[Pythonmac-SIG] py2app apps codesigned with "--options runtime", i.e. any notorizable app, fails to launch with ctypes error (was Re: [Pyobjc-dev] ctypes MemoryError when attempting to launch notarized app)

Ronald Oussoren ronaldoussoren at mac.com
Sun Oct 28 16:55:31 EDT 2018

> On 28 Oct 2018, at 19:20, Glyph <glyph at twistedmatrix.com> wrote:
>>> Curiously, this is the same traceback that comes from https://forum.kodi.tv/showthread.php?tid=329171 <https://forum.kodi.tv/showthread.php?tid=329171>, which suggests it's something fundamental to strict shared-library sandboxing that ctypes trips over when trying to initialize itself.
>>> Does anyone have experience with this, or ideas about what to do?
>> I’m afraid not. I currently get away with not signing apps at all, although properly supporting signing is on my way too long wish list for py2app.  
> The ability to distribute unsigned apps is not-so-slowly going away; even the ability to distribute non-notarized apps has a very limited shelf-life at this point.  So this ought to be an alarming development for everyone - having Python apps effectively banned from macOS distribution is a big potential problem :-\.

Yup. That’s something that worries me as well, and not just for Python apps.  Not being able to run your own code without paying Apple for the privilege is not something I look forward to.  I’m still hoping that the option to run unsigned code doesn’t go away.

> The good news here is that aside from having to write a little for loop in shell (shown below) getting the app codesigned previously was easy, and my app *did* pass notarization, so nothing that py2app is doing is breaking things on apple's end.  It's just a matter of a ctypes bug.
> As I see it, there's 2 problems here:
> py2app's __boot__.py should fail more gracefully if initializing ctypes doesn't work, since not everybody needs ctypes.  Shall I file this on the tracker?

Yes please.  I’d prefer a solution that doesn’t involve ignoring errors, but that’s probably the easiest fix for now.  What’s the exception you’re getting? Tweaking the code in py2app/bootstrap/ctypes_setup.py to ignore that exception would be trivial. 

> ctypes itself should address whatever eldritch hideousness is causing this; in addition to the windows security layer stuff I found, grsecurity TPE causes the same traceback: https://bugs.python.org/issue28429 <https://bugs.python.org/issue28429>
>> With some luck there’s some entitlement or code signing option that causes this problem.  What is the output of "codesign --display --verbose=4” for the application? Both with and without notarisation? 
> Sorry, my original message was not clear.  App notarization itself is not the problem, it's the "stricter requirements" that I ambiguously referenced.  The requirement in question is the '--options runtime' flag passed to 'codesign'.  So you can just codesign an app (even with an ad-hoc identity, you technically could do this without even having a valid cert, although the way one generates one of those escapes me) with the 'runtime' option, you can reproduce this.
> So if I sign my app like this:
> #!/bin/bash
> find "${NAME}.app" -iname '*.so' -or -iname '*.dylib' |
>     while read libfile; do
>           codesign --sign "${IDENTITY}" \
>                    --deep "${libfile}" \
>                    --force \
>                    --options runtime;
>     done;
> codesign --sign "${IDENTITY}" \
>          --deep "${NAME}.app" \
>          --force \
>          --options runtime;
> and then run it as "./${NAME}.app/Contents/MacOS/${NAME}".  I immediately get the traceback given above.

Great. That should make it easier for me to reproduce the issue. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pythonmac-sig/attachments/20181028/e304a3b0/attachment-0001.html>

More information about the Pythonmac-SIG mailing list