Xcode damages nested executables during Mac App Store submission process

Originator:peter.maurer
Number:rdar://13897215 Date Originated:2013-05-15
Status:Open Resolved:
Product:Developer Tools Product Version:4.6.2
Classification:Serious Bug Reproducible:Always
 
SUMMARY:

Submitting an app that contains a nested executable (in our case, a droplet template) fails with Xcode 4.6.2 on OS X 10.8.3. Xcode validates the (parent) app, uploading via Xcode's Organizer works flawlessly, but a few minutes later, you get an email pointing out a sandboxing problem:

"App sandbox not enabled - The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list. Refer to the App Sandbox page for more information on sandboxing your app.

Name Mangler 3.app/Contents/Resources/Prototype Droplet.app/Contents/MacOS/Prototype Droplet"

This is not true. Examining the Xcode archive that was just uploaded (cf. NOTES) reveals that the executable in question _is_ sandboxed. There don't seem to be any codesigning problems either.


STEPS TO REPRODUCE:

1) Archive an app that contains a nested executable with Xcode 4.6.2 on OS X 10.8.3.
2) Upload via Xcode's Organizer. (Alternatively, export an installer package and upload that via Application Loader. The result is the same.)


EXPECTED RESULTS:

The app's status switches to "Waiting for Review".


ACTUAL RESULTS:

After the app passes validation and Xcode uploads it successfully, the upload is ultimately rejected based on the incorrect assertion that sandboxing is not enabled for the nested executable.


REGRESSION:

Works as expected with Xcode 4.4 on OS X 10.7.5, otherwise following the same steps described above for the unaltered same Xcode project. That's how we got the last three versions of the app into the Mac App Store.

(Not tested: Xcode 4.4 on OS X 10.8.x.)


NOTES:

Attached is a zipped Xcode archive of the affected app, as archived by Xcode 4.6.2 on OS X 10.8.3. This is the very same archive that was rejected by Apple earlier today, before we successfully re-uploaded with Xcode 4.4 on OS X 10.7.5.

Also, if Apple keeps track of failed submissions/uploads, Name Mangler 3's (Bundle ID: com.manytricks.NameMangler.MAS3; Apple ID: 603637384) submission history might be of interest.

Comments

More Workarounds

I just appended the following to the original bug.

--

UPDATE:

People have pointed out alternative workarounds in response to this bug, as posted on OpenRadar. One of these even seems to be officially sanctioned by DTS, but as far as I can tell, that doesn't make it less of a workaround for a genuine bug:

  • https://gist.github.com/pkamb/5585751
  • https://gist.github.com/karstenBriksoft/5308470

I hope this will help with locating the problem!

By peter.maurer at May 16, 2013, 6:23 a.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!