[
https://issues.apache.org/jira/browse/DERBY-7141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17553342#comment-17553342
]
Richard N. Hillegas commented on DERBY-7141:
--------------------------------------------
Thanks for the stack trace. The Derby exception says that Derby could not
create the directory to hold the new database. That exception should wrap an
original Java exception explaining the details. Unfortunately, that triggering
exception was not printed. The most likely cause is a file permissions problem.
That would be consistent with the documentation at
https://developer.apple.com/documentation/security/app_sandbox. It appears that
setting that entitlement restricts your access to system resources, probably
including the file system. I don't know how you configure the boundaries of a
macOS security sandbox. Derby can run under a Java SecurityManager--in which
case you need to configure the Java permissions you grant your app. I don't
know whether or how Java security cooperates with macOS security.
It might be helpful if you could throw a switch which causes the triggering
exception to be printed. I doubt that you are running under a Java
SecurityManager. My suspicion is that the solution to your problem involves
figuring out how to grant file permissions to a macOS sandbox.
> Unable to deploy RCP with sandbox entitlement true
> --------------------------------------------------
>
> Key: DERBY-7141
> URL: https://issues.apache.org/jira/browse/DERBY-7141
> Project: Derby
> Issue Type: Bug
> Components: Eclipse Plug-in
> Affects Versions: 10.14.2.0
> Environment: MacOS 12.4. M1(2020)
> Reporter: Ralph Bosson
> Priority: Major
> Labels: OS-X, derby, embeded, entitlement, sandbox
>
> First - just thank you - !
> The issue I'm reporting pertains to the Derby embedded database within an
> Eclipse RCP.3/Hibernate/Spring/Derby application in an OS X environment.
> Signing and notarizing the application without the entitlement
> "com.apple.security.app-sandbox"<true> allows the app to download and run as
> expected. It may be downloaded at
> https://www.corgroup.com/free/freeSignup.html. When functioning as designed
> an embedded Derby database is created the first time the application is
> launched. A welcome screen is then displayed and the user is able to complete
> the setup.
>
> The problem occurs when the entitlement
> "com.apple.security.app-sandbox"<true> is added during the app signing
> process. With the sandbox enttitlement set to true the database is not
> created. Apparently with the sandbox entitlement I am unable lauch the app
> through the terminal so no useable error is available. Without the sandbox
> entitlement the application may not be deployed to Apples App Store.
> Any guidance will be greatly appreciated.
>
> List of all entitlements:
> <key>com.apple.security.app-sandbox</key>
> <true/>
> <key>com.apple.security.assets.pictures.read-only</key>
> <true/>
> <key>com.apple.security.cs.allow-dyld-environment-variables</key>
> <true/>
> <key>com.apple.security.cs.allow-jit</key>
> <true/>
> <key>com.apple.security.cs.disable-library-validation</key>
> <true/>
> <key>com.apple.security.files.downloads.read-write</key>
> <true/>
> <key>com.apple.security.files.user-selected.read-write</key>
> <true/>
> <key>com.apple.security.network.client</key>
> <true/>
> <key>com.apple.security.print</key>
> <true/>
> <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
> <true/>
> <key>com.apple.security.cs.disable-executable-page-protection</key>
> <false/>
> <key>com.apple.security.cs.debugger</key>
> <false/>
>
> Be well
> Ralph Bosson
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
