I've made an app which includes a command-line tool. I have enabled the app's sandbox, and tested that it works. I've also code-signed both the app and the command line tool.
But when I upload the app to iTunes, I received a email telling me "App sandbox not enabled".
Apparently I need to set entitlement file of key com.apple.security.app-sandbox
with true
value, and list the executables: /Contents/MacOS/myApp
and /contents/Frameworks/x86/myCommandLineTool
.
I'm sure I've enabled sandbox in Xcode, so I thought the problem was with the command line tool.
How can I enable sandbox for command line tool? Or is there a specific folder I should put the tool? Any suggestions welcome - I have been troubled by it for several days.
Overview. The App Sandbox is an access control technology that macOS provides and enforces at the kernel level. The sandbox's primary function is to contain damage to the system and the user's data if the user executes a compromised app.
They allow programmers to compile programs and debug them, convert files, and perform a number of tasks for handling the resources required for making applications and other tools. Running the Terminal-based developer tool “make” on a system without the command line tools installed will prompt you to install them.
Go to Terminal in /Applications/Utilities/. In the same way when you are downloading new software and apps, a popup update window will appear asking you: “The xcode-select command requires the command line developer tools.
I had the same issue and after some search, trial & error, this is what worked for me:
create an entitlement file - for me it was just com.apple.security.inherit set to YES. I created this file in xcode itself.
Now sign this commandline tool using the command:
codesign --entitlements ./entitlements.plist -s "copy & paste your certificate from keychain" ./commandlinetool
Just to be sure, check using this command:
codesign --display --entitlements - ./commandlinetool
This tool was already included in the project. So just compile, archive & submit
The status is now 'waiting for review'.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With