Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-116565

Cannot sign a WebEngine-based application with Qt 6.5.2 (but OK with Qt 6.4.3, 6.3.2, 5.15.2)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Invalid
    • P2: Important
    • None
    • 6.5.2
    • WebEngine
    • None
    • macOS
    • ea52b98ec (dev), 79608ad27 (6.6), 919dceb72 (6.5)

    Description

      I'm trying to sign my application which embed the WebEngine library.

       

      The following instructions are working with Qt 5.15.2, Qt 6.3.2 and Qt 6.4.3, but not with Qt 6.5.2

       

       

      sudo codesign --force --deep -o runtime --timestamp --entitlements <path_to_entitlements>/Entitlements.plist --verbose=4 -s <identity> --digest-algorithm=sha1,sha256 MyApp.app

sudo codesign --force --deep -o runtime --timestamp --entitlements <path_to_entitlements>/WebEngineEntitlements.plist --verbose=4 -s <identity> --digest-algorithm=sha1,sha256 MyApp.app/Contents/Frameworks/QtWebEngineCore.framework/Helpers/QtWebEngineProcess.app/Contents/MacOS/QtWebEngineProcess"

       

       

      Here's what the entitlements contain :

      MyApp entitlements

       

      <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.automation.apple-events</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
    <key>com.apple.security.device.audio-input</key>
    <true/>
    <key>com.apple.security.device.camera</key>
    <true/>
</dict>
</plist>

       

       

      WebEngine entitlements

       

      <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.disable-executable-page-protection</key>
    <true/>
</dict>
</plist>

       

      With Qt 6.5.2, codesign itself is executed correctly, and doesn't return anything special compared to when app is built with previously cited version of Qt.

      If I run the app before signing my Qt-6.5.2-based app , the WebEngine is running correctly, but after signing, it cannot even render a single page (Render process exited with code: 5. Do you want reload the page ?)

      I tried multiple things proposed on this Qt Forum thread, without especially understanding why it would work, and it didn't.

       

       

       

       

      Attachments

        For Gerrit Dashboard: QTBUG-116565
        # Subject Branch Project Status CR V
        500663,3 Mention the need to use entitlements for QtWebEngineProcess on macOS dev qt/qtwebengine Status: MERGED +2 0
        514345,2 Mention the need to use entitlements for QtWebEngineProcess on macOS 6.6 qt/qtwebengine Status: MERGED +2 0
        514355,2 Mention the need to use entitlements for QtWebEngineProcess on macOS 6.5 qt/qtwebengine Status: MERGED +2 0

        Activity

          People

            qt_webengine_team Qt WebEngine Team
            kamui kamui
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes