forge
forge copied to clipboard
electron
Asset validation failed (90296) App sandbox not enabled.
Pre-flight checklist
- [X] I have read the contribution documentation for this project.
- [X] I agree to follow the code of conduct that this project uses.
- [X] I have searched the issue tracker for a bug that matches the one I want to file, without success.
Electron Forge version
6.2.1
Electron version
17.0.0
Operating system
MacOS 13.1
Last known working Electron Forge version
No response
Expected behavior
Adding osxSign: {} inside packagerConfig it should add "com.apple.security.app-sandbox" entitlement with a Boolean value of true.
Actual behavior
Getting error,
Asset validation failed (90296) App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list
Steps to reproduce
Here is my forge.config.js
module.exports = { packagerConfig: { asar: true, icon: "src/icons/mac/icon.icns", name: "XXXXX", appBundleId: "com.app.XXXX", appVersion: "1.0.3", buildVersion: "1.0.4", setupIcon: "src/icons/mac/icon.icns", osxSign: {}, }, makers: [ { name: "@electron-forge/maker-pkg", config: { "identity": "3rd Party Mac Developer Installer: XXXXXXXXX (XXXXXXXX)", "identity-validation": true } }, ], plugins: [ { name: '@electron-forge/plugin-auto-unpack-natives', config: {}, }, ], };
Additional information
No response
Adding osxSign: {} inside packagerConfig it should add "com.apple.security.app-sandbox" entitlement with a Boolean value of true.
What command are you running, the app-sandbox entitlement is only provided when packaging and signing a mas platform build.
E.g. electron-forge make --platform=mas
@MarshallOfSound I'm running electron-forge make --platform=mas --arch=x64
@ndebartha it might not solve your entire problem, but the app store requires universal binaries, so a x64 only upload will not be accepted AFAIK.
@ndebartha did you solve this? I am experiencing the same issue. My MAS builds are being rejected due to at least the missing sandbox entitlement.
@ransome1 BTW I use my own custom entitlements files like this:
distribution.entitlements
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>com.my-company</string>
</array>
</dict>
</plist>
child.entitlements
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
forge.config.js
osxSign: {
identity: 'Apple Distribution',
platform: 'mas',
preAutoEntitlements: false,
optionsForFile: (filePath) => {
let name = 'distribution';
if (filePath.includes('Helper')) {
name = 'child';
}
return {
entitlements: name + '.entitlements'
};
}
};
I faced the same issue and discovered the cause after two days of troubleshooting. The certificates needed for signing DMG and PKG files are different, and there appears to be a problem with the automatic selection by osx-sign. To resolve this, you need to explicitly specify the identity for signing. Here's the configuration you should use:
{
osxSign: {
identity: "Apple Distribution: xxxxxxxx", // required
},
makers: [
new MakerDMG(),
new MakerPKG({
identity: "Mac Installer Submission: xxxxxxxx", // optional
}),
]
}
