macos: fix GPU crash, drop redundant switches, codesign wheel binaries

linesight · claude · linesight · commit b33250eb0545 · 2026-04-29T22:38:49.000-07:00
- screenshot.py: add macOS switches matching osr_test.py; remove dead
  switches (enable-begin-frame-scheduling, disable-surfaces not present
  anywhere in CEF 146 source) from the macOS path
- osr_test.py: drop --no-sandbox (cefpython.pyx already sets no_sandbox=1
  at the C level) and --in-process-gpu (macos-14-arm64 CI has real Apple
  Silicon GPU; subprocess is ad-hoc signed in the test setup step);
  update comments to cite actual mechanism (restricted bootstrap namespace
  for ad-hoc-only signed processes) verified against CEF source
- ci-macos.yml wheel job: ad-hoc codesign subprocess and .so before
  packaging so installed wheels don't ship unsigned binaries; unsigned
  subprocess binary is the root cause of GPU_DEAD_ON_ARRIVAL (exit
  code 1003) on macOS 14+ Gatekeeper

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/ci-macos.yml b/.github/workflows/ci-macos.yml
@@ -181,6 +181,16 @@ jobs:
       - name: Set up cefpython3 package
         run: cp -r build/artifacts/. cefpython3/
 
+      - name: Codesign binaries for distribution
+        run: |
+          # Ad-hoc sign the subprocess binary so macOS 14+ Gatekeeper allows
+          # it to execute when users install the wheel. Without signing,
+          # macOS blocks the unsigned binary and the GPU process (which uses
+          # the same binary with --type=gpu-process) exits with code 1003
+          # (GPU_DEAD_ON_ARRIVAL), causing a fatal crash.
+          codesign --force --sign - cefpython3/subprocess
+          for f in cefpython3/cefpython_py*.so; do codesign --force --sign - "$f"; done
+
       - name: Build wheel
         run: python tools/build_distrib.py
 
diff --git a/examples/screenshot.py b/examples/screenshot.py
@@ -74,11 +74,26 @@ def main():
         # it using these Chromium switches (Issue #240 and #463)
         "disable-gpu": "",
         "disable-gpu-compositing": "",
-        # Tweaking OSR performance by setting the same Chromium flags
-        # as in upstream cefclient (Issue #240).
-        "enable-begin-frame-scheduling": "",
-        "disable-surfaces": "",  # This is required for PDF ext to work
     }
+    if sys.platform.startswith("darwin"):
+        # Suppress macOS keychain authorization dialogs in headless use.
+        switches["use-mock-keychain"] = ""
+        # MachPortRendezvousServer bootstrap name requires a bundle ID.
+        # Without one, renderer subprocess bootstrap_look_up fails.
+        # --single-process runs the renderer in-process, avoiding the lookup.
+        switches["single-process"] = ""
+        # --single-process puts V8 in the browser process and requires a large
+        # contiguous CodeRange; --jitless disables JIT to remove that need.
+        switches["js-flags"] = "--jitless"
+        # Run network service in-process to avoid Mach port rendezvous
+        # failures for utility subprocesses on macOS.
+        switches["enable-features"] = "NetworkServiceInProcess2"
+    else:
+        # Tweaking OSR performance (Issue #240). On macOS ARM the viz
+        # Surfaces API is required for OSR browser creation, so these
+        # switches must not be passed on macOS.
+        switches["enable-begin-frame-scheduling"] = ""
+        switches["disable-surfaces"] = ""  # This is required for PDF ext to work
     browser_settings = {
         # Tweaking OSR performance (Issue #240)
         "windowless_frame_rate": 30,  # Default frame rate in CEF is 30
diff --git a/unittests/osr_test.py b/unittests/osr_test.py
@@ -136,30 +136,26 @@ def test_osr(self):
             # The feature string in Chrome 130+ is "NetworkServiceInProcess2".
             switches["enable-features"] = "NetworkServiceInProcess2"
         if MAC:
-            # cefpython does not ship a chrome-sandbox binary.
-            switches["no-sandbox"] = ""
-            # No real GPU available on macOS CI runners.
-            switches["in-process-gpu"] = ""
-            # Prevent macOS keychain authorization prompts during init
-            # (matches CEF's own test infrastructure on macOS).
+            # Prevent macOS keychain authorization prompts during init.
+            # CEF's own test infrastructure (client_app_browser.cc) does
+            # the same on macOS.
             switches["use-mock-keychain"] = ""
-            # Chrome 130+ MachPortRendezvousServer registers via
-            # bootstrap_check_in; renderer subprocesses look up the service
-            # via bootstrap_look_up, which fails on unsigned CI processes
-            # because Chrome gives them a restricted bootstrap namespace.
-            # --in-process-renderer was removed from Chrome 130+.
-            # --single-process runs the renderer in the browser process,
-            # eliminating renderer subprocess bootstrap_look_up failures.
+            # Chrome 130+ MachPortRendezvousServer registers its bootstrap
+            # service as BaseBundleID()+".MachPortRendezvousServer."+pid.
+            # Python processes with only ad-hoc code signing receive a
+            # restricted bootstrap namespace from macOS, so renderer
+            # subprocesses cannot bootstrap_look_up the service.
+            # --single-process runs the renderer inside the browser process,
+            # eliminating the subprocess bootstrap_look_up entirely.
+            # (--in-process-renderer was removed in Chrome 130+.)
             switches["single-process"] = ""
             # --single-process puts the renderer's V8 in the browser process,
             # which requires a large contiguous CodeRange for JIT code.
-            # On constrained CI runner images this reservation fails with an
-            # OOM error.  --jitless disables all V8 JIT compilers, eliminating
-            # the CodeRange requirement entirely.
+            # --jitless disables V8 JIT, removing that requirement.
             switches["js-flags"] = "--jitless"
-            # Run network service in-process to avoid Mach port rendezvous
-            # failures for utility subprocesses on macOS CI runners.
-            # The feature string in Chrome 130+ is "NetworkServiceInProcess2".
+            # Run the network service in-process to avoid Mach port rendezvous
+            # failures for the network utility subprocess on macOS.
+            # (Feature name in Chrome 130+: "NetworkServiceInProcess2".)
             switches["enable-features"] = "NetworkServiceInProcess2"
         browser_settings = {
             # Tweaking OSR performance (Issue #240)
