Forum Xamarin Xamarin.Mac

Notarize Xamarin MAC application

RoshilRoshil USMember ✭✭

We have an existing MAC application developed using Xamarin.MAC and we are distributing the DMG file for the application to user. when we open the application in catalina OS, it is showing some securtiy exceptions. So we found that we need to notarize the application before distributing it to users.We are code signing the application using "application Developer ID". So before apply the application for notarization ,we tried to add true in the release section of the .cs project. Then application is not running in the Release mode when we make the UseHardenedRuntime key and EnableCodeSigning key to true.
Can any one know why the applicaiton is not running when we set true to both UseHardenedRuntime and EnableCodeSigning key?

Is there any other ways to set UseHardenedRuntime in Xamarin application?

Answers

  • ChrisHamonsChrisHamons USForum Administrator, Xamarin Team Xamurai

    I would look into the crash logs for your application for details on why it isn't working.

    You can generally find those in the "Console" application in one of the Reports folders.

  • GraycodderGraycodder Member ✭✭
    edited October 2019

    I too face the same issue I get the crash log like this

    Process: Sample [6952]
    Path: /Applications/WBidMax.app/Contents/MacOS/WBidMax
    Identifier: com.xx.xxxx
    Version: 6.49.2.0 (1)
    Code Type: X86-64 (Native)
    Parent Process: ??? [1]
    Responsible: XXXXX [6952]
    User ID: 501

    Date/Time: 2019-10-18 13:02:25.128 +0530
    OS Version: Mac OS X 10.15 (19A602)
    Report Version: 12
    Bridge OS Version: 4.0 (17P572)
    Anonymous UUID: 8F80B35C-7FCB-E1B1-1E8B-E514CDB240EF

    Sleep/Wake UUID: 47F734ED-3E41-4E29-9A85-85CCF9DECB97

    Time Awake Since Boot: 9500 seconds
    Time Since Wake: 4100 seconds

    System Integrity Protection: enabled

    Crashed Thread: 0 Dispatch queue: com.apple.main-thread

    Exception Type: EXC_BAD_ACCESS (SIGSEGV)
    Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
    Exception Note: EXC_CORPSE_NOTIFY

    Termination Signal: Segmentation fault: 11
    Termination Reason: Namespace SIGNAL, Code 0xb
    Terminating Process: exc handler [6952]

  • JohnConnersJohnConners GBMember ✭✭

    What hardened runtime entitlements have you enabled as detailed here?

    https://developer.apple.com/documentation/security/hardened_runtime_entitlements

    You definitely need com.apple.security.cs.allow-jit for a Xamarin.Mac application. One thing I noticed is that libmono-native.dylib (included in MonoBundle) is signed by Xamarin. If you don't re-sign that with your own cert then you'll need to add com.apple.security.cs.disable-library-validation too.

    In addition on my app I've added com.apple.security.cs.allow-dyld-environment-variables which seems to be required when using SQLite. Simplest option is to add all of them to your entitlements and if that works, remove them one at a time to find out the ones you really need.

    Note that if you include third party frameworks like Sparkle, you'll need to re-sign them with --options runtime yourself, but when you submit it to Apple's notarization service you'll be told if you need to do that should it fail.

  • ClodoClodo ITMember ✭✭
    edited June 6

    My situation:

    macOS: 10.15.5 (Catalina, latest updates)
    XCode: 11.5 (latest)
    Visual Studio for Mac: 8.6.2 (build 6) (latest)
    Xamarin.Mac: 6.18.2.1 (Visual Studio Community) Branch d16-6 (latest)
    ... a macOS installed yesterday for test/ensure this issue.

    A Xamarin.Mac (Cocoa) project, Release config of course
    Project -> Options -> Mac Signing -> Sign the application bundle (checked), with right identity
    Project -> Options -> Mac Signing -> Enable Hardened Runtime (checked)
    Project -> Options -> Mac Signing -> Custom entitlements: Entitlements.plist
    Entitlements.plist ->

    1- If i click Build, every time throw "code object is not signed at all". Rebuild or Cleanup before works without error, every time.

    2- If i do a Cleanup and directly a "Run without debugger", crash.
    file

    3- If i decheck "Sign the application", Cleanup and directly a "Run without debugger", works perfectly.

    4- I honestly never used the built-in Xamarin/VS sign options,
    i have an automated .sh build script that perform the compilation (msbuild) and invoke "codesign":
    4.1- "codesign -d --deep -v --force --sign "" Eddie.app/Contents/MacOS/Eddie
    works perfectly, signed, but notarization say it's not hardened.
    4.2- The same command above with an added "--options=runtime", result signed, notarization return "Accepted", but when i run the application throw a Segmentation fault.

    Any suggestion?
    I'm groping in the dark... eventually, there is any paid support (i can give a TeamViewer access) to direct help?


    EDIT:
    it seem don't exists this issues if i create a new Cocoa app.
    My app was builded many years ago (still with Xamarin Studio), and upgraded with years of Xamarin.
    I will try to migrate any sources to a clean project, and compare any option to identify better what cause the issue.

  • ClodoClodo ITMember ✭✭

    I resolved my issue. If help someone, codesign (that i call manually in post-build action, because i need to alter the bundle after) must be called with "--options=runtime" but also with "--entitlements= (that must contain the com.apple.security.cs.allow-jit entry = true>.

Sign In or Register to comment.