-
Notifications
You must be signed in to change notification settings - Fork 15k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Electron broken on OS X in Apple Sandboxed apps (App Store) #3871
Comments
The Electron version was 0.36.1 MAS build. |
On this issue, I've already tested with v0.35.x (mas builds). Though still giving the |
Same here. I'm reverting back to v0.35.x for now. Maybe we need to wait until the upgrade to Chrome 48 over at electron/libchromiumcontent#175 arrives. |
I have the same issue, and I'm using the very latest MAS build (0.37.1). This latest build upgrades to Chromium 49 so I thought it might resolve this, but it doesn't. |
Just tested some of the recent releases of Electron:
|
(cont'd) when signing with only sandbox entitlements for Electron v0.37.1 mas build:
I thought Electron may try to load up remote resources, so then added entitlements (still with sandbox) for network client:
Interesting, the logs about networking disappeared. However, the app still doesn't load properly with something blank as attached. Looks a bit different from #3771. |
Same issue on 0.37.1. Looks like the issue comes from the recent CEF builds: FYI: prepared the two Electron-MAS binaries to reproduce the issue. Electron_v0.35.6-mas.app can be launched while Electron_v0.37.2-mas.app does not work. The only difference between them is MAS version. FYI2: FYI https://github.com/electron-userland/electron-osx-sign/wiki/2.-Electron-Compatibility |
Just tested; the same from Electron v0.37.1 appears in v0.37.2. |
Can confirm this for 0.37.2 |
Seems that the launching issue in v0.37.1's been fixed in v0.37.2. However, v0.37.2 mas seems failing when sandboxed; it freezes with the window showing up. |
Using v0.37.2 with MAS sandbox, I can create new browser windows, but the app freezes after I call browserWindow.loadURL(someURL). There are no errors printed in the console. |
v0.36.2 works perfect after signing, but after signing v0.37.2, the app keeps showing "Not responding" and no window showed up. |
I got the same issue as @fuermosi777. The signed app (v0.37.2) kept not responding while it worked perfect with v0.35.4. Related logs here: https://gist.github.com/luin/33074d4f340aba0cc000 |
Hi, I'm a product manager at JANDI, a business messaging platform from South Korea, which is being used by dozens of thousands active users everyday. We're trying to shift to Electron for our web app but this particular issue is a major road block for us for releasing to MAS. I really wish this issue can be solved in a near future so that we can add my product to the list of Electron-used services. Always appreciating the hard work of the crew. Thanks. |
Hey, just some updates with my testing with v0.37.3: Before sandboxing/codesigning:
After sandboxing/codesigning:
I'm thinking about changing a title for this issue, as rohitfork and iosurfacemgr aren't the real factors causing these issues. 😕 |
same problem, looking forward for fix |
sad thing I need API introduced at |
This is a super important bug for us at Slack, we'll probably have a look at this soon |
For people interested in fixing this, here are some hints:
Related issues in Chromium: |
A possible solution is to force using old system by setting But from the Chromium issue they switched to use XPC because from Yosemite the old implemented is not compatible with the OS and crash happens. |
@sethlu here is debug log https://gist.github.com/tyv/d96a11c5fde73e3966b0014311a3079f |
the main concern is, after I sign app (in different ways without any errors), it is unable to run it. |
@tyv, I think your app is well signed. May you check in the Console as well to see if any error arises when your app launches? Also, I would recommend removing the temporary exception in https://github.com/ubergrape/grape-electron/blob/master/resources/osx/child.plist#L9-L10 before building another testing release. |
@sethlu
|
@sethlu here is full report https://gist.github.com/tyv/347298b455b560ea9721cf8ff09d0fe8 |
and one more
|
@sethlu it looks like it is same as here: electron/osx-sign/issues/59 |
Hi @tyv, apologies for my late reply; I've been away for the past few days. The issue electron/osx-sign#59 I think is slightly different in the way that a critical problem lies on the video en/decoder. (However, I don't know how @jpittner got around the video en/decoder issue... Or just following the conceptual signing flow at https://github.com/sethlu/electron-distribution-guide then everything just naturally resolved.) The app should still launch with |
@the video decoder/encoder stuff went away once the package was properly signed. Right now, I've got it working with MAS build (and can use a development provisioning profile to test it) but am having some trouble getting the developer-id signed version (that is, for non-MAS distribution) to work properly! edit - spoke too soon. That was with prior version (1.2.x) with 1.3.1 I'm now running into problems getting the MAS build to load up on my development machine. |
@tyv I've managed to investigate a bit more over the past few days... Apple sandbox does not allow @jpittner Thanks for the info! I will have a look at the latest MAS builds. |
@sethlu by sockets you also include websocket? |
all this app does is change |
@kof About web socket, from the text
Ref: https://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf |
so maybe it is the web sockets from non-localhost domain? |
@tyv Have you tried to add <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.application-groups</key>
<string>Y8DPE6DGC7.com.ChatGrape</string>
</dict>
</plist> |
I'll try |
I am able to run empty app after sign. |
okay, I found what kills app when it is signed
|
@sethlu it is same with new snippet from the doc |
@tyv does you app work now? |
I removed that code and yes, but yet didn't have time to check whats wrong with that method
|
@tyv A couple of places I think where this issue occurs:
Seems that Electron does open a socket and send out a message checking process singleton... I'm not yet sure how to avoid having the network binding be addressed in sandbox though. |
okay, i see, so if this isn't fixable, probably comment in guide is a good idea. |
or default value should be false, and still comment near the method doc, would be nice |
Why would this not be fixable? It's our code - can you file a separate bug? |
@paulcbetts here you go ^^^ |
Hi,
mas.default.entitlements
mas.inherit.default.entitlements
|
I'm facing this issue, what is the solution? |
🍎 Not sure if this is related to the Chromium itself.
I've been trying and successfully packed and signed my app, but still there are logs in console like:
The following extract from my entitlements doesn't seem work work. I guess that Wildcards may not be accepted; however, the * bits keep changing every time I execute the application.
May there be any fixes on this in future releases?
P.S.: I've found that the sandboxed app runs much slower and has some issues (like jittering graphics, the best way I could describe it). Again, I guess it is related to the denials from sandboxing.
Thanks!
The text was updated successfully, but these errors were encountered: