Pkg installation package uploaded to macstore email prompt ITMS-90296

Hello! I encountered an issue while packaging and uploading the project to the Mac store. I received an email stating:

ITMS-90296: App Sandbox not enabled - The following executors must include the 'com. apple. security. app sandbox' entitlement with a Boolean value of true in the entitlement property list: [[com. electron. iflyrecclient. pkg/Payload/iFlytek Listen. app/Contents/MacOS/iFlytek Listen]] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. Though you are not required to fix the following issues, we wanted to make you aware of them: ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at' iFlytek hears. app 'is missing an application identifier but has an application identifier in the provisioning profile for the bundle.' Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight.'

But in my memory, the sandbox was set to true. I have also tried the methods in the forum, but they have not been resolved,I hope you can help me see what happened. Here are the specific situations I developed,

  1. This project is built and developed using electron9;
  2. The entire project was not developed using Xcode;
  3. The specific process of packaging into pkg is as follows:

Step 1: Use an electron packager to package the app file

Step 2: Use electron/osx sign to sign the entire app file (with options such as entitlement and provisioning profile configured)

Step 3: Use the productbuild -- component Yourappname. app/Applications -- sign "3rd Party Mac Developer Installer: *** *** (XXXXXXXXXX)" Yourappname. pkg command to generate the pkg package

Step 4: Upload to transporter The above operations were executed normally, and after the second step of signing, using the codesign dvvv -- entities -<path to your app>provided on the official website to query also showed that the sandbox was true. However, after the upload was successful, you will receive an email showing an issue, and the corresponding uploaded version cannot be found on the app connect website

Hope to receive your answer. Wishing you good health and smooth work! PS: When generating the app, there is no sandbox related configuration in Info.Plist in the app content package. Is this normal? I checked the info.Plist of Google Chrome, Sogou Input Method and other software, and there is no sandbox configuration. Moreover, I tried manually adding it and then packaging it, but also encountered the same email problem.

Answered by DTS Engineer in 813805022
I noticed an error message

Yeah, that’s not good, and it’s quite possible that it’s causing your other problems.

The ._node_modules file is an AppleDouble file. The __MACOSX directory suggests that you’re using sequestered resources. This is problematic for an installer package that you’re submitting to the Mac App Store.

I talk about these concepts in more detail in Extended Attributes and Zip Archives.

You need to track down how these items made it into your installer packages. In general, your app shouldn’t need to use extended attributes. You should work out what extended attributes are present and update your build process so that they don’t get added. If you have to keep them for some reason, let me know the reason and we can talk about that.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

First things first, the TestFlight issue (ITMS-90886) is covered by TestFlight, Provisioning Profiles, and the Mac App Store.

Regarding the App Sandbox issue (ITMS-90296), there’s a variety of potential causes for this. I recommend that you check whether App Sandbox is actually enabled on the binary that you submitted to App Store Connect. To do that:

  1. Locate the installer package (.pkg) you submitted.

  2. Unpack that. I usually do this with a third-party app (Pacifist), but Unpacking Apple Archives explains how to do it the hard way.

  3. Run codesign against the resulting app to confirm that its signature is valid:

    % codesign --verify -vvv /path/to/your.app
    
  4. Run codesign again to check that you have App Sandbox enabled:

    % codesign --display --entitlements - /path/to/your.app
    

    I’d expect to see output like this:

    % codesign --display --entitlements - /Applications/PCalc.app 
    …
    [Dict]
        …
        [Key] com.apple.security.app-sandbox
        [Value]
            [Bool] true
        …
    

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I tried using a third-party app (Pacivist) to open the app in pkg, nd export the app locally,then followed your instructions to perform the following actions:

1、 Run codesign against the results app to confirm that its signature is valid:

% codesign --verify -vvv /path/to/your.app

The results obtained:

PS:I noticed an error message

IFlytek heard. app: a sealed resource is missing or invalid File missing:/Users/pploo2/Desktop/icon/1/iFlytek heard. app/Contents/Resources/tj_S1/_MACOSX/ node_modules

I don't know if this is the key to the problem ITMS-90926.
2. Run codesign again to check that you have App Sandbox enabled:

% codesign --display --entitlements - /path/to/your.app

The results obtained:

You can see that there is sandbox=true here

Now back to the first step, I performed operations on the app before packaging it as pkg and found that there were no missing related issues

I noticed an error message

Yeah, that’s not good, and it’s quite possible that it’s causing your other problems.

The ._node_modules file is an AppleDouble file. The __MACOSX directory suggests that you’re using sequestered resources. This is problematic for an installer package that you’re submitting to the Mac App Store.

I talk about these concepts in more detail in Extended Attributes and Zip Archives.

You need to track down how these items made it into your installer packages. In general, your app shouldn’t need to use extended attributes. You should work out what extended attributes are present and update your build process so that they don’t get added. If you have to keep them for some reason, let me know the reason and we can talk about that.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Pkg installation package uploaded to macstore email prompt ITMS-90296
 
 
Q