Dotnet app for MacOs built with NetVips crashes in sandbox

[lanyusan]

Hi,

I am integrating NetVips to a dotnet app and is now bundling it for publishing in MacOs App Store.

I have found out that desktop app can run well on MacOS with sandbox disabled.

However as apple requires any app that is to be distributed through App Store must be ran in sandbox, I signed the dotnet app with sandbox enabled. Then the app crashed.

I have created a minimal dotnet app. When it is compiled with NetVips, even without actually using NetVips, it crashes in sandbox, while when compiled without netvips, it works in sandbox.

Here is the apple's sandbox environment documentation:

https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html#//apple_ref/doc/uid/TP40011183-CH1-SW1

Here is the crash message:

Exception Type:        EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid))
Exception Codes:       UNKNOWN_0x32 at 0x000000010b10f000
Exception Codes:       0x0000000000000032, 0x000000010b10f000

Termination Reason:    Namespace CODESIGNING, Code 2 Invalid Page

VM Region Info: 0x10b10f000 is in 0x10b10f000-0x10b132000;  bytes after start: 0  bytes before end: 143359
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      Rosetta Generic             10b10e000-10b10f000    [    4K] rw-/rwx SM=PRV  
--->  mapped file                 10b10f000-10b132000    [  140K] r--/rwx SM=COW  ...t_id=fffb1eb3
      GAP OF 0xf77e7000 BYTES
      __TEXT                      202919000-2029b1000    [  608K] r-x/r-x SM=COW  /usr/lib/dyld

Thread 0 Crashed:
0   <translation info unavailable>	       0x102bd6874 ???
1   <translation info unavailable>	       0x102bd5f0c ???
2   dyld                          	       0x20293b600 invocation function for block in dyld4::JustInTimeLoader::makeJustInTimeLoaderDisk(Diagnostics&, dyld4::RuntimeState&, char const*, dyld4::Loader::LoadOptions const&, bool, unsigned int, mach_o::Layout const*) + 85

NetVips is a vital part of the app. Anyidea why it happens and how to fix it?

[kleisauke]

Sounds like the same issue mentioned in https://gitlab.freedesktop.org/gstreamer/orc/-/issues/30, which was fixed within liborc 0.4.33. Note that I currently lack access to macOS-based systems, so I cannot reproduce this.

Are you able to test the macOS binaries at https://github.com/kleisauke/libvips-packaging/releases/tag/v8.13.3? Unfortunately, due to lovell/sharp#3438, these binaries were not distributed on NuGet.

[lanyusan]

After some research, I think it might not be NetVips problem but an incompatibility of dotnet bundle for sandbox environment.

According to this document:

https://developer.apple.com/library/archive/technotes/tn2206/_index.html

Location	Description
Contents	Top content directory of the bundle
Contents/MacOS	Helper apps and tools
Contents/Frameworks	Frameworks, dylibs
Contents/PlugIns	Plug-ins, both loadable and Extensions
Contents/XPCServices	XPC services
Contents/Helpers	Helper apps and tools
Contents/Library/Automator	Automator actions
Contents/Library/Spotlight	Spotlight importers
Contents/Library/LoginItems	Installable login items
Contents/Library/LaunchServices	Privileged helper tools installed by the ServiceManagement framework

Standard dotnet publishing won't work in sandbox. Avalonia app must be published as a single file but right now there is a bug that stops target net6.0-macos from being bundled as a single file.

This has to wait for dotnet team to fix the bug.

[kleisauke]

Possibly cross-posted at AvaloniaUI/Avalonia#9764 (similar stack trace) and tracked within the following dotnet/runtime discussions/issues:
dotnet/runtime#79948
dotnet/runtime#79947
dotnet/runtime#79965
dotnet/runtime#80016

I'll close this issue for now, please feel free to re-open if this problem is related to NetVips.