27

I've made an app which includes a command-line tool. I have enabled the app's sandbox, and tested that it works. I've also code-signed both the app and the command line tool.

But when I upload the app to iTunes, I received a email telling me "App sandbox not enabled".

Apparently I need to set entitlement file of key com.apple.security.app-sandbox with true value, and list the executables: /Contents/MacOS/myApp and /contents/Frameworks/x86/myCommandLineTool.

I'm sure I've enabled sandbox in Xcode, so I thought the problem was with the command line tool.

How can I enable sandbox for command line tool? Or is there a specific folder I should put the tool? Any suggestions welcome - I have been troubled by it for several days.

Kevin Reid
  • 37,492
  • 13
  • 80
  • 108
dinosaur
  • 638
  • 5
  • 14

1 Answers1

27

I had the same issue and after some search, trial & error, this is what worked for me:

  1. create an entitlement file - for me it was just com.apple.security.inherit set to YES. I created this file in xcode itself.

  2. Now sign this commandline tool using the command: 

    codesign --entitlements ./entitlements.plist -s "copy & paste your certificate from keychain" ./commandlinetool

  3. Just to be sure, check using this command:

    codesign --display --entitlements - ./commandlinetool

  4. This tool was already included in the project. So just compile, archive & submit

The status is now 'waiting for review'.

techraf
  • 64,883
  • 27
  • 193
  • 198
jjude
  • 860
  • 1
  • 11
  • 34
  • This just made my day! Thanks! – SevenBits Dec 10 '14 at 21:40
  • I'm unsure how copy-pasting from keychain would work. When I right-click and select copy, nothing is added to my clipboard. Is there something obvious I'm overlooking? – Ben West Mar 10 '16 at 22:02
  • @BenWest Literally copy the name of the certificate. For example: "Mac Developer: John Smith (1231231231)" – kjb Nov 20 '17 at 20:17
  • One more thing I want to add is to make sure that your command line tool is not located in the Resource folder. After struggling a lot, I figured out after reading code sign guide that tools should be installed/located in specific locations .i.e., MacOS, Helpers, etc folders. Hope this is a valuable addition. – Khushneet Jul 12 '18 at 10:37