While attempting to migrate a dmg-installed app to Apple store, there are several command line tools that I need to test whether it runs in sandbox mode without issue. So what I did was copy the binary, strip its codesign, then codesign with the com.apple.security.app-sandbox entitlement. However the final signed executable crashes with illegal hardware instruction. So I then decided to try the same thing on a hello world binary. These are the steps:
#include <iostream>
int main() {
std::cout << "hello,world\n";
return 0;
}
clang++ -std=c++20 -O2 -o hello main.cpp<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
codesign --sign <identity> --timestamp --options runtime --entitlements entitlements.plist hello./helloStill results in illegal hardware instruction. What could've gone wrong? I don't think I've missed anything.
BTW this is on an intel mac, so its not due to architecture issues that arm macs may face.
Edit: MacOS 15.6
Turns out you need an Info.plist with CFBundleIdentifier key (this is the only key required),
then
clang++ -std=c++20 -O2 -o hello -sectcreate __TEXT __info_plist Info.plist main.cpp
Otherwise you'll need an app bundle if you're not embedding Info.plist into your binary.