I'm running into an issue where the application does not want to launch when the sandbox is enabled.
I got the error in the transporter: ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [ --list of multiple (6) execs --]"
If I run the program with this issue, the program runs like expected. But it cannot be uploaded to the App Store. The sandbox was already partially enabled with the webPreferences: {..., sandbox: true }.
I managed to solve this issue by adding:
<key>com.apple.security.app-sandbox</key><true/> to my entitlements file.
After a rebuild with scripts:{..., "electron-package":"electron-build -m"}, the application is being signed with Developer ID Application: foo (id) and 3rd Party Mac Developer Application: food (id).
When executing the following command project-folder/dist/mas/bar.app/Contents/MacOs/bar, it returns zsh: killed ./bar.app/Contents/MacOS/bar and program simply does not launch anymore
If I upload this build via the transporter, it does get successfully uploaded but will very likely fail the Apple Review.
The output from the crash report is:
Incident Identifier: incident-guid
CrashReporter Key: crashreport-guid
Hardware Model: Macmini9,1
Process: Bar [16938]
Path: /Users/USER/*/bar.app/Contents/MacOS/bar
Identifier: eu.comany.bar
Version: 0.8.4 (0.8.4)
Code Type: X86-64 (Native)
Role: Unspecified
Parent Process: zsh [722]
Coalition: com.apple.Terminal [845]
Responsible Process: Terminal [720]
Date/Time: 2021-12-22 14:23:42.0103 +0100
Launch Time: 2021-12-22 14:23:41.8950 +0100
OS Version: macOS 12.1 (21C52)
Release Type: User
Report Version: 104
Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid))
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: CODESIGNING 1
Highlighted by Thread: 0
Backtrace not available
No thread state (register information) available
Binary Images:
Binary images description not available
Error Formulating Crash Report:
_dyld_process_info_create failed with 6
dyld_process_snapshot_get_shared_cache failed
Failed to create CSSymbolicatorRef - corpse still valid ¯\_(ツ)_/¯
EOF
My entitlements.mac.plist are:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>id.eu.company.app</string>
</array>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.device.microphone</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.automation.apple-events</key>
<true/>
</dict>
</plist>
my info.plist is
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleIdentifier</key>
<string>CopySelected.workflow</string>
<key>CFBundleName</key>
<string>Bar by Foo</string>
<key>NSServices</key>
<array>
<dict>
<key>NSBackgroundColorName</key>
<string>background</string>
<key>NSIconName</key>
<string>NSActionTemplate</string>
<key>NSMenuItem</key>
<dict>
<key>default</key>
<string>CopySelected</string>
</dict>
<key>NSMessage</key>
<string>runWorkflowAsService</string>
<key>NSSendTypes</key>
<array>
<string>public.utf8-plain-text</string>
</array>
</dict>
</array>
</dict>
</plist>
My package.json contains:
"mac": {
"icon": "icons/icon.icns",
"category": "public.app-category.xxxxxxxx",
"entitlements": "entitlements.mac.plist",
"entitlementsInherit": "entitlements.mac.plist",
"provisioningProfile": "provisioning/bar.provisionprofile",
"extraResources": [
"electron/bin/**/*"
],
"target": [
"mas"
],
"binaries": [],
"extendInfo": {
"NSMicrophoneUsageDescription": "Bar requires microphone access."
}
},
security find-identity -vp codesigning returns (terminal command):
Developer ID application: xx (yy)
3rd Party Mac developer Application: xx (yy)
Apple Development: person (zz) //not used
Apple Distribution: xx (yy) //not used
4 valid identities found
My electron-build output:
> bar@0.8.4 preelectron-pack
> npm run build-react
> bar@0.8.4 build-react
> cross-env REACT_APP_ENV=PROD react-scripts build
Creating an optimized production build...
> bar@0.8.4 electron-pack
> electron-builder -m "mas"
• electron-builder version=22.10.5 os=21.2.0
• loaded configuration file=package.json ("build" field)
• writing effective config file=dist/builder-effective-config.yaml
• packaging platform=mas arch=arm64 electron=13.2.0 appOutDir=dist/mas-arm64
• Unpacking electron zip zipPath=undefined
• signing file=dist/mas/Bar.app identityName=Developer ID Application: xxxxxxxx (yyyyyyy) identityHash=71103A11A7D2CD51ACD921809C7358B6E28B8ACD provisioningProfile=certs/Bar.provisionprofile
• signing file=dist/mas/Bar.app identityName=3rd Party Mac Developer Application: xxxxxxxxxxxx (yyyyyyyyy) identityHash=4EF2E5C611EB01CA290E651B55BEBC2424589C3C provisioningProfile=certs/Bar.provisionprofile
codesign -dvvv dist/mas/Bar.app
>>> codesign -dvvv dist/mas/Bar.app
Executable=/path_to_bar/bar/dist/mas/Bar.app/Contents/MacOS/Bar
Identifier=eu.company.bar
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20400 size=3093 flags=0x0(none) hashes=86+7 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=created-sha1-hash
CandidateCDHashFull sha1=created-sha1-hash
CandidateCDHash sha256=created-sha256-hash
CandidateCDHashFull sha256=created-sha256-hash
Hash choices=sha1,sha256
CMSDigest=created-cmsdigest
CMSDigestType=2
CDHash=created-cdhash
Signature size=9183
Authority=3rd Party Mac Developer Application: xxx (yyy)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Timestamp=29 Dec 2021 at 13:39:08
Info.plist entries=31
TeamIdentifier=yyy (same id as the yyy in certificate)
Sealed Resources version=2 rules=13 files=16
Internal requirements count=1 size=208
pkgutil --check-signature dist/mas/Bar-0.8.4.pkg
Package "Bar-0.8.4.pkg":
Status: signed by a developer certificate issued by Apple (Development)
Certificate Chain:
1. 3rd Party Mac Developer Installer: xxx (yyy)
Expires: 2022-11-30 14:04:56 +0000
SHA256 Fingerprint:
4F 54 4F 4B 21 A4 39 95 CD 62 65 AD C8 F7 7E DD AC 77 9D 5F 39 AB
99 88 77 66 55 44 33 22 11 00
------------------------------------------------------------------------
2. Apple Worldwide Developer Relations Certification Authority
Expires: 2030-02-20 00:00:00 +0000
SHA256 Fingerprint:
DC F2 18 78 C7 7F 41 98 E4 B4 61 4F 03 D6 96 D8 9C 66 C6 60 08 D4
24 4E 1B 99 16 1A AC 91 60 1F
------------------------------------------------------------------------
3. Apple Root CA
Expires: 2035-02-09 21:40:36 +0000
SHA256 Fingerprint:
B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
68 C5 BE 91 B5 A1 10 01 F0 24
It is very possible that I did one of the following things wrong. I tried:
- Reimplement certificates
- Redid provisiningprofile
- Sandbox way according to Electron
- Sandbox way according to Apple Developer docs
- Sign application after build
- Remove certain certificates
- Sign with different certificates (this was unsuccessful)
- Created certfs via Xcode
- Tried to import the project in xcode and failed
- Nearly all proposed solutions from the first page on Google. There was a major lack of relevant posts.
- ...
I'm probably forgetting a few
I am unable to find any solutions that solve this for the past week. If you need any more troubleshoot information, please let me know?
