OS X Sandboxing with bmk(ng) - WIP
BlitzMax Forums/Brucey's Modules/OS X Sandboxing with bmk(ng) - WIP
| ||
| Currently looking at some changes for my bmk replacement which lets you set up your application for sandboxing on OS X as part of the build process. Changes include the addition of a pre-build script (pre.bmk) useful for things like customising the info.plist file, and the option of embedding the info.plist file directly in your binary (more useful for non-gui apps that you want to codesign, but don't have an application bundle) Not sure how the spctl program is meant to work, as it seems to reject even my XCode applications, but the codesign program reports all the signing is in the binary after the build process. Note how, for example, when the app is sandboxed the actual Documents folder returned by BaH.Volumes, (automagically) becomes a special sandboxed version : /Users/brucey/Library/Containers/net.brucey.blitzmax.sandboxtest/Data/Documents Which is why it is better to use the APIs than to try to hard-code paths yourself ;-) You can also add entitlements to gain yourself access to different parts of the system, depending on what your software needs. This is accomplished via another plist file which is applied again as part of the build process (should you need it). I'm still ironing out the bugs... |
   |