Entitlements Error

[ahadcove]

m trying to package up my electron app with electron-packager and submit to the app store, but App developer keeps failing with 2 errors. My entitlements are not matching its saying, but I have no idea where I am going wrong. I have a provisioning profile, but cannot open it to get the entitlements out of there. Is that what I will need to do?

Errors:

ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.site.app.pkg/Payload/App.app/Contents/Frameworks/App Helper EH.app/Contents/MacOS/App Helper EH", "com.site.app.pkg/Payload/App.app/Contents/Frameworks/App Helper NP.app/Contents/MacOS/QuizzUmmah Helper NP", "com.ahadcove.quizz-ummah.pkg/Payload/QuizzUmmah.app/Contents/Frameworks/QuizzUmmah Helper.app/Contents/MacOS/QuizzUmmah Helper", "com.site.app.pkg/Payload/App.app/Contents/MacOS/App" )] Refer to App Sandbox page at https://developer.apple.com/devcenter/mac/app-sandbox/ for more information on sandboxing your app."

Entitlements Parent:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
  </dict>
</plist>

Entitlements Child:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
  </dict>
</plist>

[saurabhsharma]

Facing same issue.. any update?

[sethlu]

Hi @saurabhsharma, I don't think @ahadcove posted any updates after opening the issue.
Would you mind posting the command you used to sign the app bundle here and we can try to work on your issue from there?

[bookrides]

Hi sethlu,
I'm facing the same exact issue, I also followed the electron guide to packaging for the Mac App Store and getting the error message (please note my parent.plist and child.plist files are identitical to the ones provided in AhadCove's original post):

"ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: ... Refer to App Sandbox page at https://developer.apple.com/devcenter/mac/app-sandbox/ for more information on sandboxing your app."

The command I used to generate my package was:

electron-packager ./ MackinVIA --app-bundle-id=com.mackin.eReader.desktop --helper-bundle-id=com.mackin.eReader.desktop.helper --platform=mas --version=1.7.9 --icon=icons/mac/icon.icns --overwrite --out=builds --build-version=3900 --protocol=mackinvia --protocol-name=mackinvia app-category-type=public.app-category.education --prune=true && sh codesign-electron.sh

The contents of my codesign-electron.sh file are:
`#!/bin/bash

APP="MackinVIA"
APP_PATH="builds/MackinVIA-mas-x64/MackinVIA.app"
RESULT_PATH="builds/$APP.pkg"
APP_KEY="3rd Party Mac Developer Application: Mackin Educational Resources (65HQKK7CFN)"
INSTALLER_KEY="3rd Party Mac Developer Installer: Mackin Educational Resources (65HQKK7CFN)"
CHILD_PLIST="installers/child.plist"
PARENT_PLIST="installers/parent.plist"

FRAMEWORKS_PATH="$APP_PATH/Contents/Frameworks"

codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Electron Framework"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework/Versions/A/Libraries/libnode.dylib"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/Electron Framework.framework"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper.app/Contents/MacOS/$APP Helper"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper.app/"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper EH.app/Contents/MacOS/$APP Helper EH"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper EH.app/"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper NP.app/Contents/MacOS/$APP Helper NP"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$FRAMEWORKS_PATH/$APP Helper NP.app/"
codesign -s "$APP_KEY" -f --entitlements "$CHILD_PLIST" "$APP_PATH/Contents/MacOS/$APP"
codesign -s "$APP_KEY" -f --entitlements "$PARENT_PLIST" "$APP_PATH"

productbuild --component "$APP_PATH" /Applications --sign "$INSTALLER_KEY" "$RESULT_PATH"`

[sethlu]

Hi @bookrides! From the limited info I am not sure about issue you have run into. If you try codesign -d --entitlements - <path-to-app> with the signed app, the output should tell you if your entitlements are added properly.

I'd also recommend checking out https://mintkit.net/electron-userland/electron-osx-sign/guide/, which generates an electron-osx-sign signing script for you.

[bookrides]

@sethlu so I figured out what the issue was. I was chaining my npm command electron-packager with the codesign-electron.sh script. The Info.plist file that's generated from the electron-packager command needs to have the <key>ElectronTeamID</key><string>TEAM_ID</string> added before the shell script is run to sign it. Anywho, I'm just posting this here in case anyone finds it helpful. Make sure before you sign your app that you've added the ElectronTeamID key pair to your Info.plist file