Hi Apple community,
many thanks in advance for your help.
My macOS app embeds a Python interpreter, compiled from source, including the Python executable and its associated libraries. We have tried compiling the project with Xcode 16.0 and 16.1 beta 2 over MacOS Sequoia 15.0 and 15.1. The project is 100% developed in Swift6.
This is how the project looks like:
SampleApp.app
SampleApp.app/Contents
SampleApp.app/Contents/MacOS
SampleApp.app/Contents/MacOS/SampleApp
SampleApp.app/Contents/MacOS/bin
SampleApp.app/Contents/MacOS/bin/python3.11
SampleApp.app/Contents/Resources
SampleApp.app/Contents/Resources/lib
SampleApp.app/Contents/Resources/lib/python3.11
SampleApp.app/Contents/Resources/Info.plist
Since we want to 'initially' distribute the app directly, Python binary is signed as follows:
codesign --deep --force --options runtime --timestamp --sign "$DEVELOPER_ID_APPLICATION" "$BINARY_PATH"
App entitlements contain the next entries:
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
The resulting app is signed with entitlements, notarised and stapled.
Once the app is running, we can see the next errors on Console:
Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={TCCDProcess: identifier=[IDENTIFIER]], pid=58826, auid=502, euid=502, binary_path=[PATH]}, requesting={TCCDProcess: identifier=com.apple.appleeventsd, pid=824, auid=55, euid=55, binary_path=/System/Library/CoreServices/appleeventsd},
Python process runs for some seconds and then the process disappears. We can not see any AMFI message on Console.
Then we add to Signing and Capabilities 'Apple Events' from Hardened Runtime section. The resulting app gets signed, notarised and stapled, but when running we get only the next errors:
error 09:42:32.787744+0200 SampleApp Can't find or decode reasons
error 09:42:32.787832+0200 SampleApp Failed to get or decode unavailable reasons
Just in case it is relevant, this is how the app interacts with Python:
process.executableURL = URL(fileURLWithPath: [PATH_TO_PYTHON_BINARIE])
process.environment = environment
process.arguments = arguments
process.standardOutput = pipe
try process.run()
process.waitUntilExit()
We truly appreciate any guidance, help or advice. Thanks!!
