mac 开发 com.apple.security.application-groups 问题

我在开发 Mac应用完成 后 通过Xcode 上传二进制文件的过程中, 出现了错误, 错误提示: App里面用到的 com.apple.security.application-groups 权限里面 有 group.*** 和 开发者组ID.*** 导致校验失败, 当我单独使用 group.xxx的时候, 我的程序会崩溃 , 因为里面用到了 MachPortRende 进程间通信问题, 这里默认了 开发者组ID.*** 这个路径, 错误详情: 在尝试启动 QuickFox 应用时,程序因权限问题而崩溃。具体的错误信息 bootstrap_check_in 组ID.xxxx.MachPortRendezvousServer.82392: Permission denied (1100) 显示,应用在尝试使用 Mach 端口进行进程间通信时,没有获得足够的权限, 因此 我需要您们的帮助, 如果单独用开发者组ID.*** 我们又没有权限 将数据写入 组ID.xxx里面的文件

Answered by DTS Engineer in 837586022

Sadly, I don’t read Chinese, so I’m working from a machine translation of your post.

I’m not entirely sure what’s going on here but, in general, Mach IPC should be able to work with any service name that’s prefixed by a valid app group ID. Now, the definition of valid app group ID has been in flux recently. I talked about that evolution in App Groups: macOS vs iOS: Working Towards Harmony.

My advice here varies based on whether this is new code or code that you’ve already shipped and need to maintain compatibility with.

For new code, use an iOS-style app group and have that as your Mach service name. For example, group.eskimo1.test with a Mach service name of group.eskimo1.test.my-service. Then make sure that your use of that app group is authorised by a provisioning profile.

For existing code, it depends on whether this Mach IPC is entirely within your product:

  • If this IPC is inside your product — for example, you’re communicating between two subcomponents of the same app — then you can use an iOS-style app group ID, but both subcomponents update at once.

  • On the other if, if this IPC is between different product, or potentially different versions of the same product, then you need to worry about compatibility. What will the other product do if this product changes Mach IPC service name? The answer to that may require you to stick with an macOS-style app group ID.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Sadly, I don’t read Chinese, so I’m working from a machine translation of your post.

I’m not entirely sure what’s going on here but, in general, Mach IPC should be able to work with any service name that’s prefixed by a valid app group ID. Now, the definition of valid app group ID has been in flux recently. I talked about that evolution in App Groups: macOS vs iOS: Working Towards Harmony.

My advice here varies based on whether this is new code or code that you’ve already shipped and need to maintain compatibility with.

For new code, use an iOS-style app group and have that as your Mach service name. For example, group.eskimo1.test with a Mach service name of group.eskimo1.test.my-service. Then make sure that your use of that app group is authorised by a provisioning profile.

For existing code, it depends on whether this Mach IPC is entirely within your product:

  • If this IPC is inside your product — for example, you’re communicating between two subcomponents of the same app — then you can use an iOS-style app group ID, but both subcomponents update at once.

  • On the other if, if this IPC is between different product, or potentially different versions of the same product, then you need to worry about compatibility. What will the other product do if this product changes Mach IPC service name? The answer to that may require you to stick with an macOS-style app group ID.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

mac 开发 com.apple.security.application-groups 问题
 
 
Q