You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 31, 2023. It is now read-only.
Right now if a binary needs restricted entitlements then a host should have provisioning profile installed or the "app" should embed it. Otherwise error like the following will occur and macOS will kill the binary:
taskgated-helper Disallowing tart because no eligible provisioning profiles found
mac_vnode_check_signature: tart: code signature validation failed fatally: When validating tart:
Code has restricted entitlements, but the validation of its code signature failed.
Some macOS products, like daemons and command-line tools, ship as a standalone executable. A standalone executable can’t claim a restricted entitlement because there’s no place to embed the provisioning profile that authorizes that claim. If your standalone executable needs to do this, wrap it in an app-like structure. For an example of this, see Signing a Daemon with a Restricted Entitlement.
If your standalone executable needs to do this, wrap it in an app-like structure. part is very concerning for just distributing binaries.
I haven't yet figured out how to embed provisioning profile with a binary so decided to create this issue/feature request to surface the use case and see if someone experienced it.
The text was updated successfully, but these errors were encountered:
Right now if a binary needs restricted entitlements then a host should have provisioning profile installed or the "app" should embed it. Otherwise error like the following will occur and macOS will kill the binary:
I found this piece of documentation:
If your standalone executable needs to do this, wrap it in an app-like structure.
part is very concerning for just distributing binaries.I haven't yet figured out how to embed provisioning profile with a binary so decided to create this issue/feature request to surface the use case and see if someone experienced it.
The text was updated successfully, but these errors were encountered: