For Mac application getting error while validating app while using 3rd party App Developer Certificate for signing : App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of t

Same problem here friend. Did you resolved it??

These problems are usually the result of folks not actually sandoxing their app. You can enable sandboxing in Xcode’s Capabilities editor. You can confirm that sandboxing is enabled via the following command:

$ codesign -d --entitlements :- /path/to/your.app
…
<plist version="1.0">
<dict>
    …
    <key>com.apple.security.app-sandbox</key>
    <true/>
    …
</dict>
</plist>

If your app contains multiple executables, you should run this command against each executable embedded within the app. For example, if you have a share extension:

$ codesign -d --entitlements :- /path/to/your.app/Contents/PlugIns/your.appex

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I am running into this same problem. Checking the code sign gives me:

valid on disk
satisfies its Designated Requirement

and both the main app and helper app have:

<key>com.apple.security.app-sandbox</key>
<true/>

Yet when trying to upload I get:

ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.xericdesign.earthdesk.mas.pkg/Payload/EarthDesk.app/Contents/Library/LoginItems/EarthDesk Launcher.app/Contents/MacOS/EarthDesk Launcher" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app."

My experience is that the App Store ingestion process is rarely wrong about this: If it complains that you haven’t enabled the App Sandbox, it’s likely because you haven’t enabled the App Sandbox (-:

You wrote:

and both the main app and helper app have:

Code Block  
 <key>com.apple.security.app-sandbox</key>
 <true/>
 

Did you check the entitlements baked into the code signature? Or are you just looking at your .entitlements file? Because the latter is not to be trusted (-:

You should use the Organizer to export a copy of your product for upload to the App Store (Distribute App > App Store Connect > Export). Then unpack the installer package (1) and then use codesign to dump the entitlements of the app and its nested Service Management login item.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

(1) I generally use Pacifist for this but if you want to do it solely using Apple tools see Unpacking Apple Archives.

I did check with codesign. This is the result of "codesign -d --entitlements :-"

If I use Archive, Xcode does not build my two dependent modules (the bundle and the launcher) even though in the Schema they are build in the order "launcher, bundle, app" and "Find Implicit Dependencies" is checked.

Normally I use "Build for Profiling" which is configured for Release, with a script to do the code signing which has worked from Xcode 4 to Xcode 11.

When I try to Archive it, I get output, but also:

/Volumes/Vault/Beta/EarthDesk 7.5 β/productbuild:1:1: directory "/Users/trygve/Library/Developer/Xcode/DerivedData/EarthDesk-cxaqpchwzcdrtucehxedgouyvlju/ArchiveIntermediates/Build App Store Package/IntermediateBuildFilesPath/UninstalledProducts/macosx" does not exist for writing "EarthDesk.pkg".

I have filed a DTS incident for this as it is a fairly complex project.

Just an update

By changing all the Code Signing Identities to "Apple Distribution" it now is accepted by Transporter, but the app itself does not run and fails under a "spctl -a -v" check, but passes a check with "codesign -v --strict --deep --verbose=2"

The internal embedded.provisionprofile seems to have different entitlements than I specified in my --entitlements when signing.

Honestly, I spend 40% of my time coding my app and 60% fighting with certificates, signing, entitlements, provisioning and all the other junk that we have to do now. I miss the days of CodeWarrior and even MPW when things just worked.