MacCatalyst App Sandbox Not Enabled

I can't figure out how to get past this error message when I try uploading my Mac Catalyst app using Xcode Organiser.

App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list

I have the .entitlements file correctly configured with the boolean, I have the entitlements path correctly setup in Build Settings, when I start the upload process the boolean appears there with the correct value:

Even when I try the command codesign -d --entitlements :- I get back the correct value.

This started appearing when I added a Share Extension to the existing Mac Catalyst app (the app is already in the Mac App Store). I did the same steps and verifications and still got the same error, so I decided to go a step back and remove the Share Extension and try to get it working again.

From here I keep getting the same error over and over. I have tried regenerating all provisioning profiles manually, using automatic code signing...

Please help! Any ideas will be appreciated.

Up vote post of Aramusss Down vote post of Aramusss
2.6k views
Posted by
Aramusss
Reply
Add a Comment

Accepted Reply

OK got the solution and I'll share it here (even if it's a little... embarrassing).

Short version: Scripts that are added to the app's package are treated as 'apps' from Xcode/Organiser POV, so they are required entitlements. I had a script (by mistake) and it was causing the error. In fairness, the error message did point to the script, I just assumed it was auto-generated by Xcode.

Longer version: Because Firebase has no proper support yet for Mac Catalyst, I added it manually into the project. The Firebase package includes a script called "upload_symbols" used to automatically upload symbols for Crashlytics. I didn't know, but Xcode automatically added it to the target, so it was being bundled inside the package. When later I was uploading the app to AppStoreConnect, it was trying to get the sandbox entitlement from this script as well, which of course didn't exist.

Hope this helps someone in the future not to loose a good few hours in such an embarassing issue!

Posted by
Aramusss
Up vote reply of Aramusss Down vote reply of Aramusss
Post marked as solved

  • Thanks for sharing your fix!

    eskimo

  • @Aramusss

    Embarrassed to ask but how in the world did you resolve this while keeping the Crashlytics in tact? I am down some signing rabbit hole to add an entitlement for this specific script which just feels wrong. Any advice here would be greatly appreciated!

    Just removed it from the bundle and the app still runs properly. Not entirely sure if it will operate with Crashlytics but I suppose I will find out.

    Codin
Add a Comment

Replies

OK got the solution and I'll share it here (even if it's a little... embarrassing).

Short version: Scripts that are added to the app's package are treated as 'apps' from Xcode/Organiser POV, so they are required entitlements. I had a script (by mistake) and it was causing the error. In fairness, the error message did point to the script, I just assumed it was auto-generated by Xcode.

Longer version: Because Firebase has no proper support yet for Mac Catalyst, I added it manually into the project. The Firebase package includes a script called "upload_symbols" used to automatically upload symbols for Crashlytics. I didn't know, but Xcode automatically added it to the target, so it was being bundled inside the package. When later I was uploading the app to AppStoreConnect, it was trying to get the sandbox entitlement from this script as well, which of course didn't exist.

Hope this helps someone in the future not to loose a good few hours in such an embarassing issue!

Posted by
Aramusss
Up vote reply of Aramusss Down vote reply of Aramusss
Post marked as solved

  • Thanks for sharing your fix!

    eskimo

  • @Aramusss

    Embarrassed to ask but how in the world did you resolve this while keeping the Crashlytics in tact? I am down some signing rabbit hole to add an entitlement for this specific script which just feels wrong. Any advice here would be greatly appreciated!

    Just removed it from the bundle and the app still runs properly. Not entirely sure if it will operate with Crashlytics but I suppose I will find out.

    Codin
Add a Comment