Sandbox supposedly enabled, but Application Loader disagrees?


#1

Hello everyone,

Hope you’re all well.

I’ve finished a small app of mine recently, now I’m currently in the process of trying to submit it to the MAS.

My application is successfully packaged, I can sign it too. So far so good.

Until I try to submit it via the Application Loader, it tells me that the application sandbox is enabled. But to my knowledge, it is… I have a parent.plist that looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
  </dict>
</plist>

As you can see, com.apple.security.app-sandbox is true.

My child.plist looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

And my signing script looks like this:

#!/bin/bash

# Name of your app.
APP="Intacept"

# The path of you app to sign.
APP_PATH="./releases/Intacept-darwin-x64/$APP.app"

# The path to the location you want to put the signed package.
RESULT_PATH="./releases/$APP.pkg"

# The name of certificates you requested.
APP_KEY="3rd Party Mac Developer Application: Joe Dawson (1234567890)"
INSTALLER_KEY="3rd Party Mac Developer Installer: Joe Dawson (1234567890)"

# Frameworks Path
FRAMEWORKS_PATH="$APP_PATH/Contents/Frameworks"

# Child Signing
codesign --deep -fs "$APP_KEY" --entitlements child.plist "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/"
codesign --deep -fs "$APP_KEY" --entitlements child.plist "$FRAMEWORKS_PATH/$APP Helper.app/"
codesign --deep -fs "$APP_KEY" --entitlements child.plist "$FRAMEWORKS_PATH/$APP Helper EH.app/"
codesign --deep -fs "$APP_KEY" --entitlements child.plist "$FRAMEWORKS_PATH/$APP Helper NP.app/"
if [ -d "$FRAMEWORKS_PATH/Squirrel.framework/Versions/A" ]; then
  # Signing a non-MAS build.
  codesign --deep -fs "$APP_KEY" --entitlements child.plist "$FRAMEWORKS_PATH/Mantle.framework/Versions/A"
  codesign --deep -fs "$APP_KEY" --entitlements child.plist "$FRAMEWORKS_PATH/ReactiveCocoa.framework/Versions/A"
  codesign --deep -fs "$APP_KEY" --entitlements child.plist "$FRAMEWORKS_PATH/Squirrel.framework/Versions/A"
fi
codesign -fs "$APP_KEY" --entitlements parent.plist "$APP_PATH"

# Build
productbuild --component "$APP_PATH" /Applications --sign "$INSTALLER_KEY" "$RESULT_PATH"

Of course, I’ve removed my certificates identities for the posting of this thread.

Anyway, as I mentioned - when I run it through application loader, the only issue I appear to get is that the application sandbox is not enabled. But it should be, right?

Any help would be appreciated!