An easy-to-host PDS on the ATProtocol, iPhone and MacOS. Maintain control of your keys and data, always.
fix(identity-wallet): disable SPM sandbox to fix ios-api build on macOS 26
+12
+8
apps/identity-wallet/CLAUDE.md
+8
apps/identity-wallet/CLAUDE.md
···
238
238
239
239
---
240
240
241
+
### `sandbox-exec: sandbox_apply: Operation not permitted` (Tauri ios-api build)
242
+
243
+
Swift Package Manager sandboxes its manifest compilation using `sandbox-exec`. On macOS 26 (Tahoe), `sandbox_apply()` returns `EPERM` in this context, causing `swift-rs`'s build script (used by Tauri) to fail with "Failed to compile swift package Tauri".
244
+
245
+
**Fix:** Already resolved. `src-tauri/.cargo/config.toml` sets `SWIFTPM_ENABLE_SANDBOX = "0"` in `[env]`, which tells SPM not to apply a sandbox when compiling `Package.swift` manifests. This is inherited by the `tauri` build script's child `swift` process.
246
+
247
+
---
248
+
241
249
### Xcode build phase: `cargo: command not found`
242
250
243
251
After running `cargo tauri ios init`, the generated `project.pbxproj` build script has the system PATH which doesn't include the Nix dev shell or rustup-managed cargo.
+4
apps/identity-wallet/src-tauri/.cargo/config.toml
+4
apps/identity-wallet/src-tauri/.cargo/config.toml
···
13
13
14
14
[env]
15
15
RUST_TEST_THREADS = "1"
16
+
# Swift Package Manager uses sandbox-exec to sandbox manifest compilation.
17
+
# On macOS 26 (Tahoe), sandbox_apply() returns EPERM, failing the Tauri ios-api
18
+
# build step. Disabling the SPM sandbox is safe for local dev builds.
19
+
SWIFTPM_ENABLE_SANDBOX = "0"
16
20
CC_aarch64_apple_ios_sim = "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang"
17
21
CC_aarch64_apple_ios = "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang"
18
22
CC_aarch64_apple_darwin = "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang"