@Etresoft Thank you for your prompt reply. I tried upgrading to Xcode 15, but the AppStore would only let me download version 14. I uninstalled Xcode, but afterwards it only offers version 16 and reports, "Requires macOS 14.5 or later.", which means I need to upgrade to Sonoma. Do you have another suggestion for downloading version 15 on Ventura? Thanks again.

Thanks for the suggestion. I downloaded Xcode_15.xip, but opening reports, "You can't use this version of the application Xcode with this version of macOS."

Making progress here: Upgraded to Sequoia 15.3.1, Xcode 16.2 Codesigning executable returns 'satisfies its Designated Requirement' using: codesign --force --verify --verbose=4 --options runtime --timestamp --entitlements '/Users/chip/Desktop/PATHmanager.entitlements' --sign 'Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' '/Users/chip/Desktop/distribution/PATHmanager.app/Contents/MacOS/PATHmanager' Productbuild .pkg file returns successfully using: productbuild --sign '3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' --identifier 'com.chipcastle.pathmanager' --version '1.15' --component '/Users/chip/Desktop/distribution/PATHmanager.app' /Applications '/Users/chip/Desktop/PATHmanager.pkg' Verifying signature returns 'satisfies its Designated Requirement' using: codesign --verify --verbose=4 '/Users/chip/Desktop/distribution/PATHmanager.app/Contents/MacOS/PATHmanager' Transporter uploads successfully. Running Verify via Transporter returns error: 'Invalid Provisioning Profile Signature' Other forum posters recommended regenerating a new profile and certificates, which I did using Xcode, and then downloading the profile again. I tried numerous times, but the same error persists via Transporter. I read 'TN3125: Inside Code Signing: Provisioning Profiles', which mostly covers how to inspect the contents of the profile, but not how to troubleshoot errors. Any suggestions on how to drill down further with this error is appreciated. Thanks.

Thanks, I just copied my distribution profile to PATHmanager.app/Contents/embedded.provisionprofile, re-signed the .app bundle and executable, and uploaded the pkg file using Transporter, which returns: Show Progress: Verify failed. Validation failed Invalid Code Signing. The executable 'com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/MacOS/PATHmanager' must be signed with the certificate that is contained in the provisioning profile. (ID: 1810bc78-dcce-483f-b641-239894446e0d) I'm confused. How I can match up the profile (shown below) with the cert? Thanks again. macOS_Distribution_Profile.plist

security find-identity -v B9C100CC75910543E3FCD9AE63357AE4E2736723 "Apple Development: Harroll Dean Castle (76CZ7DC9QM)" D67F1D2EE9FC682B0BDAFDA1924936335C6E7595 "Apple Distribution: Chip Castle Dot Com, Inc. (BXN9N7MNU3)" D99EF2166A4F18DC4DA375C39F20F3DF2656E841 "3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)" 3 valid identities found

1. Unpack profile: security cms -D -i distribution/PATHmanager.app/Contents/embedded.provisionprofile -o profile.plist (attached profile.plist) profile.plist 2. Extract the cert chain: codesign --display --extract-certificates distribution/PATHmanager.app openssl x509 -in codesign0 -inform der -text > leaf (attached leaf) leaf 3. Serial number for leaf: λ head leaf Certificate: Data: Version: 3 (0x2) Serial Number: 4a:9a:24:59:ac:96:e8:e8:45:f6:71:ab:59:b8:69:32 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Apple Worldwide Developer Relations Certification Authority, OU=G3, O=Apple Inc., C=US Validity Not Before: Mar 1 00:37:19 2025 GMT Not After : Mar 1 00:37:18 2026 GMT 4. What part of the profile should I compare to the leaf serial number? λ shasum leaf ce0e2fc70a9bde62745332b843ef650a918a39dc leaf

