Unable to validate with app sandbox issues

My app is a Safari extension. When trying to validate the app, I get the following error:

App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "app.rango.Rango.pkg/Payload/Rango for Safari.app/Contents/MacOS/Rango for Safari" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app.

I don't know why this is happening. I have app sandbox enabled in both the app and the extension target. I have both entitlement files. When executing codesign -d --entitlements :- /path/to/binary I get the following:

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.files.user-selected.read-only</key><true/><key>com.apple.security.get-task-allow</key><true/><key>com.apple.security.network.client</key><true/></dict></plist>

If I check on Activity Monitor, on the sandbox column it shows true. I have no idea why I keep getting this error when all indicates that the app is actually sandboxed.

Answered by david_tejada in 826247022

I figured it out. I was missing distribution certificates. I don't know why the error didn't state that instead of leading me astray with the missing sandbox key message.

Are you checking the entitlements of your extension or of the containing app?

Both. The previous codesign output was for the containing app and this is for the extension:

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.files.user-selected.read-only</key><true/><key>com.apple.security.get-task-allow</key><true/></dict></plist>

Could I get some help with this?

I'm stuck with this and I can't publish my extension update.

Why on earth does it keep saying that I don't have the app-sandbox entitlement when everywhere I check its set to true. If I select custom when validating I can see in the "Review app.pkg content" screen in both the app and the extension it clearly appears in the entitlements section that com.apple.security.app-sandbox is set to true.

Accepted Answer

I figured it out. I was missing distribution certificates. I don't know why the error didn't state that instead of leading me astray with the missing sandbox key message.

Unable to validate with app sandbox issues
 
 
Q