Testing entitlements

Let’s say I compile and sign my app in preparation for MAS distribution, including entitlements, and build the installer. Then let’s say I use the installer, validate my app with Apple, and it launches. If I try all the features and they all work, does that mean that I included all the entitlements I needed to include?

I’d think so. But you can test entitlements in debug builds using build automation.

You mean, allow my script to codesign the debug build? Without entitlements, there was no advantage to that, but now I’ll consider it.

Exactly. Have a post build sign it with the entitlements in place, and your debug build will be sandboxed. Makes it closer to the final build, which means better debugging of course.

Within the script, to tell if I am compiling a final or a debug version, I look for “.debug.app” at the end of the name. Is there a better way?

Dunno, I’ve never needed to detect the debug app specifically.

Depending on the value of certain constants within the project, my script will build the installer for the App Store and delete the executable. Clearly this step has to be skipped when debugging, which is why I need to know the difference.

I’ll look around more and file and feature request if I can’t find it.

I used to build apps in the same fashion, build them first and then debug Sandbox violations. Earlier on this year I came up with App Wrapper Mini, since then I’ve been settings the entitlements when I start working on the project so all through development I’m working with a Sandboxed app.

However from what you say, I’d suspect that you’re entitlements are working correctly.

I ask because I use a shell command (ditto) within the app, and nothing complains.

ditto should be fine as long as your app has access to the source file(s) and the target file/destination.

Yeah, all within Temporary.

You could use two different post-build scripts. One that works on debug only, one release only.

That would require a lot of duplication of code, so I’d rather not. Testing the name seems to do the trick though.

I erred in my previous post, btw. The way to check seems to be this:

  dim isReleaseVersion as boolean = CurrentBuildAppName.Right( 6 ) <> ".debug"