locked
Notarize Xamarin MAC application RRS feed

  • Question

  • User35274 posted

    We have an existing MAC application developed using Xamarin.MAC and we are distributing the DMG file for the application to user. when we open the application in catalina OS, it is showing some securtiy exceptions. So we found that we need to notarize the application before distributing it to users.We are code signing the application using "application Developer ID". So before apply the application for notarization ,we tried to add true in the release section of the .cs project. Then application is not running in the Release mode when we make the UseHardenedRuntime key and EnableCodeSigning key to true. Can any one know why the applicaiton is not running when we set true to both UseHardenedRuntime and EnableCodeSigning key?

    Is there any other ways to set UseHardenedRuntime in Xamarin application?

    Friday, October 18, 2019 4:40 PM

All replies

  • User35201 posted

    I would look into the crash logs for your application for details on why it isn't working.

    You can generally find those in the "Console" application in one of the Reports folders.

    Friday, October 18, 2019 9:54 PM
  • User389837 posted

    I too face the same issue I get the crash log like this

    Process: Sample [6952] Path: /Applications/WBidMax.app/Contents/MacOS/WBidMax Identifier: com.xx.xxxx Version: 6.49.2.0 (1) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: XXXXX [6952] User ID: 501

    Date/Time: 2019-10-18 13:02:25.128 +0530 OS Version: Mac OS X 10.15 (19A602) Report Version: 12 Bridge OS Version: 4.0 (17P572) Anonymous UUID: 8F80B35C-7FCB-E1B1-1E8B-E514CDB240EF

    Sleep/Wake UUID: 47F734ED-3E41-4E29-9A85-85CCF9DECB97

    Time Awake Since Boot: 9500 seconds Time Since Wake: 4100 seconds

    System Integrity Protection: enabled

    Crashed Thread: 0 Dispatch queue: com.apple.main-thread

    Exception Type: EXCBADACCESS (SIGSEGV) Exception Codes: KERNINVALIDADDRESS at 0x0000000000000000 Exception Note: EXCCORPSENOTIFY

    Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [6952]

    Saturday, October 19, 2019 10:09 AM
  • User52795 posted

    What hardened runtime entitlements have you enabled as detailed here?

    https://developer.apple.com/documentation/security/hardenedruntimeentitlements

    You definitely need com.apple.security.cs.allow-jit for a Xamarin.Mac application. One thing I noticed is that libmono-native.dylib (included in MonoBundle) is signed by Xamarin. If you don't re-sign that with your own cert then you'll need to add com.apple.security.cs.disable-library-validation too.

    In addition on my app I've added com.apple.security.cs.allow-dyld-environment-variables which seems to be required when using SQLite. Simplest option is to add all of them to your entitlements and if that works, remove them one at a time to find out the ones you really need.

    Note that if you include third party frameworks like Sparkle, you'll need to re-sign them with --options runtime yourself, but when you submit it to Apple's notarization service you'll be told if you need to do that should it fail.

    Saturday, October 19, 2019 12:53 PM
  • User53707 posted

    My situation:

    macOS: 10.15.5 (Catalina, latest updates) XCode: 11.5 (latest) Visual Studio for Mac: 8.6.2 (build 6) (latest) Xamarin.Mac: 6.18.2.1 (Visual Studio Community) Branch d16-6 (latest) ... a macOS installed yesterday for test/ensure this issue.

    A Xamarin.Mac (Cocoa) project, Release config of course Project -> Options -> Mac Signing -> Sign the application bundle (checked), with right identity Project -> Options -> Mac Signing -> Enable Hardened Runtime (checked) Project -> Options -> Mac Signing -> Custom entitlements: Entitlements.plist Entitlements.plist ->

    1- If i click Build, every time throw "code object is not signed at all". Rebuild or Cleanup before works without error, every time.

    2- If i do a Cleanup and directly a "Run without debugger", crash. file

    3- If i decheck "Sign the application", Cleanup and directly a "Run without debugger", works perfectly.

    4- I honestly never used the built-in Xamarin/VS sign options, i have an automated .sh build script that perform the compilation (msbuild) and invoke "codesign": 4.1- "codesign -d --deep -v --force --sign "" Eddie.app/Contents/MacOS/Eddie works perfectly, signed, but notarization say it's not hardened. 4.2- The same command above with an added "--options=runtime", result signed, notarization return "Accepted", but when i run the application throw a Segmentation fault.

    Any suggestion? I'm groping in the dark... eventually, there is any paid support (i can give a TeamViewer access) to direct help?


    EDIT: it seem don't exists this issues if i create a new Cocoa app. My app was builded many years ago (still with Xamarin Studio), and upgraded with years of Xamarin. I will try to migrate any sources to a clean project, and compare any option to identify better what cause the issue.

    Saturday, June 6, 2020 9:48 AM
  • User53707 posted

    I resolved my issue. If help someone, codesign (that i call manually in post-build action, because i need to alter the bundle after) must be called with "--options=runtime" but also with "--entitlements= (that must contain the com.apple.security.cs.allow-jit entry = true>.

    Saturday, June 6, 2020 4:11 PM
  • User398132 posted

    @JohnConners said: What hardened runtime entitlements have you enabled as detailed here?

    https://developer.apple.com/documentation/security/hardenedruntimeentitlements

    You definitely need com.apple.security.cs.allow-jit for a Xamarin.Mac application. One thing I noticed is that libmono-native.dylib (included in MonoBundle) is signed by Xamarin. If you don't re-sign that with your own cert then you'll need to add com.apple.security.cs.disable-library-validation too.

    In addition on my app I've added com.apple.security.cs.allow-dyld-environment-variables which seems to be required when using SQLite. Simplest option is to add all of them to your entitlements and if that works, remove them one at a time to find out the ones you really need.

    Note that if you include third party frameworks like Sparkle, you'll need to re-sign them with --options runtime yourself, but when you submit it to Apple's notarization service you'll be told if you need to do that should it fail.

    I'm trying to build a release build of my App which uses a SQLite DB within latest Xamarin.Forms 4.8.*. I have the entitles you mention and everything builds find, but at runtime there's a DLL not found exception when the SQLConnection is created. Other than the entitlements above, are any other incantations required for this work?? Could you possibly post your entitles or the relevant bits perhaps?

    Monday, February 8, 2021 2:56 PM
  • User52795 posted

    @CartBlanche I don't use Xamarin.Forms in my app but looking at my project I can't see anything interesting other than what I've mentioned before. I'm referencing the 2.0.5 version of Mono.Data.Sqlite if that's any help. Are you getting the DLL not found exception before or after notarising the app? Also have you figured out what DLL it can't find?

    Tuesday, February 9, 2021 10:22 AM