In trying to upload to appstoreConnect an app, using Xojo’s new signing and notarising details I hit the following problems:
If I use the ID from the Distribution certificate - I get the error “Error Retrieving the AppID from the App Store”. Yet, as far as I can see the bundleID is the same on the app as in the store.
If I use the ID from the Developer certificate - I get the error “The Developer ID value has to be the full Apple Distribution string”
Thoughts?
Have you created a record for the app at appstoreconnect.apple.com?
So, I have determined that I should be using the ID from the Distribution Certificate. But now, by using Transporter to upload the app, I get the message…
Validation failed (409)
Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. According to the provisioning profile, the bundle contains a key value that is not allowed: ‘XXXXXXX.biz.iThought.PhotoFiler2MAS’ for the key ‘com.apple.application-identifier’ in ‘biz.iThought.PhotoFiler2MAS.pkg/Payload/PhotoFiler 3.xx.app/Contents/MacOS/PhotoFiler 3.xx’ (ID: YYYYYY)
Where XXXXXX is the Distribution Certificate code.
I have downloaded a new provisioning profile for the mac, with the correct bundleID but still seems to give the same error.
Besides the entitlements or AppID error message… one thing that is really odd to me is the pkg file using the bundle identifier as the file name instead of the app name.
“biz.iThought.PhotoFiler2MAS.pkg”
Should be
“PhotoFiler 3.xx.pkg”
Also, I would recommend not to use version numbers in the app name… because that simply doesn’t make sense on an app distributed to the MAS (so the app name should be just “PhotoFiler”)
This plagued me for weeks prior to going on holiday. I fixed it and now can’t remember the solution. I will continue to look. I’m pretty sure it involved adding something to the plist. It wouldn’t work with Xojo’s built in signing or AppWrapper.
In looking at the Provisioning Profile in Developer.apple I noted that it said status Invalid!
Ah I thought, found it. Deleted old one, created new one, downloaded and installed (ish).
Still same problem on publish or upload using Transporter.
As for the entitlements error message… maybe you’re enabling entitlements during the Provisioning profile creation that are not really required / used by your app?
Also, during the provisioning profile creation, did you choose the right option? → Mac App Store Connect and, then, in the next page… just Mac instead of Mac Catalyst?
Xojo:
Bundle Identifier: biz.iThought.PhotoFiler2MAS
Developer ID: Apple Distribution: iThought LLC (XXXXXXX)
AppStoreConnect
Bundle ID: biz.iThought.PhotoFiler2MAS
developer.apple
Provisioning: App ID: PhotoFiler 3 (biz.iThought.PhotoFiler2MAS)
Identifiers: Bundle ID: biz.iThought.PhotoFiler2MAS (explicit)
App: plist
CFBundleIdentifier
biz.iThought.PhotoFiler2MAS
What else to check?
Possible - will double check - though that’s not what the message says.
Yes, that’s correct.
Apple’s messages related with “everything this” doesn’t always point to the right cause of the problem… (by personal experience). And exactly that message is the one that can lead to enabled entitlements that are not required / used / set by the app.
Forgot to ask… have you enabled Sandboxing in the Xojo project and set the entitlements in its associated setup window?
Yes
I did send a private message to you to see if you can send over the Distribution Profile so I can look into it… just to see if I can see “something else” there.
Have just sent.
But failed due to no-reply@xojo.com
And doesn’t want to recognise file type in upload in forum.
Just send it to javier [at] xojo [dot] com
Some sources have suggested adding a new entitlement for com.apple.application-identifier. Is this possible within Xojo?
That one is automatically added by Xojo when Publish is selected.
Yes, I see it here.
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict>
<key>com.apple.application-identifier</key><string>XXXXXXXX.biz.iThought.PhotoFiler2MAS</string>
<key>com.apple.developer.team-identifier</key><string>XXXXXXXX</string>
<key>com.apple.security.app-sandbox</key><true/>
<key>com.apple.security.assets.movies.read-write</key><true/>
<key>com.apple.security.assets.music.read-write</key><true/>
<key>com.apple.security.assets.pictures.read-write</key><true/>
<key>com.apple.security.device.usb</key><true/>
<key>com.apple.security.files.downloads.read-write</key><true/>
<key>com.apple.security.files.user-selected.read-write</key><true/>
</dict></plist>
But I note that the team-identifier is the same as the front end of the application-identifier. Correct?
I have 2 problems with this app at present, and I wonder if they are somehow inter-related.
This latter function works OK before the app is sandboxed, but fails to detect connected cameras/phones when sandboxed.
Not sure if you really need these. Also, probably you should enable the Camera entitlement under Sandboxing?