The installer package includes files that are only readable by the root user

Question

Created Jun ’25

Replies 17

Boosts 0

Participants 2

I'm into packaging up my Mac game and want to submit it to the Mac App Store via XCode -> Product -> Archive -> Distribute App.

I'm getting the following error:

Validation failed The installer package includes files that are only readable by the root user. This will prevent verification of the application's code signature when your app is run. Ensure that non-root users can read the files in your app.

I've created post build and post package hooks in xcode that list out the files do a debug log file, but there is no single file that is root only or having not 755 as rights.

Any idea what I can change to fix this? Is this even something I can influence? Or is this a App Store connect issue?

Thanks Martin

Bildschirmfoto 2025-06-19 um 11.34.42.png

Answered by DTS Engineer in 844756022

It’s hard to say what’s causing this, but I do have suggestion for how to debug it. If you choose Distribute App > Custom > App Store Connect > Export, you get a copy of the installer package that would have been submitted if you’d chosen the Upload option. You can then dig into the installer package to see what’s what.

There are a couple of really good third-party apps to dig into installer packages. Alternatively, you can pull them apart by hand as explained in Unpacking Apple Archives.

Once you know what file is causing the problem, you can then work backwards through your build system to see how it got that way.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’25

OK, here’s what I did today:

I created a new VM with a macOS 15.5 guest, and then installed Xcode 16.4.
I ran through the OS and Xcode setup processes, doing minimum configuration at each step. I chose English as the language because I very much doubt that this issue is related to your chosen language.
In Xcode, I created a new project from Xcode’s macOS > App template.
In Signing & Capabilities, I confirmed that Sign to Run Locally was selected [1].
I chose Product > Archive.
I looked at the contents of the resulting archive:

% cd /Users/quinn/Library/Developer/Xcode/Archives/2025-07-21 
% ls -al Test788895\ 21-07-2025,\ 05.11.xcarchive/Products/Applications/Test788895.app/Contents/_CodeSignature
total 8
drwxr-xr-x  3 quinn  staff    96 21 Jul 05:11 .
drwxr-xr-x  7 quinn  staff   224 21 Jul 05:11 ..
-rw-r--r--  1 quinn  staff  2200 21 Jul 05:11 CodeResources

As you can see, the permissions are set correctly.

You should be able to run this test locally, and I suspect that you’ll see the same results as I do. If you do, that indicates that there’s something specific to your main Mac’s setup that’s causing this issue.

You wrote:

it is [an MDM] controlled Mac

I’ve seen a weird problems on managed Macs before, with the root cause being either the management software or the software that it installed. If things work in a VM and fail on your main Mac, the next step is to escalate this to your site manager.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] This is the default because I haven’t signed in with an Apple Account in Xcode > Settings > Accounts.

0

Answer 2

MartinSchultz72 OP

Jul ’25

Ok, yeah, at least good that it is a local problem on my machine then. I will get in the next 2 weeks my shiny new M4 Macbook Pro and will check if I run in the same problem there.

0