FileKit icon indicating copy to clipboard operation
FileKit copied to clipboard
verified publisher icon vinceglb

JNA issue on MacOS after publishing to TestFlight

Open bartwell opened this issue 1 year ago • 6 comments

Hello,

Thank you for so useful library.

I've faced with issue on MacOS, presumably after update of MacOS and xCode. It's shows an JNA error and then crashes. Here is the text of error:

/Users/user/Library/Containers/com.site.myapp/Data/tmp/jna9436987196270821361.tmp: dlopen(/Users/user/Library/Containers/com.site.myapp/Data/tmp/jna9436987196270821361.tmp, 0x0001): tried:
/Users/user/Library/Containers/com.site.myapp/Data/tmp/jna9436987196270821361.tmp (code signature in <BEFEF0FB-C7C5-305A-8B79-ED4851A90E7F> '/Users/user/Library/Containers/com.site.myapp/Data/tmp/jna9436987196270821361.tmp' not valid for use in process: library load disallowed by system policy),
/System/Volumes/Preboot/Cryptexes/OS/Users/user/Library/Containers/com.site.myapp/Data/tmp/jna9436987196270821361.tmp (no such file),
'/Users/user/Library/Containers/com.site.myapp/Data/tmp/jna9436987196270821361.tmp' not valid for use in process: library load disallowed by system policy

Here is a sample code:

    val result = remember { mutableStateOf(listOf<Path>()) }
    Text(text = result.value.joinToString("\n"))

    val directoryLauncher = rememberDirectoryPickerLauncher(title = Strings.current.app_name) { directory ->
        directory?.file?.absolutePath?.let { result.value = listOf(Path(it)) }
    }
    Button(
        onClick = {
            directoryLauncher.launch()
        },
    ) {
        Text(text = "Open")
    }

Library version 0.8.7.

Could you please help with this issue?

Thank you.

bartwell avatar Nov 21 '24 15:11 bartwell

Hello @bartwell! Thank you for your feedback!

I'm trying to reproduce your issue.

  • What is your macOS and Xcode version?
  • Does the sample-compose work on your device?

vinceglb avatar Nov 21 '24 21:11 vinceglb

@vinceglb, sorry for not mentioning the key detail earlier: this issue occurs only in sandbox mode after publishing to TestFlight, so I can't reproduce it in the sample application. I am using macOS Sequoia 15.1 (24B83) and Xcode 16.1 (16B40).

bartwell avatar Nov 21 '24 21:11 bartwell

Thank you for the information. Interesting 🤔

The bad news here is I don't have anymore an Apple Developer subscription to test the behavior.

I found this thread that can help us fix the problem: https://groups.google.com/g/jna-users/c/Bws1h060faA

vinceglb avatar Nov 22 '24 12:11 vinceglb

Thank you for the link. It seems like the solution might be:

System.setProperty("jna.nounpack", "true");
System.setProperty("jna.boot.library.path", "<path to native libs>");

However, could you clarify what path should be specified here? As far as I can tell, the directories inside /Applications/MyApp.app/Contents/ are writable only by root.

bartwell avatar Nov 22 '24 14:11 bartwell

I just came across the same issue and managed to solve it. The issue is due to sandboxing, there is a good article here: https://www.marcogomiero.com/posts/2024/compose-macos-app-store/

In this case, we need to place libjnidispatch.jnilib to our resources to make it "trusted" during runtime. Here is what I had to:

  1. Check jna version that FileKit uses in libs.versions.toml. Currently thats 5.17.0.
  2. Download the jna-5.17.0.jar from Github: https://github.com/java-native-access/jna?tab=readme-ov-file#jna
  3. Unzip jar locally. I used unzip jna-5.17.0.jar
  4. Get the libjnidispatch.jnilib from /com/sun/jna/darwin-aarch64/libjnidispatch.jnilib. Note: I only need to suport ARM, if you need darwin-x86-64, there is another library for that in there aswell.
  5. You need to sign this file with your 3rd Party Mac Developer Application certificate and your runtimeEntitlements.

Your Runtime entitlements the ones set in nativeDistributions.macOS.runtimeEntitlementsFile. For more info, check the docs.

nativeDistributions {
    ...
    macOS {
        ...
        runtimeEntitlementsFile.set(project.file("runtime-entitlements.plist"))
    }
}

With that info, you can run the following script to sign libjnidispatch.jnilib. Remember to exchange the *** with your actual certificate.

codesign -f -s "3rd Party Mac Developer Application: *** (***)" \
         --entitlements runtime-entitlements.plist \
         --timestamp --options runtime \
         libjnidispatch.jnilib
  1. We can now place our signed file in a appResource directory that we can define. First we can define it in nativeDistributions like such. If your folder is called composeApp this will reference to composeApp/resources.
nativeDistributions {
    ...
    appResourcesRootDir.set(project.layout.projectDirectory.dir("resources"))
}

In this resources folder, we can place resources for different architectures. In our case, we want the file to be in macos-arm64. Therefore we can finally copy libjnidispatch.jnilib to composeApp/resources/macos-arm64/libjnidispatch.jnilib.

  1. Lastly, whenever our app is sandboxed (e.g. run from Testflight, App Store etc.) we need to use this version of the library. We can do that like that:
fun main() {
    application {
        val isSandboxed = System.getenv("APP_SANDBOX_CONTAINER_ID") != null
        if (isSandboxed) {
            val resourcesPath = System.getProperty("compose.application.resources.dir")
            System.setProperty("jna.nounpack", "true")
            System.setProperty("jna.boot.library.path", resourcesPath)
        }

        FileKit.init(appId = "your app id")

Hope this helps anyone, if you have questions - feel free to reach out.

yannickpulver avatar May 04 '25 09:05 yannickpulver

Thank you so much for your feedback on this issue! This is very valuable!

I'll keep this issue open until I point it out in the documentation.

vinceglb avatar May 04 '25 10:05 vinceglb