Embedding a command-line tool to Application

Question

joel2001k OP

Created 3d

Replies 7

Boosts 0

Participants 2

Hi,

I need to bundle an additional binary along my yet published application.

It is a Audio Unit test application.

My yet published application implemented Audio Unit plugin support.

But upload is always rejected:

Validation failed (409)
Invalid Provisioning Profile. The provisioning profile included in the bundle com.gsequencer.GSequencer [com.gsequencer.GSequencer.pkg/Payload/com.gsequencer.GSequencer.app] is invalid. [Missing code-signing certificate.] For more information, visit the macOS Developer Portal. (ID: ****)

I have followed the instructions here: Embedding a helper tool in a sandboxed app

but no luck. Does anyone know whats going on?

I use Transporter to upload the application, the embedded.provisioningprofile is copied from Xcode build and code signing is done manually.

Answered by joel2001k in 856342022

Update, removing restricted entitlements from nested executable helped. As described here:

TestFlight, Provisioning Profiles, and the Mac App Store

Now it is going to be processed.

com.gsequencer.GSequencer.app/Contents/MacOS/com.gsequencer.GSequencer.AudioUnitTest
    com.apple.security.app-sandbox: true
    com.apple.security.inherit: true

Boost

Answer 1

joel2001k OP

3d

Might be because I have added additional entitlements? Especially "com.apple.security.temporary-exception.audio-unit-host" and "com.apple.security.inherit".

I think it will bypass sandbox.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.app-sandbox</key>
	<true/>
	<key>com.apple.security.inherit</key>
	<true/>
	<key>com.apple.security.assets.music.read-write</key>
	<true/>
	<key>com.apple.security.device.audio-input</key>
	<true/>
	<key>com.apple.security.device.microphone</key>
	<true/>
    <key>com.apple.security.temporary-exception.audio-unit-host</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
    <key>com.apple.security.files.bookmarks.document-scope</key>
    <true/>
    <key>com.apple.security.files.bookmarks.app-scope</key>
    <true/>
    <key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
     <array>
              <string>com.apple.midiserver</string>
              <string>com.apple.midiserver.io</string>
     </array>
	<key>com.apple.security.network.server</key>
	<true/>

  ...

</dict>
</plist>

0

Answer 2

joel2001k OP

3d

Update, I removed the entitlement com.apple.security.temporary-exception.audio-unit-host.

Then uploading worked, again. But now I get following error:

"Cannot be used with TestFlight because the executable “${executable}” in bundle “${bundle}” is missing a provisioning profile but has an application identifier in its signature. Nested executables are expected to have provisioning profiles with application identifiers matching the identifier in the signature in order to be eligible for TestFlight." (90885)

0

Answer 3

joel2001k OP

3d

In TestFlight permissions look like following:

com.gsequencer.GSequencer.app/Contents/MacOS/com.gsequencer.GSequencer
    com.apple.security.device.microphone: true
    com.apple.application-identifier: ****.com.gsequencer.GSequencer
    com.apple.security.device.audio-input: true
    com.apple.security.network.server: true
    com.apple.security.assets.music.read-write: true
    com.apple.security.files.bookmarks.document-scope: true
    com.apple.developer.team-identifier: ****
    com.apple.security.temporary-exception.mach-lookup.global-name: ( "com.apple.midiserver", "com.apple.midiserver.io" )
    com.apple.security.inherit: true
    com.apple.security.app-sandbox: true
    com.apple.security.files.bookmarks.app-scope: true
    com.apple.security.files.user-selected.read-write: true
com.gsequencer.GSequencer.app/Contents/MacOS/AudioUnitTest
    com.apple.security.device.microphone: true
    com.apple.application-identifier: ****.com.gsequencer.GSequencer
    com.apple.security.device.audio-input: true
    com.apple.security.network.server: true
    com.apple.security.assets.music.read-write: true
    com.apple.security.files.bookmarks.document-scope: true
    com.apple.developer.team-identifier: ****
    com.apple.security.temporary-exception.mach-lookup.global-name: ( "com.apple.midiserver", "com.apple.midiserver.io" )
    com.apple.security.inherit: true
    com.apple.security.app-sandbox: true
    com.apple.security.files.bookmarks.app-scope: true
    com.apple.security.files.user-selected.read-write: true

But why can't I use it in TestFlight?

0

Answer 4

joel2001k OP

2d

Accepted Answer

Update, removing restricted entitlements from nested executable helped. As described here:

TestFlight, Provisioning Profiles, and the Mac App Store

Now it is going to be processed.

com.gsequencer.GSequencer.app/Contents/MacOS/com.gsequencer.GSequencer.AudioUnitTest
    com.apple.security.app-sandbox: true
    com.apple.security.inherit: true

0

Answer 5

DTS Engineer OP

Apple

2d

There’s a lot to unpack here so I’m gonna start with your overall goal. What’s the purpose of this tool? Do you expect users to run it from Terminal? Or are you planning to run it as a child process form your main app?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1

Answer 6

joel2001k OP

2d

It is available for test. now.

0

Answer 7

DTS Engineer OP

Apple

1d

It is intended to be a child process of the main app.

OK. Then com.apple.security.app-sandbox and com.apple.security.inherit is a good place to start.

It is available for test. now.

Yay! Lemme know if you hit any other snags.

ps It’s better to reply as a reply, rather than in the comments; see Quinn’s Top Ten DevForums Tips for this and other titbits.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0