We have send email to Apple support but nobody replies, so we send it here to demand help.
Our company builds up our desktop application XXXX.app, and it runs well under Mac OS 10.15.4 Catalina. We strictly follow the guideline of Nested code from https://developer.apple.com/library/archive/technotes/tn2206/_index.html
Then we buy Apple 99$ program and plan to codesign it to bypass GateKeeper. However, this operation goes into disaster.
We run the codesign one by one following your guide, from inside to outside (NOT --deep).
sudo codesign --force --timestamp --options=runtime -s "${cert}" file/full/path
And check the codesign with
$ codesign -vvv --deep --strict XXXX.app XXXX.app: valid on disk XXXX.app: satisfies its Designated Requirement
But when we run the signed XXXX.app , it crashes with exception (crashReport.txt). Your codesign makes our app crash! You can repro it again and again.
- Run well 2. codesign 3. Run up and crash inmediately!
Crash stack info is below
Thread 0 Crashed: 0   QtWebKit                      	0x00000001121d19ff ***::OSAllocator::reserveAndCommit(unsigned long, ***::OSAllocator::Usage, bool, bool, bool) + 205 1   QtWebKit                      	0x00000001121d1907 ***::OSAllocator::reserveUncommitted(unsigned long, ***::OSAllocator::Usage, bool, bool, bool) + 15 2   QtWebKit                      	0x00000001120641c4 ***::PageReservation::reserveWithGuardPages(unsigned long, ***::OSAllocator::Usage, bool, bool) + 56 3   QtWebKit                      	0x00000001120640f5 JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator() + 103 4   QtWebKit                      	0x0000000112063eac JSC::ExecutableAllocator::initializeAllocator() + 28 5   QtWebKit                      	0x0000000112126376 JSC::initializeThreadingOnce() + 50 6   ???                           	0x00007fff6f2637e5 0 + 140735058163685 7   ???                           	0x00007fff6f258ec7 0 + 140735058120391 8   ???                           	0x00007fff6f263793 0 + 140735058163603 9   QtWebKit                      	0x000000011179df19 WebCore::ScriptController::initializeThreading() + 9 10  QtWebKit                      	0x000000011173be49 WebCore::initializeWebCoreQt() + 30 11  QtWebKit                      	0x00000001117043cf QWebPagePrivate::QWebPagePrivate(QWebPage*) + 213 12  QtWebKit                      	0x000000011170b80d QWebPage::QWebPage(QObject*) + 55 13  QtWebKit.so                   	0x00000001116689df Sbk_QWebPage_Init(_object*, _object*, _object*) + 447 14  ???                           	0x000000010d328681 0 + 4516382337 15  _tsLib1.so                    	0x000000010e8fdfbb __Pyx_PyObject_CallNoArg + 186 (_tsLib1.c:429148) 
From the link below and crash report, we test the entitlements.plist to bypass memory problem, but fail too. https://github.com/pyinstaller/pyinstaller/issues/4629
We use following command line to codesign :
sudo codesign --force --timestamp --options=runtime  --entitlements ./entitlements.plist -s "${cert}"  full/path
Then the app evenly do not run up at all. It shows:
zsh: killed     ./XXXX.app/Contents/MacOS/XXXX
We also test other parameter com.apple.security.cs.allow-jit / com.apple.security.cs.disable-library-validation ( others/entitlements_full.plist ) , nothing changed.
How can we bypass the codesign and make app runnable? Please help us.
Thanks
