Transporter and entitlement

App Store Distribution & Marketing App Store Connect
Alain_B OP
Created 2w
Replies 3
Boosts 0
Views 157
Participants 2

From Transporter I got this error:

App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.abirtz.lnc.pkg/Payload/lnc.app/Contents/MacOS/lnc" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app.

The lnc.entitlements file is:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> </dict> </plist>

What is wrong ?

Thank you.

Replies  3
Boosts  0
Views  157
Participants  2
DTS Engineer OP
Apple
2w

A key debugging step here is to look at the entitlements claimed by the binary, rather than the .entitlements file. That’ll tell you whether there’s a problem with your build system — that is, it’s not signing the program with the expected entitlements — or with the upload.

I recommend that you do the following:

  1. Extract the app from the installer package. See Unpacking Apple Archives.

  2. Check the entitlements on the extracted app:

% codesign -d --entitlements - "Inc.app"

What do you see?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Alain_B OP
2w

lsbom ./com.abirtz.lnc.pkg/Bom

...

./lnc.app/Contents/Resources/lnc.entitlements 100644 0/0 311 30787299

...

codesign -d --entitlements - /Applications/lnc.app

Executable=/Applications/lnc.app/Contents/MacOS/lnc

[Dict]

[Key] com.apple.security.app-sandbox

[Value]

    [Bool] true

[Key] com.apple.security.files.user-selected.read-write

[Value]

    [Bool] true

[Key] com.apple.security.get-task-allow

[Value]

    [Bool] true
0
DTS Engineer OP
Apple
1w

The fact that your installer package contains a .entitlements file is a worry. That file is source code. It’s consumed by the build system and is never meant to be included in your final product.

Are you building this product with Xcode? I suspect not, in which case recommend that you review:

Signing by hand is hard )-:

Regardless, your entitlement dump confirms that the com.apple.security.app-sandbox entitlement is present in the app’s code signature. It also shows the presence of com.apple.security.get-task-allow. That’s wrong. That entitlement is what allows the debugger to attach to your app, which isn’t something you want in your App Store release. You should definitely remove that.

However, that still doesn’t explain the upload error you hit. There’s one more thing I’d like to check on that front. In your app’s Info.plist, is the CFBundleExecutable property set to Inc?

Again, check this in the built app, not in the source code.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Transporter and entitlement
First post date Last post date
 
 
Q