Hi Quinn and others, I'm trying to add a Provision Profile for an existing Mac App Store application (without using Xcode) and I'm having some troubles. I've determined that the Entitlements in the Profile must match the entitlements used when signing the application. Question 1 I do not seem able to add any "App Sandbox" entitlements to the identifier via the online system. https://developer.apple.com/account/resources/identifiers/bundleId/edit/PK866636VQ Can someone please point me in the right direction or explain what I am missing? Question 2 Now that I am able to read provision profiles, I assume that if I reverse the process I can create them (and thus ensure the entitlements matches my application). However I of course can't create a signed profile using Apple's certificates only my developer certificates that I rent from Apple. I assume that the profile must be signed by "Mac OS X Provisioning Profile Signing", in order to be accepted by the Mac App Store (and various code signing services). Question 3 Is there an API I can use to submit my application's entitlements to the Apple service and then download a provision profile?

The framework layout doesn't meet Apple's Bundle Guidelines. Everything is in the root of the bundle, with no "Versions" folder. I suspect it works because the main executable and the "Resources" folder are in the root. However Code sign doesn't complain about it either, unlike some other incorrectly formatted bundles. I ask because the documentation for bundle structures hasn't been updated since 2017 (https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFBundles/BundleTypes/BundleTypes.html#//apple_ref/doc/uid/10000123i-CH101-SW1) and I am wondering if there is newer documentation or perhaps Framework bundles no longer need to organized according to that documentation.

Was under the impression that all executable components needed to be signed with the same certificate as the bundle. However I've just encountered a recently Notarized application where that isn't the case. These components are in the "/Contents/Resources/" folder of the main bundle. While I can suggest the developer to sign these with the same identity and move them to a more suitable location. It would appear that codesign, GateKeeper and Notarization has accepted these. Or are these restrictions for the Mac App Store only?

Trying to upload an application for Notarization, fails with the following error message. Any ideas? 2021-04-22 12:32:29.127 altool[71379:2755143] Error: Error: Could not find or load main class Drive.Moved Caused by: java.lang.ClassNotFoundException: Drive.Moved 2021-04-22 12:32:29.138 altool[71379:2755143] Out: ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "urlsNotAllowedInSupportForums" plist version="1.0" dict keyos-version/key string11.2.3/string keyproduct-errors/key array dict keycode/key integer-18000/integer keymessage/key stringCould not find or load main class Drive.Moved/string keyuserInfo/key dict keyNSLocalizedDescription/key stringCould not find or load main class Drive.Moved/string keyNSLocalizedFailureReason/key stringCould not find or load main class Drive.Moved/string keyNSLocalizedRecoverySuggestion/key stringCould not find or load main class Drive.Moved/string /dict /dict /array keytool-path/key string/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework/string keytool-version/key string4.029.1194/string /dict /plist