Transporter and entitlement

Question

Alain_B OP

Created Sep ’24

Replies 7

Boosts 0

Participants 2

From Transporter I got this error:

App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.abirtz.lnc.pkg/Payload/lnc.app/Contents/MacOS/lnc" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app.

The lnc.entitlements file is:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> </dict> </plist>

What is wrong ?

Thank you.

Boost

Answer 1

DTS Engineer OP

Apple

Sep ’24

A key debugging step here is to look at the entitlements claimed by the binary, rather than the .entitlements file. That’ll tell you whether there’s a problem with your build system — that is, it’s not signing the program with the expected entitlements — or with the upload.

I recommend that you do the following:

Extract the app from the installer package. See Unpacking Apple Archives.
Check the entitlements on the extracted app:

% codesign -d --entitlements - "Inc.app"

What do you see?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

Alain_B OP

Sep ’24

lsbom ./com.abirtz.lnc.pkg/Bom

...

./lnc.app/Contents/Resources/lnc.entitlements 100644 0/0 311 30787299

...

codesign -d --entitlements - /Applications/lnc.app

Executable=/Applications/lnc.app/Contents/MacOS/lnc

[Dict]

[Key] com.apple.security.app-sandbox

[Value]

    [Bool] true

[Key] com.apple.security.files.user-selected.read-write

[Value]

    [Bool] true

[Key] com.apple.security.get-task-allow

[Value]

    [Bool] true

0

Answer 3

DTS Engineer OP

Apple

Sep ’24

The fact that your installer package contains a .entitlements file is a worry. That file is source code. It’s consumed by the build system and is never meant to be included in your final product.

Are you building this product with Xcode? I suspect not, in which case recommend that you review:

Signing by hand is hard )-:

Regardless, your entitlement dump confirms that the com.apple.security.app-sandbox entitlement is present in the app’s code signature. It also shows the presence of com.apple.security.get-task-allow. That’s wrong. That entitlement is what allows the debugger to attach to your app, which isn’t something you want in your App Store release. You should definitely remove that.

However, that still doesn’t explain the upload error you hit. There’s one more thing I’d like to check on that front. In your app’s Info.plist, is the CFBundleExecutable property set to Inc?

Again, check this in the built app, not in the source code.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 4

Alain_B OP

Oct ’24

I am sorry, I am late to reply.

Are you building this product with Xcode?

Yes.

I follow the instructions from "Export an app from Xcode" in your link "Creating distribution-signed code for macOS" "Validate App" and "distribute App" report no issues no errors. But "Apple Store Connect -> macOS App" still show "Prepare for Submission" message.

In "App Store Version Release" which one must be selected: "Manually release this version" or "Automatically release this version"

0

Answer 5

DTS Engineer OP

Apple

Oct ’24

So things have changed from previously? Because earlier you were reporting an “App sandbox not enabled” error?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 6

Alain_B OP

Oct ’24

So things have changed from previously?

No except now I distribute within Xcode (I no longer use Transporter):

To create a distribution-signed app using the Xcode app: [from "Export an app from Xcode" in your link "Creating distribution-signed code for macOS" ]

1- Select your app’s scheme.

2- Choose Product > Archive.

3- In the Archives organizer, select the archive created in step 2.

4- Click Distribute App.

5- Choose the appropriate distribution method. For example, to create a notarized app that you send directly to your customers, choose Direct Distribution.

6- Click Distribute.

No issues no errors.

Because earlier you were reporting an “App sandbox not enabled” error?

No longer see this error.

Is "App Store Version Release" must be set "Automatically release this version" ?

What is the next step ?

Thank you.

0

Answer 7

DTS Engineer OP

Apple

Oct ’24

No issues no errors.

Cool.

No longer see this error.

Cool also.

So what’s the actual question then? Are you asking how to release a build to App Review and thence to the App Store? If so, that’s not really my field (I’m not allowed to release apps on the App Store!) but App Store Connect Help has the details. See the Manage builds and Manage submissions to App Review sections.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0