I'm trying to build a developer tools app that can run in the app sandbox and execute commands related to working with DSYM files. The app sandbox is a requirement for publishing it to the App Store. I come from the world of iOS so everything is a sandbox to me and this is new territory.
To execute my commands I'm using the Process type to invoke command line.
func execute() throws -> CommandResult {
let task = Process()
let standardOutput = Pipe()
let standardError = Pipe()
task.standardOutput = standardOutput
task.standardError = standardError
task.arguments = ["-c", command]
task.executableURL = URL(fileURLWithPath: "/bin/zsh")
task.standardInput = nil
let outHandle = standardOutput.fileHandleForReading
let errorHandle = standardError.fileHandleForReading
try task.run()
let out1 = outHandle.readDataToEndOfFile()
let out2 = errorHandle.readDataToEndOfFile()
// more code interpreting the pipes
I'm trying to perform the following operations:
-
mdfind to locate DSYMs https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Locate-a-dSYM-using-Spotlight
-
dwarfdump to verify UUIDs https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Match-build-UUIDs
-
atos to symbolicate with the found DYSM file https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Symbolicate-the-crash-report-with-the-command-line
This all works just fine when I run my Mac app without sandboxing, but as one would expect totally fails when App Sandbox is enabled--the sandbox is doing its thing.
Responses like "xcrun cannot be used within an App Sandbox", or simply the output not finding anything because the scope of the process is limited to the sandbox, not where my app DSYM file is.
In my readings on the documentation, where it states that I can create a command line helper tool that gets installed alongside the app sandbox app. "Add a command-line tool to a sandboxed app's Xcode project to the resulting app can run it as a helper tool." https://developer.apple.com/documentation/security/app_sandbox
Is this the right path to take? Or is there a way to still achieve access to xcrun by asking the user to grant access to other parts of the system via dialogue prompts?
I have followed this guide but don't know where to go from here: https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app It leaves off at print("Hello World") and no instructions on how to have your app communicate with the helper from what I could find ... :).
I know, generally speaking, of XPC services and that I have the ability to make them on macOS, unlike iOS (wait maybe 17.4 allows it? https://developer.apple.com/documentation/xpc anyways). Would creating an XPC helper be allowed to execute commands against xcrun or have access to the ~/Library/Developer/Xcode path to find the debug symbols for the purposes of symbolicating a crash report?
I really want to be able to ship my app on the App Store and enable developers to use the tool super easy, but I'm not sure if the App Sandbox will prevent me from achieving what I'm trying to do or not.
Any tips, pointers, samples, guidance is much appreciated!