App Store receipt validation, sandboxed: no login prompt

Hello everyone


This is more or less the same question as in


https://forums.developer.apple.com/message/292933#292933


where noone answered. Now I have the very same problem: I am attempting to test our

app store application in a sandboxed environment. The app returns 173 if no receipt is there

and the system should then prompt a login, where I can provide credentials and afterwards

the system should download the receipt and restart the app. All this worked for me and suddenly

it stopped working. Now the app just exists with 173 and no login prompt is shown.


Here is a post of someone who claims that there exists (existed?) an OS X bug which prevents

the login window from appearing:


https://apple.stackexchange.com/questions/227739/why-have-my-apps-from-the-store-suddenly-started-exiting-with-code-173


The suggested solution (delete and redownload) doesn't work for me. Since I am sideloading with

'sudo installer -store -pkg <pkgname> -target /', I tried delete/re-sideload and it didn't fix the problem.


Does anyone know more about that bug that prevents the login window from appearing? What triggers

that bug? Is there a workaround that works in a sandboxed context as well?


Of if it is not due to the bug, what other reasons could there be why the system doesn't proceed

after receiving 173? Does it validate something in the app bundle?

Replies

I have been able to make the login prompt appear again, but I still don't have a definite explanation what triggers that bug in the OS. I have found two different scenarios which triggered the problem in my case:


1) Our build script copies the data from some original directory, then uses 'codesign' to sign the package and 'productbuild' to build the pkg file. In the original directory there was a certain file containing a german umlaut in the file name and it turns out that 'productbuild' discarded that file while 'codesign' did not discard it. So in the end there was a hash in _CodeSignature/CodeResources for a file which did not exist in the final package. Removing that file from the original directory and rerunning the build script made the login prompt appear again.


2) Sometimes the presence of a particular file can trigger the problem as well. I found such a file by repeatedly deleting parts of the app bundle and resigning it, using binary subdivision to quickly find the file that was causing the problem. In that case I did not see anything special about that file and there was no issue with the hashes, therefore I have no idea what is causing the problem in that case.


The OS release also matters: the problem described in 1) happened on 10.13.6, but not on 10.13.5 (there, 'codesign' also discarded the file and therefore was consistent with 'productbuild'). The problem with 2) happened on 10.13.5 as well.