I have an App created in xCode 5 which includes a bundled executable file. I am trying to submit the app to the Mac App store, however when I submit it it fails with the following message:
App sandbox not enabled - The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list. Refer to the App Sandbox page for more information on sandboxing your app.
I have created an entitlements file (EXECUTABLE_NAME.entitlements), containing the 'com.apple.security.app-sandbox' key with a value of 'true'...
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
...but the app still fails.
What am I missing (or what have I done wrong) to get the bundled executable file code signed?
Open the project using Xcode. Select the root project directory, and go to the Signing and Capabilities tab. Here, you can either check Automatically manage signing or do the signing manually. If you check the Automatically manage signing checkbox, then you will just need to select the Team from the drop-down list.
Code signing your app assures users that it's from a known source and hasn't been modified since it was last signed. Before your app can integrate app services, be installed on a device, or be submitted to the App Store, it must be signed with a certificate issued by Apple.
I resolved this issue in the following manner:
1) the .plist file was missing the inherit key, so I modified it thus:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
that on its own won't do the job, to actually code sign the file I did the following:
Run the following command:
codesign -f -s "$YOUR_CERTIFICATE_HERE" --entitlements "$THE_ENTITLEMENTS_PLIST" "$THE_EXECUTABLE"
for $YOUR_CERTIFICATE_HERE
use your 3rd Party Mac Developer Application certificate
Once this is done, the app should upload to iTunes Connect and you will be able to see the relevant code signing information under the 'Binary Details' section.
@dmid's answer is correct and works.
But it could be simpler. Let's say the executable is myexe
:
create myexe.entitlements
file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
Run command:
codesign -f -s "$YOUR_CERTIFICATE_HERE" --entitlements "myexe.entitlements" "myexe"
Done!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With