Notarization and sandboxing of X11 based applications
Notarization and sandboxing of X11 based applications
- Subject: Notarization and sandboxing of X11 based applications
- From: filhol via X11-users <email@hidden>
- Date: Sat, 4 Jul 2020 00:26:26 +0200
I take the opportunity of this discussion about the 64-bits X11 library to ask
a question about notarisation/sandboxing of X11 based applications.
I successfully signed, hardened and notarized Fortran applications (*) with
Winteracter GUI (OpenMotif + X11).
One of the tricks is the following:
<key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
<array>
<string>/opt/X11/</string>
</array>
However I failed sandboxing them since the above is ignored when the following
is added to the entitlement file
<key>com.apple.security.app-sandbox</key>
<true/>
Gatekeeper complains:
"mapping process and mapped file (non-platform) have different Team IDs"
Yes the Team ID of XQuartz is different from mine but Apple says that the above
exception is specially designed to address that case.
It works with notarization only but the exception is ignored if sandboxing is
on.
Any suggestion ?
(*) in fact the bundle contains C, Fortran, Cocoa, shell script and Applescript
executables
—————————————
Dr. Alain Filhol (Computer scientist)
Institut Laue-Langevin
EPN Campus, CS 20156, 71 ave des Martyrs, F-38042 Grenoble cedex 9
<email@hidden>, Office: ILL19-206
Tel:+33 4.76.20.71.56, Fax: +33 4.76.20.76.48
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden