Code has restricted entitlements, but the validation of its code signature failed

I am converting an existing app to be distributed through the MacStore. The basic app will be free with 1 optional in-app purchase for the more advanced features.

I have made all the changes to work under the App Sandbox while signed as a Developer ID Application and is running fine. I am using Xcode 13.4.1 on an Intel MacBook Pro 2019 running the latest Monterey 12.4. The app also has an embedded command-line tool.

The entitlements defined for the app in Xcode are:

<dict>
	<key>com.apple.security.app-sadbox</key>
	<true/>
	<key>com.apple.security.automation.apple-events</key>
	<true/>
	<key>com.apple.security.cs.disable-library-validation</key>
	<true/>
	<key>com.apple.security.device.audio-input</key>
	<true/>
	<key>com.apple.security.device.camera</key>
	<true/>
	<key>com.apple.security.files.bookmarks.app-scope</key>
	<true/>
	<key>com.apple.security.files.bookmarks.document-scope</key>
	<true/>
	<key>com.apple.security.files.user-selected.read-write</key>
	<true/>
	<key>com.apple.security.temporary-exception.apple-events</key>
	<array>
		<string>com.apple.mail</string>
		<string>com.microsoft.Outlook</string>
	</array>
</dict>
</plist>

Now I am trying to implement the AppStore related functionality and the app crashes on launch with the error on the title.

I have seen similar posts, like the https://developer.apple.com/forums/thread/680284 and others, but I am still in the dark on how to match the app entitlements to the provisioning profile. Anyone knows what I need to do or has any pointers?

I attach the crash log and also list some related info below.

Thanks in advance.

Christos K.

System log output:

2022-07-08 10:54:45.921902 (system/com.apple.ManagedClient [1090]) <Notice>: Successfully spawned ManagedClient[1090] because ipc (mach)
2022-07-08 10:54:45.962682 (gui/501/application.com.company.test.macapp.107123014.107124124.0911B94B-7E12-415F-BAA4-71857CEBFBBC [1088]) <Notice>: xpcproxy exited due to OS_REASON_CODESIGNING | When validating /Users/USER/Library/Developer/Xcode/DerivedData/CC-diufhjakujlivreioyidydxmvgof/Build/Products/Debug/CC AppStore.app/Contents/MacOS/CC AppStore: Code has restricted entitlements, but the validation of its code signature failed.
Unsatisfied Entitlements: 
2022-07-08 10:54:45.962689 (gui/501/application.com.company.test.macapp.107123014.107124124.0911B94B-7E12-415F-BAA4-71857CEBFBBC [1088]) <Warning>: removing service since it exited with consistent failure - OS_REASON_CODESIGNING | When validating /Users/USER/Library/Developer/Xcode/DerivedData/CC-diufhjakujlivreioyidydxmvgof/Build/Products/Debug/CC AppStore.app/Contents/MacOS/CC AppStore:
  Code has restricted entitlements, but the validation of its code signature failed.
Unsatisfied Entitlements: 

> 2022-07-08 10:54:45.962693 (gui/501/application.com.company.test.macapp.107123014.107124124.0911B94B-7E12-415F-BAA4-71857CEBFBBC [1088]) <Notice>: exited with exit reason (namespace: 3 code: 0x1) - OS_REASON_CODESIGNING | When validating /Users/USER/Library/Developer/Xcode/DerivedData/CC-diufhjakujlivreioyidydxmvgof/Build/Products/Debug/CC AppStore.app/Contents/MacOS/CC AppStore:


  Code has restricted entitlements, but the validation of its code signature failed.
Unsatisfied Entitlements:

Output of running security cms -D -i ~/Library/Developer/Xcode/DerivedData/.../Build/Products/Debug/AppStore.app/Contents/embedded.provisionprofile on the profile embedded in the app:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>AppIDName</key>
	<string>Testing Mac App ID</string>
	<key>ApplicationIdentifierPrefix</key>
	<array>
	<string>1234567890</string>
	</array>
	<key>CreationDate</key>
	<date>2022-07-06T20:52:18Z</date>
	<key>Platform</key>
	<array>
		<string>OSX</string>
	</array>
	<key>IsXcodeManaged</key>
	<false/>
	<key>DeveloperCertificates</key>
	<array>
		<data>....</data>
	</array>
	<key>DER-Encoded-Profile</key>
	<data>...</data>		
	<key>Entitlements</key>
	<dict>
				<key>com.apple.application-identifier</key>
		<string>1234567890.com.company.test.macapp</string>
				<key>keychain-access-groups</key>
		<array>
				<string>1234567890.*</string>
		</array>
				<key>com.apple.developer.team-identifier</key>
		<string>1234567890</string>
	</dict>
	<key>ExpirationDate</key>
	<date>2023-07-06T11:10:10Z</date>
	<key>Name</key>
	<string>Test MacApp distribution prov profile</string>
	<key>TeamIdentifier</key>
	<array>
		<string>1234567890</string>
	</array>
	<key>TeamName</key>
	<string>Company Ltd</string>
	<key>TimeToLive</key>
	<integer>364</integer>
	<key>UUID</key>
	<string>b48b9de2-14b5-4ba9-ba21-f144ac5a0811</string>
	<key>Version</key>
	<integer>1</integer>
</dict>
</plist>

CrashLog.txt
Up vote post of dareios Down vote post of dareios
691 views
Posted by
dareios
Reply
Add a Comment