Hi,
I have a Qt app (https://www.qt.io/) which contains the main app executable file, Qt frameworks, and Qt plugins bundled.
Signing the app this way works fine and the app is successfully published on the Mac App Store (the "deep" flag is only used for testing):
codesign --deep -f -s "Apple Distribution" -v --entitlements "MyApp.entitlements" "MyApp.app"
Entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.device.serial</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.personal-information.location</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
But as soon as I change the entitlements file as follows, the app crashes with a "Code signature invalid" error:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.device.serial</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.personal-information.location</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.application-identifier</key>
<string>TEAM_ID.com.myapp</string>
<key>com.apple.developer.team-identifier</key>
<string>TEAM_ID</string>
</dict>
</plist>
Running codesign -dvvv --entitlement :- ./MyApp.app
on the signed app packages shows the correct entitlement. I can upload both app versions to the Mac App Store without problems.
The modified entitlements file is required for enabling TestFlight testing in iTunes Connect. What could be the reason for the crash when using the modified entitlements file?
Regards,
After spending more than a day with this I finally found the reason: https://github.com/microsoft/vscode/issues/113720
In short: the crash is expected but the app will work when installed via TestFlight.