tauri icon indicating copy to clipboard operation
tauri copied to clipboard
verified publisher icon tauri-apps

feat(cli): add macos hardened runtime signing config option

Open thewh1teagle opened this issue 2 years ago • 1 comments

In macOS, when building dmg with ad-hoc signature, and the app depends on Frameworks (dynamic shared libraries, dylib files), they won't load and the app will crash with error message box.

I found that if we disable signing flag in macOS bundler passed from tauri-cli, it won't crash. the flag which passed is --option runtime in tooling/bundler/src/bundle/macos/sign.rs#L210

crash log 
Termination Reason:    Namespace DYLD, Code 1 Library missing
Library not loaded: @rpath/libavcodec.60.dylib
Referenced from: <D007FD2C-8AD0-336A-944D-C186621D1CEF> /Volumes/VOLUME/vibe.app/Contents/MacOS/vibe
Reason: tried: '/Volumes/vibe/vibe.app/Contents/Frameworks/libavcodec.60.dylib' (code signature in <BEFA8967-6321-3361-9151-FF5EE424F751> '/Volumes/vibe/vibe.app/Contents/Frameworks/libavcodec.60.dylib' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs), '/Volumes/vibe/vibe.app/Contents/Frameworks/libavcodec.60.dylib' (code signature in <BEFA8967-6321-3361-9151-FF5EE424F751> '/Volumes/vibe/vibe.app/Contents/Frameworks/libavcodec.60.dylib' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs)
(terminated at launch; ignore backtrace)
man codesign 
     -o, --options flag,...
             During signing, specifies a set of option flags to be embedded in
             the code signature. The value takes the form of a comma-separated
             list of names (with no spaces). Alternatively, a numeric value
             can be used to directly specify the option mask (CodeDirectory
             flag word). See OPTION FLAGS below.

Flags:
             runtime              Preserve the hardened runtime version (-o
                                  runtime flag, --runtime-version option)
                                  instead of overriding or deriving the
                                  version.

This PR introduce a way to control the flag through tauri.conf.json:

  "bundle": {
    "macOS": {
      "signingIdentity": "-",
      "hardenedRuntime": false
    }
  }

I believe that macOS bundling process needs to be much more flexible. Currently I have no other option to control the final signing of the app, and tauri enforce this runtime flag, as a result the final binary can't run and I can't publish it for macOS (arm).

meanwhile for testing the app, it's possible to resign it:

codesign --force --deep -s "-" /Applications/vibe.app
hdiutil create -format UDZO -srcfolder some_app.app signed.dmg

thewh1teagle avatar Mar 31 '24 21:03 thewh1teagle

Just a gentle reminder: I'm currently unable to test my app build locally due to the damaged dmg release caused by the default hardened option. It's impacting my development process. Any chance we could prioritize merging the PR? Appreciate your attention to this matter!

thewh1teagle avatar May 15 '24 12:05 thewh1teagle

Thanks for the review : - ) Edited as suggested

thewh1teagle avatar Jun 05 '24 16:06 thewh1teagle