net8.0: osx-x64 codesigned startup crash #59
Description
This one's going to be hard to explain, sorry...
In production, we sign our release using something of the form:
codesign -f -s "<>" --entitlements osu.entitlements -o runtime --deep pkg.app
With entitlements (this becomes relevant later on):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
</dict>
</plist>
On a new project, when signed even outside of a package, net8.0 fails to start up on osx-x64 with:
Failed to create CoreCLR, HRESULT: 0x8007000C
With a debug build:
Assert failure(PID 41024 [0x0000a040], Thread: 54579339 [0x340d08b]): !"ClrVirtualProtect of code page failed"
File: /Users/runner/work/Satori/Satori/src/coreclr/vm/threads.cpp Line: 1210
Image: /Users/smgi/Desktop/SatoriTest/SatoriTest/bin/Release/net8.0/osx-x64/publish/SatoriTest
The app starts up as expected if I add the entitlement:
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
This is only a problem on osx-x64 or via Rosetta 2. osx-arm64 works correctly from the outset.
I'm not sure if this is an issue with Satori itself, or if it's the way we're signing (this hasn't changed between builds), or if it's the way we're building Satori. I've also tested using Xcode 15.2 which appears to use the same macOS SDK as upstream dotnet builds (==14.2), but that doesn't fix it.
Ref: ppy/osu-deploy#189