Interesting info. Thank you for that. More progess... Find quarantine attribute /tmp λ xar -xf ~/Desktop/PATHmanager.pkg /tmp λ lsbom "com.chipcastle.pathmanager.pkg/Bom" . 0 0/0 ./._PATHmanager.app 40755 0/0 0 0 ./PATHmanager.app 40755 0/0 ./PATHmanager.app/Contents 40755 0/0 ./PATHmanager.app/Contents/._embedded.provisionprofile 100644 0/0 0 0 ./PATHmanager.app/Contents/Info.plist 100644 0/0 1415 2301784519 ./PATHmanager.app/Contents/MacOS 40755 0/0 ./PATHmanager.app/Contents/MacOS/PATHmanager 100755 0/0 856344832 790394002 ./PATHmanager.app/Contents/PkgInfo 100644 0/0 8 742937289 ./PATHmanager.app/Contents/Resources 40755 0/0 ./PATHmanager.app/Contents/Resources/AppIcon.icns 100644 0/0 56310 2265036908 ./PATHmanager.app/Contents/_CodeSignature 40755 0/0 ./PATHmanager.app/Contents/_CodeSignature/CodeResources 100644 0/0 2593 45803994 ./PATHmanager.app/Contents/embedded.provisionprofile 100644 0/0 12303 521235782 /tmp λ cpio -i < "com.chipcastle.pathmanager.pkg/Payload" 1672695 blocks /tmp λ xattr PATHmanager.app com.apple.macl /tmp λ xattr PATHmanager.app/Contents/embedded.provisionprofile com.apple.macl com.apple.metadata:kMDItemWhereFroms com.apple.provenance com.apple.quarantine Remove quarantine attribute /tmp λ xattr -d com.apple.quarantine PATHmanager.app/Contents/embedded.provisionprofile /tmp λ xattr PATHmanager.app/Contents/embedded.provisionprofile com.apple.macl com.apple.metadata:kMDItemWhereFroms com.apple.provenance Bump version number in Info.plist to 1.16 and build /tmp 9s ❮ productbuild --sign '3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' --identifier 'com.chipcastle.pathmanager' --version '1.16' --component '/tmp/PATHmanager.app' /Applications '/Users/chip/Desktop/PATHmanager.pkg' productbuild: Adding component at /tmp/PATHmanager.app productbuild: Signing product with identity "3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)" from keychain /Users/chip/Library/Keychains/login.keychain-db productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority" productbuild: Adding certificate "Apple Root CA" productbuild: Wrote product to /Users/chip/Desktop/PATHmanager.pkg productbuild: Supported OS versions: [Min: 12.0, Before: None] Transporter reports sandbox error Validation failed App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/MacOS/PATHmanager" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. (ID: 7a687ea9-a98d-40f2-9553-ecce05ba6e87) Verify sandbox entitlement (see attached file) Not sure what to do here. PATHmanager.entitlements

I have used ack and xattr in an attempt to find where the com.apple.quarantine attribute might exist, but have not found it in the .pkg file I uploaded using Transporter or in any files contained in the .pkg bundle.

~/Desktop/distribution/PATHmanager.app/Contents λ xattr -d com.apple.quarantine embedded.provisionprofile xattr: embedded.provisionprofile: No such xattr: com.apple.quarantine

Thanks for detailed commands! That really helped. I found the matching profile, copied it over to embedded.provisionprofile, resigned the executable & bundle, and uploaded using Transporter. Received "missing an application identifier" error and fixed it from https://developer.apple.com/forums/thread/748589?login=true and TestFlight, Provisioning Profiles, and the Mac App Store Uploaded & Validated w/ Transporter, but received an email about: ITMS-91109: Invalid package contents - The package contains one or more files with the com.apple.quarantine extended file attribute, such as “com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/embedded.provisionprofile”. This attribute isn’t permitted in macOS apps distributed on TestFlight or the App Store. Please remove the attribute from all files within your app and upload again. Attempted to remove extended attributes as follows (sudo had no effect): ~/Desktop/distribution/PATHmanager.app/Contents λ xattr embedded.provisionprofile com.apple.macl ~/Desktop/distribution/PATHmanager.app/Contents λ xattr -c embedded.provisionprofile ~/Desktop/distribution/PATHmanager.app/Contents λ xattr embedded.provisionprofile com.apple.macl ~/Desktop/distribution/PATHmanager.app/Contents λ xattr -d com.apple.macl embedded.provisionprofile ~/Desktop/distribution/PATHmanager.app/Contents λ xattr embedded.provisionprofile com.apple.macl ~/Desktop/distribution/PATHmanager.app/Contents λ ls -l@ embedded.provisionprofile -rw-r--r--@ 1 chip staff 12303 Feb 28 18:57 embedded.provisionprofile com.apple.macl 72 ~/Desktop/distribution/PATHmanager.app/Contents λ xattr -d com.apple.macl:72 embedded.provisionprofile xattr: embedded.provisionprofile: No such xattr: com.apple.macl:72 ~/Desktop/distribution/PATHmanager.app/Contents λ sudo xattr -d com.apple.macl:72 embedded.provisionprofile Password: xattr: embedded.provisionprofile: No such xattr: com.apple.macl:72 ~/Desktop/distribution/PATHmanager.app/Contents ❮ sudo xattr -d com.apple.macl embedded.provisionprofile ~/Desktop/distribution/PATHmanager.app/Contents λ ls -l@ embedded.provisionprofile -rw-r--r--@ 1 chip staff 12303 Feb 28 18:57 embedded.provisionprofile com.apple.macl 72 I've had no trouble using xattr before, so not sure what's happening here. Suggestions are appreciated. Thanks in advance.

