I have a bundle file called xxxx.app that works with productbuild to produce xxxx.pkg file and the resulting application works well on my computer. However attemps to upload it to Apple using Application Loader produces the following message:
ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "xxxx.pkg/Payload/xxxx.app/Contents/MacOS/xxxx" )] Refer to App Sandbox page at https://developer.apple.com/devcenter/mac/app-sandbox/ for more information on sandboxing your app.”
I also have a file called entitlments.plist that includes for the sandboxing: com.apple.security.app-sandbox. I have tried including this in the xxxx.app bundle under Contents and also Contents/Resoures but it does not seem to make any difference.
How should the entitlments be incorporated in the productbuild?
The help documents mentioned in the error message do not seem to address this question.
Any suggestions would be appreciated.
Your entitlements property list file is not meant to be included in your final build product. Rather, it’s an input to the code signing machinery. If you enable the App Sandbox is the standard way (via the Capabilities tab of the target editor in Xcode), you’ll find that it a) adds the entitlements property list file, and b) sets the Code Signing Entitlements (
CODE_SIGN_ENTITLEMENTS
) building setting to point to that file. Then, when your build your app, you’ll see in the build log two steps,
Process product packaging and
Sign, that process that file and then use it as part of your code signing.
Finally, to check the actual entitlements of a binary, do this:
$ codesign -d --entitlements :- /path/to/binary
Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"