Pkgbuild toolchain help

Hello,

We are using pkgbuild in command line that builds a .pkg to installs our application on MacOS. The postinstall script sets up a few LaunchAgents as it's a multi-process application. Also some processes are written in Java (JDK21).

We'd like to submit the application into the Mac App Store.

Is there a way to submit a .pkg directly into the store via command line? Because we're using pkgbuild, we have no hook into Xcode archive window to test/validate the application.

For dev env, we're on macOS14.4 and Xcode 15.2.

Thank you in advance.

I was able to generate and submit pkg , wanted to share with community in case it helps here are steps to generate pkg and submit it

Step 1 - built a native app SwiftUI using Xcode , then fetched the ".app" from Build folder (copy it to a work folder)

Step 2 - Place all java jars in /Myapp.app/Contents/Resources/javastuff folder

Step 3 -Place java runtime at /Myapp.app/Contents/PlugIns. I used openJDK21.

Step 4 -Codesign App + all binaries with "3rd Party Mac Developer Application" Certificate codesign -s "Developer ID Application: xxxxxx" -f --timestamp -o runtime -i "com.yourdomain.yourapp" --entitlements App.entitlements MyApp.app/Contents/Resources/javastuff/binary1 ... repeat for each binary....

Step 5 -Build pkg using productbuild productbuild --component My.app /Applications Product.pkg

Step 6 -Sign pkg with 3rd Party distribution certificate productsign --sign "3rd Party Mac Developer Installer: xxxxxx" Product.pkg Product-signed.pkg

Step 7 -Upload pkg xcrun altool --upload-app -f ./Product-Signed.pkg --type mac --user "(youremail)" --pass (your password).

I am now grappling with error on Java , the runtime throws a trap which has no info or documentation. Anyone experience this ? any tips or guidance?

$java -version 34655 Trace/BPT trap: 5

console shows the following events: java[34669]: root path for bundle "<private>" of main executable "<private>" java[34669]: AppSandbox request successful AMFI: Denying core dump for pid 34669 (java) java[34669] Corpse allowed 1 of 5 Formulating fatal 309 report for corpse[34669] java

Is there a way to submit a .pkg directly into the store via command line?

Yes, using altool. However, that’s not the full answer here. While the Mac App Store accepts installer packages, it requires that those packages use the simplest possible structure. That is, the package must install a double clickable app in /Applications and not have any other extras.

The postinstall script sets up a few LaunchAgents as it's a multi-process application.

Mac App Store apps can use APIs, most notably SMAppService, to install an agent for the current user.

I was able to generate and submit pkg , wanted to share with community in case it helps here are steps to generate pkg and submit it

My understanding is that the various Java runtimes have their own specific advice on how to package that runtime for the Mac App Store.

codesign -s "Developer ID Application: xxxxxx"

Developer ID signing identities only make sense if you’re distributing outside of the Mac App Store. For detailed advice on how to manually sign and package code, see:

However, my advice is that you look up the advice that’s specific to your Java runtime.

I am now grappling with error on Java , the runtime throws a trap

I have general advice for debugging such problems in Resolving Trusted Execution Problems. But, again, it’s possible that your Java runtime support resources have more info on this.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you Quinn !

I was able troubleshoot most issues.

The application launches and working fine , the challenge now facing is that the application is getting a block (by sandbox?) when attempts to write log inside the .app container.

When app runs without sandbox it works ok. So I suspect it is a sandbox permission issue (not POSIX perms).

Question: Is there are proper location for app required data that needs persistence & read/write, that sandbox will allow? Here is

Here is the structure of the ".app" . The log files are in the /app path. Read operations are working fine. It is write that are blocked. drwxr-xr-x 9 alejandro admin 288 Feb 12 18:49 . drwxr-xr-x 3 alejandro admin 96 Feb 12 18:49 .. -rw-r--r-- 1 alejandro admin 1367 Feb 12 18:49 Info.plist drwxr-xr-x 3 alejandro admin 96 Feb 12 18:55 MacOS -rw-r--r-- 1 alejandro admin 8 Feb 12 18:49 PkgInfo drwxr-xr-x 3 alejandro admin 96 Feb 12 18:49 Resources drwxr-xr-x 3 alejandro admin 96 Feb 12 18:49 _CodeSignature drwxr-xrwx 8 alejandro admin 256 Feb 12 18:49 app drwxr-xr-x 3 alejandro admin 96 Feb 12 18:49 runtime

Thank you

I was able to resolve this. The workaround was to store data in ~/Library/Containers/[app identifier]
Read/write operations appear to work in these folders for Sandbox. Is this the recommended best-practice?

Pkgbuild toolchain help
 
 
Q