1. Unpack profile: security cms -D -i distribution/PATHmanager.app/Contents/embedded.provisionprofile -o profile.plist (attached profile.plist) profile.plist 2. Extract the cert chain: codesign --display --extract-certificates distribution/PATHmanager.app openssl x509 -in codesign0 -inform der -text > leaf (attached leaf) leaf 3. Serial number for leaf: λ head leaf Certificate: Data: Version: 3 (0x2) Serial Number: 4a:9a:24:59:ac:96:e8:e8:45:f6:71:ab:59:b8:69:32 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Apple Worldwide Developer Relations Certification Authority, OU=G3, O=Apple Inc., C=US Validity Not Before: Mar 1 00:37:19 2025 GMT Not After : Mar 1 00:37:18 2026 GMT 4. What part of the profile should I compare to the leaf serial number? λ shasum leaf ce0e2fc70a9bde62745332b843ef650a918a39dc leaf

security find-identity -v B9C100CC75910543E3FCD9AE63357AE4E2736723 "Apple Development: Harroll Dean Castle (76CZ7DC9QM)" D67F1D2EE9FC682B0BDAFDA1924936335C6E7595 "Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)" D99EF2166A4F18DC4DA375C39F20F3DF2656E841 "3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)" 3 valid identities found

Thanks, I just copied my distribution profile to PATHmanager.app/Contents/embedded.provisionprofile, re-signed the .app bundle and executable, and uploaded the pkg file using Transporter, which returns: Show Progress: Verify failed. Validation failed Invalid Code Signing. The executable 'com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/MacOS/PATHmanager' must be signed with the certificate that is contained in the provisioning profile. (ID: 1810bc78-dcce-483f-b641-239894446e0d) I'm confused. How I can match up the profile (shown below) with the cert? Thanks again. macOS_Distribution_Profile.plist

Making progress here: Upgraded to Sequoia 15.3.1, Xcode 16.2 Codesigning executable returns 'satisfies its Designated Requirement' using: codesign --force --verify --verbose=4 --options runtime --timestamp --entitlements '/Users/chip/Desktop/PATHmanager.entitlements' --sign 'Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' '/Users/chip/Desktop/distribution/PATHmanager.app/Contents/MacOS/PATHmanager' Productbuild .pkg file returns successfully using: productbuild --sign '3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' --identifier 'com.chipcastle.pathmanager' --version '1.15' --component '/Users/chip/Desktop/distribution/PATHmanager.app' /Applications '/Users/chip/Desktop/PATHmanager.pkg' Verifying signature returns 'satisfies its Designated Requirement' using: codesign --verify --verbose=4 '/Users/chip/Desktop/distribution/PATHmanager.app/Contents/MacOS/PATHmanager' Transporter uploads successfully. Running Verify via Transporter returns error: 'Invalid Provisioning Profile Signature' Other forum posters recommended regenerating a new profile and certificates, which I did using Xcode, and then downloading the profile again. I tried numerous times, but the same error persists via Transporter. I read 'TN3125: Inside Code Signing: Provisioning Profiles', which mostly covers how to inspect the contents of the profile, but not how to troubleshoot errors. Any suggestions on how to drill down further with this error is appreciated. Thanks.

Thanks for the suggestion. I downloaded Xcode_15.xip, but opening reports, "You can't use this version of the application Xcode with this version of macOS."

@Etresoft Thank you for your prompt reply. I tried upgrading to Xcode 15, but the AppStore would only let me download version 14. I uninstalled Xcode, but afterwards it only offers version 16 and reports, "Requires macOS 14.5 or later.", which means I need to upgrade to Sonoma. Do you have another suggestion for downloading version 15 on Ventura? Thanks again.