We recently added keychain-access-group to our macOS app but the app failed to open in big sur (macOS 11). It works fine in Monterey and Ventura. The crash log shows.
Exception Type: EXC_CRASH (Code Signature Invalid) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x1
Here is our entitlement and provision profile
codesign -d --entitlements
<plist version="1.0">
<dict>
<key>com.apple.security.device.audio-input</key><true/><key>com.apple.security.device.camera</key><true/>
<key>keychain-access-groups</key>
<array>
<string>Q76YUSCMX8.com.veevasystems.crmdesktop</string>
</array>
</dict>
</plist>
The provision profile shows
security cms -D -i
<key>ApplicationIdentifierPrefix</key>
<array>
<string>Q76YUSCMX8</string>
</array>
...
<key>Entitlements</key>
<dict>
<key>com.apple.application-identifier</key>
<string>Q76YUSCMX8.com.veevasystems.crmdesktop</string>
<key>keychain-access-groups</key>
<array>
<string>Q76YUSCMX8.*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>Q76YUSCMX8</string>
</dict>
...
<key>TeamIdentifier</key>
<array>
<string>Q76YUSCMX8</string>
</array>
Based on my understanding the provisioning profile should allow share keychain that is prefixed with our team id. Is there anything wrong with our setup? This really puzzles us since everything looks correct. Why it does not work in big sur?
When we remove the keychain-access-groups from the entitlement file (keep the provisioning profile as is) then it is able to open but the feature does not work because we depended on the shared keychain.
Please advice. Thanks