osx-sign: Unable to write file even with right entitlement option.

Here is my parent.plist file contents:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <string>GROUP.STRINGHERE</string>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
  </dict>
</plist>

Here is my child.plist file

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

My signing command:

electron-osx-sign \"XXXX-mas-x64/XXXX.app\" --verbose --identity=\"****\" --entitlements=./entitlements/parent.plist --entitlements-inherit=./entitlements/child.plist --platform=mas --version=1.0.2 --provisioning-profile=./XXXXX.provisionprofile --type=development

Error that I am getting:

deny file-write-create App doesn’t have permission to write file.

The file is being saved from a user dialog, they select location and file if written to that location.

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 18 (7 by maintainers)

Most upvoted comments

@trigun539 I have found the problem. It has nothing to do with electron-osx-sign, however, it’s caused through jetpack-fs. Jetpack has an atomic mode to save files securely, but this creates a new temporary file. The sandbox doesn’t allow to create this file. I will add an issue to the jetpack repo.

+2
biering on Sep 8, 2017

@chryb the problem is that you depend on the user to “add” the extension themselves. If they don’t add it while in the save popup, then you only have access to “sample” not “sample.md”. I kept trying to add the extension programatically and failed because I didn’t have access.

+2
trigun539 on Sep 1, 2017

It turned out to that I was adding the file extension to the filename given by the user. So, it would fail since I didn’t have permissions to the path-to-file[ext]. I do get the right permissions to path-to-file piece. Sorry about the trouble. Thanks @sethlu

+1
trigun539 on Jul 29, 2017

@sethlu I am in the process of re-creating and isolating the issue. Will let you know if I run into the issue again.

+1
trigun539 on Jul 18, 2017
Read more comments on GitHub
← osx-sign: Signed app should allow JIT on correct helpers to not crash
electron-react-boilerplate: After merged 0.18.0 and run 'yarn dev',the app not start.  →