py2app should support sandboxing

Issue #86 new
Ronald Oussoren
repo owner created an issue

Py2app should have options to add sandboxing to an application. This can be done using the codesign(1) utility using entitlments.

Note: I don't know yet how useful sandboxing is without getting the application signed for AppStore distribution.

Note 2: I also don't know if the AppStore will accept application bundles that were signed outside of Xcode.

See also #85

Comments (2)

  1. George Henne

    I'm working on submitting to the App Store using the Application Loader instead of full Xcode. I still have issues (#99), but seem to have gotten past the code signing and sandboxing by doing the following (after p2app creates the .app file):

    # Code signing
    
    codesign --force --verify --verbose \
      --sign "3rd Party Mac Developer Application: NS BASIC Corporation" \
      --entitlements ../AppStudio.entitlements \
      AppStudio.app
    
    codesign --force --verify --verbose \
      --sign "3rd Party Mac Developer Application: NS BASIC Corporation" \
      --entitlements ../AppStudio.entitlements \
      AppStudio.app/Contents/Frameworks/Python.framework/Versions/2.7
    
    codesign --force --verify --verbose \
      --sign "3rd Party Mac Developer Application: NS BASIC Corporation" \
      --entitlements ../AppStudio.entitlements \
      AppStudio.app/Contents/MacOS/python
    
    codesign -vvv -d AppStudio.app
    

    The AppStudio.entitlements file is very simple:

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>   <true/>
    </dict>
    </plist>
    

    After codesigning is done, I make the pkg file:

    # Make the pkg file for the App Store
    
    productbuild \
        --component AppStudio.app /Applications \
        --sign "3rd Party Mac Developer Installer: NS BASIC Corporation" \
         AppStudio.pkg
    
  2. Log in to comment