPACE_OR_PROJECT}"
So, have I any chance to release this tool to Mac App Store?
Any help would really appreciated.
1 answers
solution1
2 ACCPTED 2016-01-17 23:49:25
Probably not what you want to hear:
- The first thing I've done is to get permission to execute "BuildTask.command".
You have two problems here. First if you wish to change the permissions on a file from within an app you should be using framework or system calls to do so directly, not calling NSTask to execute a shell which in turn executes a command which calls those framework or system calls...
Second you should not be trying to change the contents of your application bundle from within the application. If you need a file in your application bundle to have execute permission then set it when you build the app. You can do that with a build phase in Xcode.
So, have I any chance to release this tool to Mac App Store?
Little or none.
Xcode itself is not a sandboxed application and the error messages you are getting indicate that it is trying to do operations which violate the sandbox it has inherited from your app.
HTH
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.