Thanks for detailed commands! That really helped. I found the matching profile, copied it over to embedded.provisionprofile, resigned the executable & bundle, and uploaded using Transporter. Received "missing an application identifier" error and fixed it from https://developer.apple.com/forums/thread/748589?login=true and TestFlight, Provisioning Profiles, and the Mac App Store Uploaded & Validated w/ Transporter, but received an email about: ITMS-91109: Invalid package contents - The package contains one or more files with the com.apple.quarantine extended file attribute, such as “com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/embedded.provisionprofile”. This attribute isn’t permitted in macOS apps distributed on TestFlight or the App Store. Please remove the attribute from all files within your app and upload again. Attempted to remove extended attributes as follows (sudo had no effect): ~/Desktop/distribution/PATHmanager.app/Contents λ xattr embedded.provisionprofile com.apple.macl ~/Desktop/distribution/PATHmanager.app/Contents λ xattr -c embedded.provisionprofile ~/Desktop/distribution/PATHmanager.app/Contents λ xattr embedded.provisionprofile com.apple.macl ~/Desktop/distribution/PATHmanager.app/Contents λ xattr -d com.apple.macl embedded.provisionprofile ~/Desktop/distribution/PATHmanager.app/Contents λ xattr embedded.provisionprofile com.apple.macl ~/Desktop/distribution/PATHmanager.app/Contents λ ls -l@ embedded.provisionprofile -rw-r--r--@ 1 chip staff 12303 Feb 28 18:57 embedded.provisionprofile com.apple.macl 72 ~/Desktop/distribution/PATHmanager.app/Contents λ xattr -d com.apple.macl:72 embedded.provisionprofile xattr: embedded.provisionprofile: No such xattr: com.apple.macl:72 ~/Desktop/distribution/PATHmanager.app/Contents λ sudo xattr -d com.apple.macl:72 embedded.provisionprofile Password: xattr: embedded.provisionprofile: No such xattr: com.apple.macl:72 ~/Desktop/distribution/PATHmanager.app/Contents ❮ sudo xattr -d com.apple.macl embedded.provisionprofile ~/Desktop/distribution/PATHmanager.app/Contents λ ls -l@ embedded.provisionprofile -rw-r--r--@ 1 chip staff 12303 Feb 28 18:57 embedded.provisionprofile com.apple.macl 72 I've had no trouble using xattr before, so not sure what's happening here. Suggestions are appreciated. Thanks in advance.

~/Desktop/distribution/PATHmanager.app/Contents λ xattr -d com.apple.quarantine embedded.provisionprofile xattr: embedded.provisionprofile: No such xattr: com.apple.quarantine

I have used ack and xattr in an attempt to find where the com.apple.quarantine attribute might exist, but have not found it in the .pkg file I uploaded using Transporter or in any files contained in the .pkg bundle.

Interesting info. Thank you for that. More progess... Find quarantine attribute /tmp λ xar -xf ~/Desktop/PATHmanager.pkg /tmp λ lsbom "com.chipcastle.pathmanager.pkg/Bom" . 0 0/0 ./._PATHmanager.app 40755 0/0 0 0 ./PATHmanager.app 40755 0/0 ./PATHmanager.app/Contents 40755 0/0 ./PATHmanager.app/Contents/._embedded.provisionprofile 100644 0/0 0 0 ./PATHmanager.app/Contents/Info.plist 100644 0/0 1415 2301784519 ./PATHmanager.app/Contents/MacOS 40755 0/0 ./PATHmanager.app/Contents/MacOS/PATHmanager 100755 0/0 856344832 790394002 ./PATHmanager.app/Contents/PkgInfo 100644 0/0 8 742937289 ./PATHmanager.app/Contents/Resources 40755 0/0 ./PATHmanager.app/Contents/Resources/AppIcon.icns 100644 0/0 56310 2265036908 ./PATHmanager.app/Contents/_CodeSignature 40755 0/0 ./PATHmanager.app/Contents/_CodeSignature/CodeResources 100644 0/0 2593 45803994 ./PATHmanager.app/Contents/embedded.provisionprofile 100644 0/0 12303 521235782 /tmp λ cpio -i < "com.chipcastle.pathmanager.pkg/Payload" 1672695 blocks /tmp λ xattr PATHmanager.app com.apple.macl /tmp λ xattr PATHmanager.app/Contents/embedded.provisionprofile com.apple.macl com.apple.metadata:kMDItemWhereFroms com.apple.provenance com.apple.quarantine Remove quarantine attribute /tmp λ xattr -d com.apple.quarantine PATHmanager.app/Contents/embedded.provisionprofile /tmp λ xattr PATHmanager.app/Contents/embedded.provisionprofile com.apple.macl com.apple.metadata:kMDItemWhereFroms com.apple.provenance Bump version number in Info.plist to 1.16 and build /tmp 9s ❮ productbuild --sign '3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)' --identifier 'com.chipcastle.pathmanager' --version '1.16' --component '/tmp/PATHmanager.app' /Applications '/Users/chip/Desktop/PATHmanager.pkg' productbuild: Adding component at /tmp/PATHmanager.app productbuild: Signing product with identity "3rd Party Mac Developer Installer: Chip Castle Dot Com, Inc. (BXN9N7MNU3)" from keychain /Users/chip/Library/Keychains/login.keychain-db productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority" productbuild: Adding certificate "Apple Root CA" productbuild: Wrote product to /Users/chip/Desktop/PATHmanager.pkg productbuild: Supported OS versions: [Min: 12.0, Before: None] Transporter reports sandbox error Validation failed App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/MacOS/PATHmanager" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. (ID: 7a687ea9-a98d-40f2-9553-ecce05ba6e87) Verify sandbox entitlement (see attached file) Not sure what to do here. PATHmanager.entitlements

