The installer package includes files that are only readable by the root user

Question

Created 2d

Replies 2

Boosts 0

Participants 2

I'm into packaging up my Mac game and want to submit it to the Mac App Store via XCode -> Product -> Archive -> Distribute App.

I'm getting the following error:

Validation failed The installer package includes files that are only readable by the root user. This will prevent verification of the application's code signature when your app is run. Ensure that non-root users can read the files in your app.

I've created post build and post package hooks in xcode that list out the files do a debug log file, but there is no single file that is root only or having not 755 as rights.

Any idea what I can change to fix this? Is this even something I can influence? Or is this a App Store connect issue?

Thanks Martin

Bildschirmfoto 2025-06-19 um 11.34.42.png

Answered by DTS Engineer in 844756022

It’s hard to say what’s causing this, but I do have suggestion for how to debug it. If you choose Distribute App > Custom > App Store Connect > Export, you get a copy of the installer package that would have been submitted if you’d chosen the Upload option. You can then dig into the installer package to see what’s what.

There are a couple of really good third-party apps to dig into installer packages. Alternatively, you can pull them apart by hand as explained in Unpacking Apple Archives.

Once you know what file is causing the problem, you can then work backwards through your build system to see how it got that way.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

1d

Recommended

It’s hard to say what’s causing this, but I do have suggestion for how to debug it. If you choose Distribute App > Custom > App Store Connect > Export, you get a copy of the installer package that would have been submitted if you’d chosen the Upload option. You can then dig into the installer package to see what’s what.

There are a couple of really good third-party apps to dig into installer packages. Alternatively, you can pull them apart by hand as explained in Unpacking Apple Archives.

Once you know what file is causing the problem, you can then work backwards through your build system to see how it got that way.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

MartinSchultz72 OP

11h

Thanks for the hints. I used a tool called "suspicious package" to inspect the created PKG file and I went through all files. The only file that has "other" -> none rights is the "embedded.provisionprofile" file.

As far as I understand the process (and with help of ChatGPT), this file is only created in the final packaging process, as I don't see the "embedded.provisionprofile" in the xcarchive file.

So how to change that? If the xcode achives tool is auto handling the sigingin and packaging, why does it then create a file with wrong permissions? Or am I understanding something wrong?

Thanks for your help. Martin

Bildschirmfoto 2025-06-21 um 11.29.56.png

0