I've had an app submission rejected from the Mac App Store with the vague feedback that it's incorrectly sandboxed. The app includes a couple of command-line helper tools bundled with it. While I've asked Apple for more details, I've also run across the more stringent requirements for code-signing (all executable code in the app bundle must be code-signed).
It was my understanding that using codesign --deep
would recursively walk my app bundle and sign all Mach-O executables with the same set of entitlements, so I thought this would take care of the CLI tools.
However, when I attempt to verify the signature on one of the CLI tools, I get this output:
MyApp.app/Contents/lib/helper/helpertool: code object is not signed at all.
So I'm a bit confused, especially when the app bundle itself passes verification:
codesign --deep --verify --verbose=4 MyApp.app: valid on disk,satisfies its Designated Requirement.
Can anyone suggest to me what I may be doing wrong here--why the CLI tools don't appear to be signed/sandboxed? Is there anything else I am missing here? (I build my app using a shell script rather than Xcode, but that shouldn't make a difference as far as I can tell.)
These links answered the question for me:
Mac OS app, sandbox with command line tool?
How to sandbox a command line tool?
Very cool.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.