Thank you for the update. Here's the output: λ codesign -v --deep --strict "PATHmanager.app" PATHmanager.app: invalid Info.plist (plist or signature have been modified) In architecture: arm64 /tmp λ codesign -d --entitlements - "PATHmanager.app" Executable=/private/tmp/PATHmanager.app/Contents/MacOS/PATHmanager [Dict] [Key] com.apple.application-identifier [Value] [String] BXN9N7MNU3.com.chipcastle.pathmanager [Key] com.apple.developer.team-identifier [Value] [String] BXN9N7MNU3 [Key] com.apple.security.app-sandbox [Value] [Bool] true It looks like the entitlement is ok. I'm still wrestling with what is specifically making Info.plist invalid, though.

I think I'm closing in on a solution. Here's what I did to get here: 1. Removed all development gems from Gemfile & bundled bundle install --without development test This removed the date gem, which was the original complaint by macOS, along with other gems (i.e., psych, rdoc, debug). 2. Created executable tebako clean && tebako press --root=/Users/chip/code/ruby/pathos_macos --entry-point=/Users/chip/code/ruby/pathos_macos/bin/pathos_macos -o ~/Desktop/pathos 3. Copied over executable to .app folder cp ~/Desktop/pathos ~/Desktop/distribution/PATHmanager.app/Contents/MacOS/PATHmanager 4. Fixed ownerships (needs further investigation) chown -R chip:staff ~/Desktop/distribution 5. Bumped version number manual file edit in Info.plist & appstore.rb (codesigning script) 6. Ran codesigning script ~/code/ruby/pathos_macos/assets/appstore.rb 7. Uploaded package via Transporter Located at (~/Desktop/PATHmanager.pkg) 8. Test with TestFlight I had to remove myself from QA/Testers on AppStore Connect and then add myself back for it to update the version properly. 9. Discovered error “libui.dylib” can’t be opened because it was not downloaded from the App Store 10. Clicked "Show in Finder" This created ~/Library/Containers/com.chipcastle.pathmanager/Data/tmp/tebako-runtime-20250313-19572-kgrc66 which had a quarantine attribute. I removed it with xattr -d com.apple.quarantine tebako-runtime-20250313-19572-kgrc66 but then the folder was automatically removed. Do you have any suggestions on getting libui.dylib to be accepted? Thanks!

