Can a macOS desktop AIR app be distributed through the Mac App Store?

[ciacob]

I learned via this forum that I needed to add these entitlements to my bundled app:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>com.apple.security.cs.allow-dyld-environment-variables</key>
  <true/>
  <key>com.apple.security.cs.allow-jit</key>
  <true/>
  <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
  <true/>
  <key>com.apple.security.cs.disable-library-validation</key>
  <true/>
</dict>
</plist>

However, I hear that:

• com.apple.security.cs.allow-dyld-environment-variables is effectively forbidden;
• com.apple.security.cs.allow-jit is extremely restricted;
• com.apple.security.cs.allow-unsigned-executable-memory triggers near automatic rejection;
• com.apple.security.cs.disable-library-validation is only sometimes allowed.

Does anybody here know this better than me? I am willing to learn. Also, did anyone here successfully published a desktop macOS app (i.e., NOT an iOS app) on the Mac App Store?

Thank you.

[pol2095]

I submitted an app successfully last week on the Mac App Store

adt -sign... (3rd Party Mac Developer Application...)
add automatically

        <key>com.apple.security.cs.allow-jit</key>
        <true/>
        <key>com.apple.security.cs.allow-dyld-environment-variables</key>
        <true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
        <key>com.apple.security.cs.disable-library-validation</key>
        <true/>

I added too

	<macOS>
        <InfoAdditions>
            <![CDATA[
				<key>LSApplicationCategoryType</key>
				<string>public.app-category.utilities</string>
			]]>
        </InfoAdditions>
		<Entitlements>
			<![CDATA[
				<key>com.apple.application-identifier</key>
				<string>RSXXXXXXXX.com.name.myApp</string>
				<key>com.apple.developer.team-identifier</key>
				<string>RSXXXXXXXX</string>
				<key>com.apple.security.app-sandbox</key>
				<true/>
				<!-- To allow the Powerbox -->
				<key>com.apple.security.files.user-selected.read-write</key>
				<true/>
				<!--<key>com.apple.security.network.client</key>
				<true/>-->
				<!--<key>com.apple.security.files.bookmarks.app-scope</key>
				<true/>-->
			]]>
		</Entitlements>
	</macOS>

it's neccessary to add a provisionprofile like iOS too

and finnaly create a pkg using productbuild... (3rd Party Mac Developer Installer...) and submit it using Transporter app

[ajwfrost]

Hi @ciacob - yes documentation on all of this is probably a little overdue .. there are some posts that have described the overall end-to-end process, primarily on #2088 - but it would be better for them to be updated and kept centrally on that airsdk.dev website!

We'll try to get some step-by-step instructions uploaded ..

thanks

[marchbold]

There already is this one I wrote but I believe it needs a few updates and needs an addition about the final steps for app store:

https://airsdk.dev/docs/tutorials/platform/macos/creating-macos-pkg-files

[pol2095]

@marchbold
for Mac App Store, the app should not be notarized, just signed.

and to try the sandbox on your Mac, comment :

<!--<key>com.apple.application-identifier</key>
<string>RSXXXXXXXX.com.name.myApp</string>
<key>com.apple.developer.team-identifier</key>
<string>RSXXXXXXXX</string>-->

and sign the app

[marchbold]

Yes I realised after I posted that I hadn't put the app store stuff up there. Feel free to do a pr to update it!

[ajwfrost]

I've just looked at this again and am wondering if we need to split it out or restructure it a little because that article seems more focused on creating a PKG file for distribution outside of the app store. So essentially we have two routes which are similar up to a point:

• Creation of an application for App Store distribution
• Creation of an application for Developer ID distribution

Then there are differences:

• How to prepare and upload via Transporter
• How to prepare for Developer ID Installer pkg files

Some of the steps can be simplified a little due to updates we've made to ADT, but it may also be possible to create more such updates to simplify it further!

[pol2095]

I created an ANE that support Security Scoped Bookmarks for Mac App Store Sandbox.