MacOXS build - CFBundleIdentifier Collision

Hello,
we want to build our game for MacOSX and we follow the guide from here Unity - Manual: Build and distribute a macOS application

After we have signed and created the .pkg file we use the Apple Loader to upload the .pkg file to the store but we get validation errors:

Package Summary:

1 package(s) were not uploaded because they had problems:

/var/folders/yb/qjlx44tj1n30hzh8v5tmf01c0000gn/T/D5CF237D-F723-451C-873B-331BAA88C1C5/1123591916.itmsp - Error Messages:

ERROR ITMS-90511: “CFBundleIdentifier Collision. The Info.plist CFBundleIdentifier value ‘com.unity.purchasing.unitypurchasing’ of ‘worditout.app/Contents/Plugins/unitypurchasing.bundle’ is already in use by another application.”

ERROR ITMS-90296: “App sandbox not enabled. The following executables must include the “com.apple.security.app-sandbox” entitlement with a Boolean value of true in the entitlements property list: [( “com.lazyland.worditout-el-osx.pkg/Payload/worditout.app/Contents/MacOS/worditout” )] Refer to App Sandbox page at https://developer.apple.com/devcenter/mac/app-sandbox/ for more information on sandboxing your app.”

Also, we have a warning:

WARN: WARNING ITMS-90239: “Invalid Signature. Code object is not signed at all. The binary at path [worditout.app/Contents/Plugins/unitypurchasing.bundle/Contents/MacOS/unitypurchasing] contains an invalid signature. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult About Code Signing

It seems we cant figure out the problem in our whole process, we aren’t sure what to do concerning the “unitypurchasing.bundle”…

Any help would be greatly appreciated.

Kind regards,
John.

We had some progress concerning this issue, but we still get a rejection from Apple…

We advise including the ‘com.apple.security.network.client’ entitlement if your app connects to the Internet.We look forward to reviewing your revised binary.Best regards,App Store Review

What we did to bypass the previous Application Loader errors you will ask. You can see it in the “MyBuildPostprocessor.cs” file I am attaching you.

So, we create a .plist + .entitlements on the fly and put the first one inside the .app (inside the Contents root folder) and we use the other one in order to sign EVERYTHING inside the .app (including the unity purchasing.bundle and some .dylibs found inside the Frameworks folder. Yes, we needed to sign EVERYTHING in order to pass phase 1 and 2 of the verification).

So, we are now in a situation where we don’t know what else to do.
We tried to copy and paste the .entitlements file inside the Contents root folder of the .app but we get a rejection email immediately from Apple saying the following:

Dear developer,
We have discovered one or more issues with your recent delivery for “Ποια λέξη;”. To process your delivery, the following issues must be corrected:
Invalid Signature - The main app bundle Ποια λέξη; at path worditout.app has following signing error(s): --prepared:/Volumes/data01/app_data/dstr/mz_5259608710386326893dir/mz_7421766441859889417dir/com.lazyland.worditout-el-osx.pkg/Payload/worditout.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib --validated:/Volumes/data01/app_data/dstr/mz_5259608710386326893dir/mz_7421766441859889417dir/com.lazyland.worditout-el-osx.pkg/Payload/worditout.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib --prepared:/Volumes/data01/app_data/dstr/mz_5259608710386326893dir/mz_7421766441859889417dir/com.lazyland.worditout-el-osx.pkg/Payload/worditout.app/Contents/Frameworks/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib --validated:/Volumes/data01/app_data/dstr/mz_5259608710386326893dir/mz_7421766441859889417dir/com.lazyland.worditout-el-osx.pkg/Payload/worditout.app/Contents/Frameworks/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib /Volumes/data01/app_data/dstr/mz_5259608710386326893dir/mz_7421766441859889417dir/com.lazyland.worditout-el-osx.pkg/Payload/worditout.app: code object is not signed at all In subcomponent: /Volumes/data01/app_data/dstr/mz_5259608710386326893dir/mz_7421766441859889417dir/com.lazyland.worditout-el-osx.pkg/Payload/worditout.app/Contents/worditout.entitlements . Refer to the Code Signing and Application Sandboxing Guide at Documentation Archive and Technical Note 2206 at Technical Note TN2206: macOS Code Signing In Depth for more information.
Unable to Sign - This package doesn’t meet the current code signing requirements. For more information, see the Code Signing and Application Sandboxing Guide and Technical Note 2206.
Specifically, codesign generated the following error:

com.lazyland.worditout-el-osx.pkg/Payload/worditout.app: code object is not signed at all
In subcomponent: com.lazyland.worditout-el-osx.pkg/Payload/worditout.app/Contents/worditout.entitlements

So, we can’t just copy and paste the .entitlements file inside the .app (as we thought that may be the cause of the rejection).

Any help would be greatly appreciated.

Kind regards,
John.

2690122–190267–MyCustomBuildProcess.cs (1.66 KB)

From your other post seems you have solved this?

1 Like

Yes, we solved it, we sent an email to the Apple Developer Technical Support and they told us the following:

I’m responding to your question about App Sandbox.
I checked your app in iTunes Connect, and it shows that your app does have the required entitlement.
I let Mac App Review know, and they agreed that your app should not have been rejected. They will continue with the review.
Best regards,
—gc

so it seems the app WAS indeed signed properly and all entitlements were ok, we shouldn’t embed anything at all…

The problem we have now is that our properly signed .app doesnt have internet access at all and the reviewer rejects it once more…

We are pulling our hair to understand what is the problem with the WWW class and a signed MacOSX build binary!!

My older self, after 2 years returns to this thread and consults the younger John:

You should put the following to your .entitlements file

com.apple.security.app-sandbox : true
com.apple.security.network.server : true
com.apple.security.network.client : true

1 Like