DropDMG not able to run from Xcode post-action script

I use DropDMG to automate DMG creation in developer workflow. After upgrading to 10.14, I found that DropDMG does not get run in a Xcode post-action in our archive scheme. I call it like this:

dropdmg --layout-name Salute --APP_VERSION ${version} --APP_SHORT_VERSION_STRING ${buildNumber} $tmpdir/"Salute${buildNumber}/Salute.app"

I did find that it works fine if I run the build with xcrun on the command line (I also get the security/privacy prompts when run from the command line):

xcodebuild archive -scheme 'Salute'

I added dropdmg and xcode to Full Disk Access and Accessibility, but it still fails if called within Xcode. The console shows this error when I run within Xcode:

Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.twocanoes.salute, PID[73988], auid: 501, euid: 501, binary path: '/Users/tperfitt/Library/Developer/Xcode/DerivedData/salute-bxnmtaqgwbdmpndyrpddlgtchapm/Build/Products/Development/Salute.app/Contents/MacOS/Salute'}, REQ:{ID: com.apple.appleeventsd, PID[56], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}

It looks to me like this is a bug in Xcode that doesn’t allow AppleEvents (“kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events”) as part of the new macOS 10.14 Hardening

Have you found a workaround for this issue? I have been planning to move to an automated workflow so this will probably push me to a command line workfllow, so my workaround might be fine. I thought I would let you know and also see if it has been figured out.

Also, I have been using DropDMG for years and it is a great app. thanks for being awesome.

tim

I do think it’s an Apple bug, though I’m not sure whether it’s in Xcode or macOS (because of #1 below and since Xcode has a special com.apple.private.tcc.allow entitlement). What I found is that:

  1. If you use osascript instead of dropdmg to invoke DropDMG, the system does prompt you to allow Automation access for Xcode to control DropDMG.
  2. Once you’ve done that, using dropdmg works, too, and avoids the error errAEEventNotPermitted (-1743).

So I would just run a basic script using osascript to get Xcode authorized and then use your install build phase script as normal.

Thanks, that worked. I just add this to the top of one of my archive scripts:

osascript -e ‘tell application “DropDMG” to mount disk image “/Users/tperfitt/Downloads/Salute3-2.dmg”’

ran the archive build and it prompted me to give access. I then removed the line.