Thanks for the suggestion. I was able to extract libui.dylib by running bundle install with the following configuration: cat ~/code/ruby/pathos_macos/.bundle/config --- BUNDLE_PATH: "vendor/" BUNDLE_WITHOUT: "development:test" This created vendor/ruby/3.3.0/gems/libui-0.1.2-arm64-darwin/vendor/libui.dylib, which I ditto'd over to ~/Desktop/distribution/PATHmanager.app/Contents/Frameworks/libui.dylib I bumped version (as described previously) and ran my codesigning script which signs in the following order (under /Users/chip/Desktop/distribution/PATHmanager.app/): Contents/Frameworks/libui.dylib Contents/MacOS/PATHmanager PATHmanager.app directory After uploading the .pkg file using Transporter, I get this old error: Validation failed (409) App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/MacOS/PATHmanager" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. (ID: dce05eba-fbda-496f-b0fb-31e85eee0152) It's the same entitlements file that I've been using, which does include the com.apple.security.app-sandbox entitlement, so I continue to be puzzled. I'll look into this further and post any updates or progress I've made. Thank you for your continued support. It has been greatly appreciated.

Ok, I had to get some support from the tebako folks before I could reply. Here's the output of the codesign --verify -vvv "PATHmanager.app" command you suggested: Extract pkg contents /tmp λ xar -xf ~/code/ruby/PATHmanager.pkg Verify Bill of Materials /tmp λ lsbom com.chipcastle.pathmanager.pkg/Bom . 0 0/0 ./PATHmanager.app 40755 0/0 ./PATHmanager.app/Contents 40755 0/0 ./PATHmanager.app/Contents/Frameworks 40755 0/0 ./PATHmanager.app/Contents/Frameworks/libui.dylib 100644 0/0 925632 3337342204 ./PATHmanager.app/Contents/Info.plist 100644 0/0 1415 1981579098 ./PATHmanager.app/Contents/MacOS 40755 0/0 ./PATHmanager.app/Contents/MacOS/._PATHmanager 100755 0/0 0 0 ./PATHmanager.app/Contents/MacOS/PATHmanager 100755 0/0 30036560 1901427662 ./PATHmanager.app/Contents/PkgInfo 100644 0/0 8 742937289 ./PATHmanager.app/Contents/Resources 40755 0/0 ./PATHmanager.app/Contents/Resources/AppIcon.icns 100644 0/0 56310 2265036908 ./PATHmanager.app/Contents/_CodeSignature 40755 0/0 ./PATHmanager.app/Contents/_CodeSignature/CodeResources 100644 0/0 2822 2461487254 Check Payload /tmp λ cpio -i < com.chipcastle.pathmanager.pkg/Payload 60595 blocks /tmp λ find com.chipcastle.pathmanager.pkg com.chipcastle.pathmanager.pkg com.chipcastle.pathmanager.pkg/Bom com.chipcastle.pathmanager.pkg/Payload com.chipcastle.pathmanager.pkg/PackageInfo Inspect .app folder contents /tmp λ find PATHmanager.app PATHmanager.app PATHmanager.app/Contents PATHmanager.app/Contents/_CodeSignature PATHmanager.app/Contents/_CodeSignature/CodeResources PATHmanager.app/Contents/MacOS PATHmanager.app/Contents/MacOS/PATHmanager PATHmanager.app/Contents/Resources PATHmanager.app/Contents/Resources/AppIcon.icns PATHmanager.app/Contents/Frameworks PATHmanager.app/Contents/Frameworks/libui.dylib PATHmanager.app/Contents/Info.plist PATHmanager.app/Contents/PkgInfo Verify with codesign /tmp λ codesign --verify -vvv "PATHmanager.app" --prepared:/private/tmp/PATHmanager.app/Contents/Frameworks/libui.dylib --validated:/private/tmp/PATHmanager.app/Contents/Frameworks/libui.dylib PATHmanager.app: valid on disk PATHmanager.app: satisfies its Designated Requirement Conclusion The only thing I see that strange is the ._PATHmanager file when inspecting the BOM. Any suggestions are appreciated. Thank you.

As an update, I was able to remove the AppleDouble file, remove the com.apple.macl extended attribute, and extract the pkg again. This time everything looks normal - no AppleDouble files, no extended attributes on any file in the app bundle, including the binary. Transporter reports the following even though the sandbox property is in the entitlements file: Validation failed (409) App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "com.chipcastle.pathmanager.pkg/Payload/PATHmanager.app/Contents/MacOS/PATHmanager" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. (ID: 784e5cd5-38e6-4b93-be65-640ff87f6d66)